Dobrý den. Minulý týden se mi na počítači objevila zpráva od policie Čr, že mám zablokovaný prohlížeč (Mozilla) a soubory, a mám zaplatit pokutu 2 tisíce. Povedlo se mi správcem úloh zavřít Mozilu a poté jsem byl na ploše a spustil jsem Malwarebytes, který našel dvě věci a ty jsem smzal. Včera jsem ještě použil RogueKiller a ten našel 2 věci a falešný ovladač k Mozille. Počítač se chová normálně (snad), ale nejsem si jistý, jestli jsem se těch virů opravdu zbavil a prosím o kontrolu. Logy přikládám. A ten falešný ovladač tam je stále. Děkuji ralcar.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Radim at 2014-02-07 18:08:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (15%) free of 114 GB
Total RAM: 2558 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:39, on 7.2.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Radim\Plocha\RSIT.exe
C:\Program Files\trend micro\Radim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4879006000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
--
End of file - 6605 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GlaryInitialize 4.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
C:\WINDOWS\tasks\WinZipDriverUpdater_UPDATES.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\
WebSiteRecommendation@weliketheweb.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-11 194128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12 4532096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-08 1001936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-03 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-11 194128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2012-11-27 393728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Aplikace\Balicky\j2re1.4.2_03\bin\java.exe"="C:\Aplikace\Balicky\j2re1.4.2_03\bin\java.exe:*:Enabled:java"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Aplikace\Balicky\asa\win32\dbeng7.exe"="C:\Aplikace\Balicky\asa\win32\dbeng7.exe:*:Enabled:Adaptive Server Anywhere Database Engine"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Aplikace\Balicky2013\jre\bin\java.exe"="C:\Aplikace\Balicky2013\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\Serviio\bin\ServiioService.exe"="C:\Program Files\Serviio\bin\ServiioService.exe:*:Enabled:Serviio"
"C:\Program Files\Serviio\bin\ServiioConsole.exe"="C:\Program Files\Serviio\bin\ServiioConsole.exe:*:Enabled:Serviio"
"C:\Filmy\Blue Jasmine 2013\WMP x264 Codec Pack.exe"="C:\Filmy\Blue Jasmine 2013\WMP x264 Codec Pack.exe:*:Enabled:Setup Launcher Unicode"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
======File associations======
.js - edit -
.js - open - "C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe" /OPEN("%1")
======List of files/folders created in the last 1 month======
2014-02-07 18:08:16 ----D---- C:\rsit
2014-02-07 18:08:16 ----D---- C:\Program Files\trend micro
2014-02-07 12:49:01 ----A---- C:\WINDOWS\ntbtlog.txt
2014-02-06 10:39:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-02-06 00:28:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2808679$
2014-02-05 23:24:39 ----D---- C:\Program Files\The KMPlayer
2014-02-05 22:23:00 ----D---- C:\Documents and Settings\Radim\Data aplikací\Nico Mak Computing
2014-02-05 22:22:57 ----A---- C:\WINDOWS\system32\roboot.exe
2014-02-05 16:33:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\APN
2014-02-05 14:31:32 ----A---- C:\WINDOWS\system32\drivers\BootDefragDriver.sys
2014-01-29 20:42:58 ----A---- C:\Zástupce - Jednotka CD-ROM.lnk
2014-01-27 18:14:15 ----D---- C:\Documents and Settings\Radim\Data aplikací\DominiGames
2014-01-27 18:08:03 ----D---- C:\Program Files\Kostej Nesmrtelny
2014-01-20 07:59:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2014-01-16 00:24:19 ----D---- C:\ProgramData
2014-01-16 00:24:17 ----A---- C:\WINDOWS\system32\BootDefrag.exe
2014-01-16 00:24:03 ----D---- C:\Program Files\Glary Utilities 4
2014-01-08 03:40:33 ----SHD---- C:\Diskeeper
======List of files/folders modified in the last 1 month======
2014-02-07 18:08:30 ----D---- C:\WINDOWS\Prefetch
2014-02-07 18:08:16 ----RD---- C:\Program Files
2014-02-07 18:07:54 ----D---- C:\Documents and Settings\Radim\Data aplikací\uTorrent
2014-02-07 17:47:14 ----D---- C:\Install
2014-02-07 17:38:44 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-02-07 17:38:42 ----D---- C:\Program Files\Mozilla Firefox
2014-02-07 16:06:21 ----D---- C:\WINDOWS\system32\drivers
2014-02-07 15:54:29 ----D---- C:\WINDOWS\system32
2014-02-07 15:33:28 ----D---- C:\WINDOWS\Temp
2014-02-07 14:38:28 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-07 13:04:34 ----D---- C:\Filmy
2014-02-07 12:53:49 ----D---- C:\WINDOWS\system32\NtmsData
2014-02-07 12:49:01 ----D---- C:\WINDOWS
2014-02-06 07:08:57 ----HD---- C:\WINDOWS\inf
2014-02-06 00:49:21 ----D---- C:\WINDOWS\Microsoft.NET
2014-02-06 00:48:44 ----RSD---- C:\WINDOWS\assembly
2014-02-06 00:31:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-06 00:28:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-06 00:28:51 ----SHD---- C:\WINDOWS\Installer
2014-02-06 00:28:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-06 00:28:21 ----D---- C:\WINDOWS\WinSxS
2014-02-05 22:47:15 ----A---- C:\WINDOWS\NeroDigital.ini
2014-02-05 22:23:05 ----SD---- C:\WINDOWS\Tasks
2014-02-05 22:05:19 ----D---- C:\Program Files\VideoLAN
2014-02-05 20:02:11 ----D---- C:\WINDOWS\XSxS
2014-02-05 16:12:05 ----D---- C:\Program Files\Windows Media Connect 2
2014-02-05 16:12:01 ----D---- C:\Program Files\Messenger
2014-02-05 16:12:00 ----D---- C:\Program Files\ACDSee32
2014-02-05 14:34:13 ----D---- C:\Program Files\totalcmd
2014-02-05 14:30:27 ----D---- C:\Program Files\CCleaner
2014-02-05 13:37:23 ----AD---- C:\Moje filmy
2014-02-05 00:00:33 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-02 22:50:39 ----D---- C:\Documents and Settings\Radim\Data aplikací\Skype
2014-02-01 19:05:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2014-02-01 19:05:49 ----RD---- C:\Program Files\Skype
2014-02-01 07:55:19 ----D---- C:\WINDOWS\system32\LogFiles
2014-02-01 05:40:30 ----D---- C:\WINDOWS\system32\config
2014-02-01 04:41:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-01-31 20:17:14 ----D---- C:\WINDOWS\pss
2014-01-31 09:20:44 ----RD---- C:\WINDOWS\Web
2014-01-30 10:49:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\VSO
2014-01-19 08:32:23 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2014-01-16 00:24:21 ----D---- C:\Program Files\Glary Utilities
2014-01-16 00:24:21 ----D---- C:\Documents and Settings\Radim\Data aplikací\GlarySoft
2014-01-15 19:52:10 ----D---- C:\Documents and Settings\Radim\Data aplikací\Vso
2014-01-14 21:31:05 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BootDefragDriver;BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [2014-01-22 13504]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2011-07-18 432664]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 DKRtWrt;DKRtWrt; C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys [2011-02-14 38608]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-08-30 6435432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-09-16 846792]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 MpKsl247733c8;MpKsl247733c8; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys []
S1 MpKslb7b84e2a;MpKslb7b84e2a; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys []
S1 MpKslefaba5f7;MpKslefaba5f7; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2011-03-03 2148176]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-28 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-28 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
S3 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S3 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-28 118896]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Serviio;Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [2013-03-22 323584]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
-----------------EOF-----------------
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
http://www.malwarebytes.org
Verze databáze: v2014.01.30.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Radim :: 84B938A95D0145B [administrátor]
Ochrana: Zakázána
30.1.2014 11:10:12
mbam-log-2014-01-30 (11-10-12).txt
Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 283629
Uplynulý čas: 48 minut, 10 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 5
C:\System Volume Information\_restore{B37D8448-0A21-40D7-AFFE-06B9B740D657}\RP1012\A0158026.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\Install\Revo Uninstaller Pro v2.5.1\Revo Uninstaller Pro v2.5.1\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\Install\vsoConvertXtoDVD5_setup\Patch\convertxtodvd.5.x.patch.v4.0.final-Cerberus.exe (PUP.Riskware.Patcher) -> Žádná instrukce nebyla provedena.
C:\Install\WinRAR v3.93 CZ\WinRAR v3.93 CZ\Keyfilemaker-CORE\keygen.exe (PUP.RiskwareTool.CK) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{B37D8448-0A21-40D7-AFFE-06B9B740D657}\RP1012\A0158021.exe (PUP.Riskware.Patcher) -> Umístnění do karantény a smazání se zdařilo.
(konec)
RogueKiller V8.8.5 [Feb 3 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : hxxp://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Radim [Práva správce]
Mód : Kontrola -- Datum : 02/06/2014 12:21:24
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
ÿþ1
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1200BEVS-07LAT0 +++++
--- User ---
[MBR] cbdd76dd6c2bfbb164e0218072db8c4c
[BSP] 5fdf83df0a734d986837b18d079676b6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_02062014_122124.txt >>
RKreport[0]_S_02062014_121748.txt
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Policejní virus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Policejní virus
Zdravim 
Nalezy MBAM nechte odstranit, pokud jste to jeste neudelal.
Jelikoz je havet v bodech obnovy, vymazte je http://forum.viry.cz/viewtopic.php?f=46&t=47040
Po vymazani bodu obnovy a restartu pc udeljte novou uplnou kontrolu s MBAM a dejte vedet, jestli neco nasel. Podle toho zvolim dalsi postup.
Nalezy MBAM nechte odstranit, pokud jste to jeste neudelal. Jelikoz je havet v bodech obnovy, vymazte je http://forum.viry.cz/viewtopic.php?f=46&t=47040 Po vymazani bodu obnovy a restartu pc udeljte novou uplnou kontrolu s MBAM a dejte vedet, jestli neco nasel. Podle toho zvolim dalsi postup.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Policejní virus
Tak jsem vymazal body obnovení. Spustil Malwarebytes a ten našel nějaký PUP, tak jsem ho smazal. Vkládám log.
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org
Verze databáze: v2014.02.08.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Radim :: 84B938A95D0145B [administrátor]
Ochrana: Zakázána
8.2.2014 10:29:07
mbam-log-2014-02-08 (10-29-07).txt
Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 280679
Uplynulý čas: 1 hodin, 5 minut,
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 4
C:\Install\Revo Uninstaller Pro v2.5.1\Revo Uninstaller Pro v2.5.1\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\Install\vsoConvertXtoDVD5_setup\Patch\convertxtodvd.5.x.patch.v4.0.final-Cerberus.exe (PUP.Riskware.Patcher) -> Žádná instrukce nebyla provedena.
C:\Install\WinRAR v3.93 CZ\WinRAR v3.93 CZ\Keyfilemaker-CORE\keygen.exe (PUP.RiskwareTool.CK) -> Žádná instrukce nebyla provedena.
C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> Umístnění do karantény a smazání se zdařilo.
(konec)
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org
Verze databáze: v2014.02.08.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Radim :: 84B938A95D0145B [administrátor]
Ochrana: Zakázána
8.2.2014 10:29:07
mbam-log-2014-02-08 (10-29-07).txt
Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 280679
Uplynulý čas: 1 hodin, 5 minut,
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 4
C:\Install\Revo Uninstaller Pro v2.5.1\Revo Uninstaller Pro v2.5.1\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\Install\vsoConvertXtoDVD5_setup\Patch\convertxtodvd.5.x.patch.v4.0.final-Cerberus.exe (PUP.Riskware.Patcher) -> Žádná instrukce nebyla provedena.
C:\Install\WinRAR v3.93 CZ\WinRAR v3.93 CZ\Keyfilemaker-CORE\keygen.exe (PUP.RiskwareTool.CK) -> Žádná instrukce nebyla provedena.
C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> Umístnění do karantény a smazání se zdařilo.
(konec)
Re: Policejní virus
A ty cracky ne?ralcar píše:Spustil Malwarebytes a ten našel nějaký PUP, tak jsem ho smazal.
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Policejní virus
Ty cracky ne. Ty leží ve složce. Jen ten na winrar??? Ještě jsem se zmiňoval, že mi Roguekiller našel falešný ovladač v Mozille, ale nešel smazat, tak jsem ho smazal ručně a přeinstaloval Mozillu, snad to bude v přádku? Vkládám log z Adv
# AdwCleaner v3.018 - Report created 08/02/2014 at 14:21:06
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Radim - 84B938A95D0145B
# Running from : C:\Documents and Settings\Radim\Plocha\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\invalidprefs.js
File Found : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\user.js
Folder Found : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj
Folder Found C:\DOCUME~1\Radim\LOCALS~1\Temp\apn
Folder Found C:\Documents and Settings\All Users\Data aplikací\apn
Folder Found C:\Documents and Settings\Radim\Data aplikací\SimilarSites
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v27.0 (cs)
[ File : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R2].txt - [2269 octets] - [08/02/2014 14:21:06]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2329 octets] ##########
# AdwCleaner v3.018 - Report created 08/02/2014 at 14:21:06
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Radim - 84B938A95D0145B
# Running from : C:\Documents and Settings\Radim\Plocha\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\invalidprefs.js
File Found : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\user.js
Folder Found : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj
Folder Found C:\DOCUME~1\Radim\LOCALS~1\Temp\apn
Folder Found C:\Documents and Settings\All Users\Data aplikací\apn
Folder Found C:\Documents and Settings\Radim\Data aplikací\SimilarSites
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v27.0 (cs)
[ File : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R2].txt - [2269 octets] - [08/02/2014 14:21:06]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2329 octets] ##########
Re: Policejní virus
A jste si jisty, ze jsou ciste? 
Znovu ukoncete vsechny programy a spustte AdwCleaner.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.
Znovu ukoncete vsechny programy a spustte AdwCleaner.Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Policejní virus
To nevím, myslel jsem, že když je neinstaluji, tak nemůžou nic provádět? Vkládám další log. Co je to za klíče ty smazané?
# AdwCleaner v3.018 - Report created 08/02/2014 at 16:34:13
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Radim - 84B938A95D0145B
# Running from : C:\Documents and Settings\Radim\Plocha\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\apn
Folder Deleted : C:\DOCUME~1\Radim\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\Radim\Data aplikací\SimilarSites
[!] Folder Deleted : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj
File Deleted : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Softonic
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v27.0 (cs)
[ File : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R2].txt - [2409 octets] - [08/02/2014 14:21:06]
AdwCleaner[R3].txt - [2469 octets] - [08/02/2014 16:33:04]
AdwCleaner[S1].txt - [2432 octets] - [08/02/2014 16:34:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2492 octets] ##########
# AdwCleaner v3.018 - Report created 08/02/2014 at 16:34:13
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Radim - 84B938A95D0145B
# Running from : C:\Documents and Settings\Radim\Plocha\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\apn
Folder Deleted : C:\DOCUME~1\Radim\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\Radim\Data aplikací\SimilarSites
[!] Folder Deleted : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj
File Deleted : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Softonic
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v27.0 (cs)
[ File : C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R2].txt - [2409 octets] - [08/02/2014 14:21:06]
AdwCleaner[R3].txt - [2469 octets] - [08/02/2014 16:33:04]
AdwCleaner[S1].txt - [2432 octets] - [08/02/2014 16:34:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2492 octets] ##########
Re: Policejní virus
Ty smazane klice patri toolbarum a dalsim brzdam.
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)
Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!
Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Policejní virus
Konzole vytvořena. Ale během skenování se oběvila hláška, že rmbr.3XE nepracuje správně a je třeba jej zavřít, tak jsem to okno zavřel.
ComboFix 14-02-05.02 - Radim 08.02.2014 17:42:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2558.2067 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AA Antimalware
c:\program files\AA Antimalware\AdwareAway_Scan_Result_20130209_183352.log
c:\program files\AA Antimalware\AdwareAway_Scan_Result_20130209_183357.log
c:\program files\AA Antimalware\AdwareAway_Scan_Result_20130209_191032.log
c:\program files\AA Antimalware\debug.log
c:\program files\AA Antimalware\LastScanResult.log
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DIAGNOSTICSCAN
-------\Legacy_START1DRIVER
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-08 do 2014-02-08 )))))))))))))))))))))))))))))))
.
.
2014-02-08 13:20 . 2014-02-08 15:53 -------- d-----w- C:\AdwCleaner
2014-02-08 11:47 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B3BBAA71-37B3-407B-9E4C-309D7D0D1117}\mpengine.dll
2014-02-08 08:56 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-07 17:29 . 2014-01-28 09:08 873352 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2014-02-07 17:29 . 2014-01-28 06:55 272496 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-07 17:29 . 2014-01-28 06:54 22777456 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2014-02-07 17:29 . 2014-01-28 06:54 93808 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2014-02-07 17:29 . 2014-01-28 06:54 142960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2014-02-07 17:08 . 2014-02-07 17:08 -------- d-----w- C:\rsit
2014-02-07 17:08 . 2014-02-07 17:08 -------- d-----w- c:\program files\trend micro
2014-02-07 16:38 . 2014-01-28 06:54 170960 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2014-02-07 16:38 . 2014-01-28 06:54 276592 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2014-02-06 09:39 . 2014-02-06 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-02-05 22:24 . 2014-02-06 09:23 -------- d-----w- c:\program files\The KMPlayer
2014-02-05 21:23 . 2014-02-05 21:24 -------- d-----w- c:\documents and settings\Radim\Data aplikací\Nico Mak Computing
2014-02-05 13:31 . 2014-01-22 01:09 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-01-27 17:14 . 2014-01-27 17:14 -------- d-----w- c:\documents and settings\Radim\Data aplikací\DominiGames
2014-01-27 17:08 . 2014-02-05 15:12 -------- d-----w- c:\program files\Kostej Nesmrtelny
2014-01-20 06:59 . 2014-01-20 06:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2014-01-15 23:24 . 2014-01-15 23:24 -------- d-----w- C:\ProgramData
2014-01-15 23:24 . 2014-01-22 01:16 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-01-15 23:24 . 2014-02-08 09:19 -------- d-----w- c:\program files\Glary Utilities 4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 23:00 . 2012-04-11 11:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 23:00 . 2011-09-10 15:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2011-09-10 15:18 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 20:21 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 03:00 . 2008-04-14 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-07 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2011-07-18 . E3B22F050F840306FD522227F68046C5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-11-27 393728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Aplikace\\Balicky2013\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [5.2.2014 14:31 13504]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [5.1.2014 10:18 38608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7.8.2012 14:33 27632]
S1 MpKsl247733c8;MpKsl247733c8;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys [?]
S1 MpKslb7b84e2a;MpKslb7b84e2a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys [?]
S1 MpKslefaba5f7;MpKslefaba5f7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 10:34 171680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.10.2011 1:39 22856]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.10.2011 1:39 676936]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [7.8.2012 14:38 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [7.8.2012 14:38 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [7.8.2012 14:38 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [7.8.2012 14:38 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [7.8.2012 14:38 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [7.8.2012 14:38 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [7.8.2012 14:38 115752]
S3 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [22.3.2013 15:58 323584]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [7.8.2012 14:38 155824]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:00]
.
2014-02-08 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files\Glary Utilities 4\Initialize.exe [2014-01-22 01:15]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-28 12:35]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-28 12:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: csobpoj.cz\fe
TCP: DhcpNameServer = 8.8.8.8 172.22.52.5
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-08 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2014-02-08 17:53:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-08 16:53
.
Před spuštěním: Volných bajtů: 24 003 788 800
Po spuštění: Volných bajtů: 24 016 748 544
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8F532D9C4EC2C668DF900268FA8A0D83
ComboFix 14-02-05.02 - Radim 08.02.2014 17:42:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2558.2067 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AA Antimalware
c:\program files\AA Antimalware\AdwareAway_Scan_Result_20130209_183352.log
c:\program files\AA Antimalware\AdwareAway_Scan_Result_20130209_183357.log
c:\program files\AA Antimalware\AdwareAway_Scan_Result_20130209_191032.log
c:\program files\AA Antimalware\debug.log
c:\program files\AA Antimalware\LastScanResult.log
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DIAGNOSTICSCAN
-------\Legacy_START1DRIVER
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-08 do 2014-02-08 )))))))))))))))))))))))))))))))
.
.
2014-02-08 13:20 . 2014-02-08 15:53 -------- d-----w- C:\AdwCleaner
2014-02-08 11:47 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B3BBAA71-37B3-407B-9E4C-309D7D0D1117}\mpengine.dll
2014-02-08 08:56 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-07 17:29 . 2014-01-28 09:08 873352 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2014-02-07 17:29 . 2014-01-28 06:55 272496 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-07 17:29 . 2014-01-28 06:54 22777456 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2014-02-07 17:29 . 2014-01-28 06:54 93808 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2014-02-07 17:29 . 2014-01-28 06:54 142960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2014-02-07 17:08 . 2014-02-07 17:08 -------- d-----w- C:\rsit
2014-02-07 17:08 . 2014-02-07 17:08 -------- d-----w- c:\program files\trend micro
2014-02-07 16:38 . 2014-01-28 06:54 170960 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2014-02-07 16:38 . 2014-01-28 06:54 276592 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2014-02-06 09:39 . 2014-02-06 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-02-05 22:24 . 2014-02-06 09:23 -------- d-----w- c:\program files\The KMPlayer
2014-02-05 21:23 . 2014-02-05 21:24 -------- d-----w- c:\documents and settings\Radim\Data aplikací\Nico Mak Computing
2014-02-05 13:31 . 2014-01-22 01:09 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-01-27 17:14 . 2014-01-27 17:14 -------- d-----w- c:\documents and settings\Radim\Data aplikací\DominiGames
2014-01-27 17:08 . 2014-02-05 15:12 -------- d-----w- c:\program files\Kostej Nesmrtelny
2014-01-20 06:59 . 2014-01-20 06:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2014-01-15 23:24 . 2014-01-15 23:24 -------- d-----w- C:\ProgramData
2014-01-15 23:24 . 2014-01-22 01:16 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-01-15 23:24 . 2014-02-08 09:19 -------- d-----w- c:\program files\Glary Utilities 4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 23:00 . 2012-04-11 11:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 23:00 . 2011-09-10 15:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2011-09-10 15:18 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 20:21 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 03:00 . 2008-04-14 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-07 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2011-07-18 . E3B22F050F840306FD522227F68046C5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-11-27 393728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Aplikace\\Balicky2013\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [5.2.2014 14:31 13504]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [5.1.2014 10:18 38608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7.8.2012 14:33 27632]
S1 MpKsl247733c8;MpKsl247733c8;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys [?]
S1 MpKslb7b84e2a;MpKslb7b84e2a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys [?]
S1 MpKslefaba5f7;MpKslefaba5f7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 10:34 171680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.10.2011 1:39 22856]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.10.2011 1:39 676936]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [7.8.2012 14:38 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [7.8.2012 14:38 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [7.8.2012 14:38 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [7.8.2012 14:38 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [7.8.2012 14:38 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [7.8.2012 14:38 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [7.8.2012 14:38 115752]
S3 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [22.3.2013 15:58 323584]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [7.8.2012 14:38 155824]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:00]
.
2014-02-08 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files\Glary Utilities 4\Initialize.exe [2014-01-22 01:15]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-28 12:35]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-28 12:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: csobpoj.cz\fe
TCP: DhcpNameServer = 8.8.8.8 172.22.52.5
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-08 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2014-02-08 17:53:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-08 16:53
.
Před spuštěním: Volných bajtů: 24 003 788 800
Po spuštění: Volných bajtů: 24 016 748 544
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8F532D9C4EC2C668DF900268FA8A0D83
Re: Policejní virus
Najdete tento soubor c:\windows\system32\sfcfiles.dll a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz. To same udelejte i s temito souboryc:\windows\system32\drivers\tcpip.sys
c:\windows\system32\dllcache\tcpip.sys
Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Driver::
SkypeUpdate
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Policejní virus
Jotti logo
Jottiho malware test
Tento soubor již byl jednou otestován. Výsledek předchozího testu je zobrazen níže.
Název souboru: sfcfiles.dll
Stav:
Test dokončen. 0 z 23 programů nalezlo škodlivý kód.
Test proveden: So 8 úno 2014 18:47:20 (CET) Trvalý odkaz
Podrobné informace
Velikost souboru: 1571840 bajtů
Typ souboru: PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5: e3b22f050f840306fd522227f68046c5
SHA1: 1fa96cec1b96ba362d6dbeee3d8daf21a01f3164
Výsledky
[Lavasoft Ad-Aware]
2014-02-08 Žádný nález
[Fortinet]
2014-02-08 Žádný nález
[Agnitum]
2014-02-08 Žádný nález
[Frisk F-Prot Antivirus]
2014-02-08 Žádný nález
[ArcaVir]
2014-02-08 Žádný nález
[F-Secure Anti-Virus]
2014-02-08 Žádný nález
[Avast! antivirus]
2014-02-08 Žádný nález
[G DATA]
2014-02-08 Žádný nález
[Grisoft AVG Anti-Virus]
2014-02-08 Žádný nález
[Ikarus]
2014-02-08 Žádný nález
[Avira AntiVir]
2014-02-08 Žádný nález
[Kaspersky Anti-Virus]
2014-02-08 Žádný nález
[Softwin BitDefender]
2014-02-08 Žádný nález
[Panda Antivirus]
2014-02-08 Žádný nález
[ClamAV]
2014-02-08 Žádný nález
[Quick Heal]
2014-02-08 Žádný nález
[CPsecure]
2014-02-08 Žádný nález
[Sophos]
2014-02-08 Žádný nález
[Dr.Web]
2014-02-08 Žádný nález
[Trend Micro Antivirus]
2014-02-07 Žádný nález
[MicroWorld eScan]
2014-02-08 Žádný nález
[VirusBlokAda VBA32]
2014-02-07 Žádný nález
[ESET]
2014-02-08 Žádný nález
Otestovat soubor - Hledání součtů - Časté otázky (anglicky) - Ochrana soukromí (anglicky)
© 2004-2012 Jotti <jotti@jotti.org>
Přeložil ŠkodlivýSoftware.cz
Jotti logo
Jottiho malware test
Tento soubor již byl jednou otestován. Výsledek předchozího testu je zobrazen níže.
Název souboru: tcpip.sys
Stav:
Test dokončen. 0 z 23 programů nalezlo škodlivý kód.
Test proveden: So 8 úno 2014 19:56:35 (CET) Trvalý odkaz
Podrobné informace
Velikost souboru: 361600 bajtů
Typ souboru: PE32 executable (native) Intel 80386, for MS Windows
MD5: cbeebeb899e31ef52b962cb31fc8ca5c
SHA1: bb35759a536bbb8da3b21de5f450385b333e1c25
Výsledky
[Lavasoft Ad-Aware]
2014-02-08 Žádný nález
[Fortinet]
2014-02-08 Žádný nález
[Agnitum]
2014-02-08 Žádný nález
[Frisk F-Prot Antivirus]
2014-02-08 Žádný nález
[ArcaVir]
2014-02-08 Žádný nález
[F-Secure Anti-Virus]
2014-02-08 Žádný nález
[Avast! antivirus]
2014-02-08 Žádný nález
[G DATA]
2014-02-08 Žádný nález
[Grisoft AVG Anti-Virus]
2014-02-08 Žádný nález
[Ikarus]
2014-02-08 Žádný nález
[Avira AntiVir]
2014-02-08 Žádný nález
[Kaspersky Anti-Virus]
2014-02-08 Žádný nález
[Softwin BitDefender]
2014-02-08 Žádný nález
[Panda Antivirus]
2014-02-08 Žádný nález
[ClamAV]
2014-02-08 Žádný nález
[Quick Heal]
2014-02-08 Žádný nález
[CPsecure]
2014-02-08 Žádný nález
[Sophos]
2014-02-08 Žádný nález
[Dr.Web]
2014-02-08 Žádný nález
[Trend Micro Antivirus]
2014-02-07 Žádný nález
[MicroWorld eScan]
2014-02-08 Žádný nález
[VirusBlokAda VBA32]
2014-02-07 Žádný nález
[ESET]
2014-02-08 Žádný nález
Otestovat soubor - Hledání součtů - Časté otázky (anglicky) - Ochrana soukromí (anglicky)
© 2004-2012 Jotti <jotti@jotti.org>
Přeložil ŠkodlivýSoftware.cz
Jotti logo
Jottiho malware test
Tento soubor již byl jednou otestován. Výsledek předchozího testu je zobrazen níže.
Název souboru: tcpip.sy_
Stav:
Test dokončen. 0 z 23 programů nalezlo škodlivý kód.
Test proveden: So 2 lis 2013 19:10:56 (CET) Trvalý odkaz
Podrobné informace
Velikost souboru: 361600 bajtů
Typ souboru: PE32 executable (native) Intel 80386, for MS Windows
MD5: 9aefa14bd6b182d61e3119fa5f436d3d
SHA1: 67e432a0c6a588e3b9aad49424b457db47a79b15
Výsledky
[Lavasoft Ad-Aware]
2013-11-02 Žádný nález
[Fortinet]
2013-11-02 Žádný nález
[Agnitum]
2013-11-01 Žádný nález
[Frisk F-Prot Antivirus]
2013-11-02 Žádný nález
[ArcaVir]
2013-11-01 Žádný nález
[F-Secure Anti-Virus]
2013-11-02 Žádný nález
[Avast! antivirus]
2013-11-02 Žádný nález
[G DATA]
2013-11-02 Žádný nález
[Grisoft AVG Anti-Virus]
2013-11-02 Žádný nález
[Ikarus]
2013-11-02 Žádný nález
[Avira AntiVir]
2013-11-02 Žádný nález
[Kaspersky Anti-Virus]
2013-11-02 Žádný nález
[Softwin BitDefender]
2013-11-02 Žádný nález
[Panda Antivirus]
2013-11-02 Žádný nález
[ClamAV]
2013-11-02 Žádný nález
[Quick Heal]
2013-11-02 Žádný nález
[CPsecure]
2013-11-02 Žádný nález
[Sophos]
2013-11-02 Žádný nález
[Dr.Web]
2013-11-02 Žádný nález
[Trend Micro Antivirus]
2013-11-01 Žádný nález
[MicroWorld eScan]
2013-11-02 Žádný nález
[VirusBlokAda VBA32]
2013-11-01 Žádný nález
[ESET]
2013-11-02 Žádný nález
Otestovat soubor - Hledání součtů - Časté otázky (anglicky) - Ochrana soukromí (anglicky)
© 2004-2012 Jotti <jotti@jotti.org>
Přeložil ŠkodlivýSoftware.cz
ComboFix 14-02-05.02 - Radim 08.02.2014 20:23:26.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2558.2039 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-08 do 2014-02-08 )))))))))))))))))))))))))))))))
.
.
2014-02-08 13:20 . 2014-02-08 15:53 -------- d-----w- C:\AdwCleaner
2014-02-08 11:47 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B3BBAA71-37B3-407B-9E4C-309D7D0D1117}\mpengine.dll
2014-02-08 08:56 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-07 17:29 . 2014-01-28 09:08 873352 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2014-02-07 17:29 . 2014-01-28 06:55 272496 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-07 17:29 . 2014-01-28 06:54 22777456 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2014-02-07 17:29 . 2014-01-28 06:54 93808 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2014-02-07 17:29 . 2014-01-28 06:54 142960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2014-02-07 17:08 . 2014-02-07 17:08 -------- d-----w- C:\rsit
2014-02-07 17:08 . 2014-02-07 17:08 -------- d-----w- c:\program files\trend micro
2014-02-07 16:38 . 2014-01-28 06:54 170960 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2014-02-07 16:38 . 2014-01-28 06:54 276592 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2014-02-06 09:39 . 2014-02-06 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-02-05 22:24 . 2014-02-06 09:23 -------- d-----w- c:\program files\The KMPlayer
2014-02-05 21:23 . 2014-02-05 21:24 -------- d-----w- c:\documents and settings\Radim\Data aplikací\Nico Mak Computing
2014-02-05 13:31 . 2014-01-22 01:09 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-01-27 17:14 . 2014-01-27 17:14 -------- d-----w- c:\documents and settings\Radim\Data aplikací\DominiGames
2014-01-27 17:08 . 2014-02-05 15:12 -------- d-----w- c:\program files\Kostej Nesmrtelny
2014-01-20 06:59 . 2014-01-20 06:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2014-01-15 23:24 . 2014-01-15 23:24 -------- d-----w- C:\ProgramData
2014-01-15 23:24 . 2014-01-22 01:16 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-01-15 23:24 . 2014-02-08 09:19 -------- d-----w- c:\program files\Glary Utilities 4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 23:00 . 2012-04-11 11:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 23:00 . 2011-09-10 15:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2011-09-10 15:18 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 20:21 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 03:00 . 2008-04-14 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-07 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2011-07-18 . E3B22F050F840306FD522227F68046C5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Aplikace\\Balicky2013\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [5.2.2014 14:31 13504]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [5.1.2014 10:18 38608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7.8.2012 14:33 27632]
S1 MpKsl247733c8;MpKsl247733c8;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys [?]
S1 MpKslb7b84e2a;MpKslb7b84e2a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys [?]
S1 MpKslefaba5f7;MpKslefaba5f7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.10.2011 1:39 22856]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.10.2011 1:39 676936]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [7.8.2012 14:38 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [7.8.2012 14:38 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [7.8.2012 14:38 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [7.8.2012 14:38 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [7.8.2012 14:38 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [7.8.2012 14:38 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [7.8.2012 14:38 115752]
S3 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [22.3.2013 15:58 323584]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [7.8.2012 14:38 155824]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:00]
.
2014-02-08 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files\Glary Utilities 4\Initialize.exe [2014-01-22 01:15]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-28 12:35]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-28 12:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: csobpoj.cz\fe
TCP: DhcpNameServer = 8.8.8.8 172.22.52.5
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-08 20:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2014-02-08 20:32:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-08 19:32
ComboFix2.txt 2014-02-08 16:53
.
Před spuštěním: Volných bajtů: 23 938 531 328
Po spuštění: Volných bajtů: 23 978 725 376
.
- - End Of File - - 8D51EED876F00069013A98BBDF9B1FFA
Jottiho malware test
Tento soubor již byl jednou otestován. Výsledek předchozího testu je zobrazen níže.
Název souboru: sfcfiles.dll
Stav:
Test dokončen. 0 z 23 programů nalezlo škodlivý kód.
Test proveden: So 8 úno 2014 18:47:20 (CET) Trvalý odkaz
Podrobné informace
Velikost souboru: 1571840 bajtů
Typ souboru: PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5: e3b22f050f840306fd522227f68046c5
SHA1: 1fa96cec1b96ba362d6dbeee3d8daf21a01f3164
Výsledky
[Lavasoft Ad-Aware]
2014-02-08 Žádný nález
[Fortinet]
2014-02-08 Žádný nález
[Agnitum]
2014-02-08 Žádný nález
[Frisk F-Prot Antivirus]
2014-02-08 Žádný nález
[ArcaVir]
2014-02-08 Žádný nález
[F-Secure Anti-Virus]
2014-02-08 Žádný nález
[Avast! antivirus]
2014-02-08 Žádný nález
[G DATA]
2014-02-08 Žádný nález
[Grisoft AVG Anti-Virus]
2014-02-08 Žádný nález
[Ikarus]
2014-02-08 Žádný nález
[Avira AntiVir]
2014-02-08 Žádný nález
[Kaspersky Anti-Virus]
2014-02-08 Žádný nález
[Softwin BitDefender]
2014-02-08 Žádný nález
[Panda Antivirus]
2014-02-08 Žádný nález
[ClamAV]
2014-02-08 Žádný nález
[Quick Heal]
2014-02-08 Žádný nález
[CPsecure]
2014-02-08 Žádný nález
[Sophos]
2014-02-08 Žádný nález
[Dr.Web]
2014-02-08 Žádný nález
[Trend Micro Antivirus]
2014-02-07 Žádný nález
[MicroWorld eScan]
2014-02-08 Žádný nález
[VirusBlokAda VBA32]
2014-02-07 Žádný nález
[ESET]
2014-02-08 Žádný nález
Otestovat soubor - Hledání součtů - Časté otázky (anglicky) - Ochrana soukromí (anglicky)
© 2004-2012 Jotti <jotti@jotti.org>
Přeložil ŠkodlivýSoftware.cz
Jotti logo
Jottiho malware test
Tento soubor již byl jednou otestován. Výsledek předchozího testu je zobrazen níže.
Název souboru: tcpip.sys
Stav:
Test dokončen. 0 z 23 programů nalezlo škodlivý kód.
Test proveden: So 8 úno 2014 19:56:35 (CET) Trvalý odkaz
Podrobné informace
Velikost souboru: 361600 bajtů
Typ souboru: PE32 executable (native) Intel 80386, for MS Windows
MD5: cbeebeb899e31ef52b962cb31fc8ca5c
SHA1: bb35759a536bbb8da3b21de5f450385b333e1c25
Výsledky
[Lavasoft Ad-Aware]
2014-02-08 Žádný nález
[Fortinet]
2014-02-08 Žádný nález
[Agnitum]
2014-02-08 Žádný nález
[Frisk F-Prot Antivirus]
2014-02-08 Žádný nález
[ArcaVir]
2014-02-08 Žádný nález
[F-Secure Anti-Virus]
2014-02-08 Žádný nález
[Avast! antivirus]
2014-02-08 Žádný nález
[G DATA]
2014-02-08 Žádný nález
[Grisoft AVG Anti-Virus]
2014-02-08 Žádný nález
[Ikarus]
2014-02-08 Žádný nález
[Avira AntiVir]
2014-02-08 Žádný nález
[Kaspersky Anti-Virus]
2014-02-08 Žádný nález
[Softwin BitDefender]
2014-02-08 Žádný nález
[Panda Antivirus]
2014-02-08 Žádný nález
[ClamAV]
2014-02-08 Žádný nález
[Quick Heal]
2014-02-08 Žádný nález
[CPsecure]
2014-02-08 Žádný nález
[Sophos]
2014-02-08 Žádný nález
[Dr.Web]
2014-02-08 Žádný nález
[Trend Micro Antivirus]
2014-02-07 Žádný nález
[MicroWorld eScan]
2014-02-08 Žádný nález
[VirusBlokAda VBA32]
2014-02-07 Žádný nález
[ESET]
2014-02-08 Žádný nález
Otestovat soubor - Hledání součtů - Časté otázky (anglicky) - Ochrana soukromí (anglicky)
© 2004-2012 Jotti <jotti@jotti.org>
Přeložil ŠkodlivýSoftware.cz
Jotti logo
Jottiho malware test
Tento soubor již byl jednou otestován. Výsledek předchozího testu je zobrazen níže.
Název souboru: tcpip.sy_
Stav:
Test dokončen. 0 z 23 programů nalezlo škodlivý kód.
Test proveden: So 2 lis 2013 19:10:56 (CET) Trvalý odkaz
Podrobné informace
Velikost souboru: 361600 bajtů
Typ souboru: PE32 executable (native) Intel 80386, for MS Windows
MD5: 9aefa14bd6b182d61e3119fa5f436d3d
SHA1: 67e432a0c6a588e3b9aad49424b457db47a79b15
Výsledky
[Lavasoft Ad-Aware]
2013-11-02 Žádný nález
[Fortinet]
2013-11-02 Žádný nález
[Agnitum]
2013-11-01 Žádný nález
[Frisk F-Prot Antivirus]
2013-11-02 Žádný nález
[ArcaVir]
2013-11-01 Žádný nález
[F-Secure Anti-Virus]
2013-11-02 Žádný nález
[Avast! antivirus]
2013-11-02 Žádný nález
[G DATA]
2013-11-02 Žádný nález
[Grisoft AVG Anti-Virus]
2013-11-02 Žádný nález
[Ikarus]
2013-11-02 Žádný nález
[Avira AntiVir]
2013-11-02 Žádný nález
[Kaspersky Anti-Virus]
2013-11-02 Žádný nález
[Softwin BitDefender]
2013-11-02 Žádný nález
[Panda Antivirus]
2013-11-02 Žádný nález
[ClamAV]
2013-11-02 Žádný nález
[Quick Heal]
2013-11-02 Žádný nález
[CPsecure]
2013-11-02 Žádný nález
[Sophos]
2013-11-02 Žádný nález
[Dr.Web]
2013-11-02 Žádný nález
[Trend Micro Antivirus]
2013-11-01 Žádný nález
[MicroWorld eScan]
2013-11-02 Žádný nález
[VirusBlokAda VBA32]
2013-11-01 Žádný nález
[ESET]
2013-11-02 Žádný nález
Otestovat soubor - Hledání součtů - Časté otázky (anglicky) - Ochrana soukromí (anglicky)
© 2004-2012 Jotti <jotti@jotti.org>
Přeložil ŠkodlivýSoftware.cz
ComboFix 14-02-05.02 - Radim 08.02.2014 20:23:26.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2558.2039 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-08 do 2014-02-08 )))))))))))))))))))))))))))))))
.
.
2014-02-08 13:20 . 2014-02-08 15:53 -------- d-----w- C:\AdwCleaner
2014-02-08 11:47 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B3BBAA71-37B3-407B-9E4C-309D7D0D1117}\mpengine.dll
2014-02-08 08:56 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-07 17:29 . 2014-01-28 09:08 873352 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2014-02-07 17:29 . 2014-01-28 06:55 272496 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-07 17:29 . 2014-01-28 06:54 22777456 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2014-02-07 17:29 . 2014-01-28 06:54 93808 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2014-02-07 17:29 . 2014-01-28 06:54 142960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2014-02-07 17:08 . 2014-02-07 17:08 -------- d-----w- C:\rsit
2014-02-07 17:08 . 2014-02-07 17:08 -------- d-----w- c:\program files\trend micro
2014-02-07 16:38 . 2014-01-28 06:54 170960 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2014-02-07 16:38 . 2014-01-28 06:54 276592 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2014-02-06 09:39 . 2014-02-06 09:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-02-05 22:24 . 2014-02-06 09:23 -------- d-----w- c:\program files\The KMPlayer
2014-02-05 21:23 . 2014-02-05 21:24 -------- d-----w- c:\documents and settings\Radim\Data aplikací\Nico Mak Computing
2014-02-05 13:31 . 2014-01-22 01:09 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-01-27 17:14 . 2014-01-27 17:14 -------- d-----w- c:\documents and settings\Radim\Data aplikací\DominiGames
2014-01-27 17:08 . 2014-02-05 15:12 -------- d-----w- c:\program files\Kostej Nesmrtelny
2014-01-20 06:59 . 2014-01-20 06:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2014-01-15 23:24 . 2014-01-15 23:24 -------- d-----w- C:\ProgramData
2014-01-15 23:24 . 2014-01-22 01:16 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-01-15 23:24 . 2014-02-08 09:19 -------- d-----w- c:\program files\Glary Utilities 4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 23:00 . 2012-04-11 11:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 23:00 . 2011-09-10 15:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2011-09-10 15:18 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 20:21 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 03:00 . 2008-04-14 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-07 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2011-07-18 . E3B22F050F840306FD522227F68046C5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Aplikace\\Balicky2013\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [5.2.2014 14:31 13504]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [5.1.2014 10:18 38608]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7.8.2012 14:33 27632]
S1 MpKsl247733c8;MpKsl247733c8;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys [?]
S1 MpKslb7b84e2a;MpKslb7b84e2a;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys [?]
S1 MpKslefaba5f7;MpKslefaba5f7;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.10.2011 1:39 22856]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.10.2011 1:39 676936]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [7.8.2012 14:38 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [7.8.2012 14:38 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [7.8.2012 14:38 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [7.8.2012 14:38 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [7.8.2012 14:38 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [7.8.2012 14:38 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [7.8.2012 14:38 115752]
S3 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [22.3.2013 15:58 323584]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [7.8.2012 14:38 155824]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:00]
.
2014-02-08 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files\Glary Utilities 4\Initialize.exe [2014-01-22 01:15]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-28 12:35]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-28 12:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: csobpoj.cz\fe
TCP: DhcpNameServer = 8.8.8.8 172.22.52.5
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-08 20:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2014-02-08 20:32:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-08 19:32
ComboFix2.txt 2014-02-08 16:53
.
Před spuštěním: Volných bajtů: 23 938 531 328
Po spuštění: Volných bajtů: 23 978 725 376
.
- - End Of File - - 8D51EED876F00069013A98BBDF9B1FFA
Re: Policejní virus
Dejte novy log z RSIT
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Policejní virus
Logfile of random's system information tool 1.09 (written by random/random)
Run by Radim at 2014-02-08 20:49:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (20%) free of 114 GB
Total RAM: 2558 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:50:07, on 8.2.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Radim\Plocha\RSIT.exe
C:\Program Files\trend micro\Radim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4879006000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
--
End of file - 5868 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GlaryInitialize 4.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\
WebSiteRecommendation@weliketheweb.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-11 194128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-08 1001936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-03 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-11 194128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Aplikace\Balicky2013\jre\bin\java.exe"="C:\Aplikace\Balicky2013\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\Serviio\bin\ServiioService.exe"="C:\Program Files\Serviio\bin\ServiioService.exe:*:Enabled:Serviio"
"C:\Program Files\Serviio\bin\ServiioConsole.exe"="C:\Program Files\Serviio\bin\ServiioConsole.exe:*:Enabled:Serviio"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
======File associations======
.js - edit -
.js - open - "C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe" /OPEN("%1")
======List of files/folders created in the last 1 month======
2014-02-08 20:32:35 ----A---- C:\ComboFix.txt
2014-02-08 20:26:54 ----D---- C:\WINDOWS\temp
2014-02-08 17:39:36 ----A---- C:\Boot.bak
2014-02-08 17:39:33 ----RASHD---- C:\cmdcons
2014-02-08 17:37:09 ----A---- C:\WINDOWS\zip.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\SWSC.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\SWREG.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\sed.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\PEV.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\NIRCMD.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\MBR.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\grep.exe
2014-02-08 17:37:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-02-08 17:37:01 ----D---- C:\Qoobox
2014-02-08 17:36:48 ----D---- C:\WINDOWS\erdnt
2014-02-08 14:20:39 ----D---- C:\AdwCleaner
2014-02-07 18:08:16 ----D---- C:\rsit
2014-02-07 18:08:16 ----D---- C:\Program Files\trend micro
2014-02-07 12:49:01 ----A---- C:\WINDOWS\ntbtlog.txt
2014-02-06 10:39:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-02-06 00:28:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2808679$
2014-02-05 23:24:39 ----D---- C:\Program Files\The KMPlayer
2014-02-05 22:23:00 ----D---- C:\Documents and Settings\Radim\Data aplikací\Nico Mak Computing
2014-02-05 14:31:32 ----A---- C:\WINDOWS\system32\drivers\BootDefragDriver.sys
2014-01-29 20:42:58 ----A---- C:\Zástupce - Jednotka CD-ROM.lnk
2014-01-27 18:14:15 ----D---- C:\Documents and Settings\Radim\Data aplikací\DominiGames
2014-01-27 18:08:03 ----D---- C:\Program Files\Kostej Nesmrtelny
2014-01-20 07:59:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2014-01-16 00:24:19 ----D---- C:\ProgramData
2014-01-16 00:24:17 ----A---- C:\WINDOWS\system32\BootDefrag.exe
2014-01-16 00:24:03 ----D---- C:\Program Files\Glary Utilities 4
======List of files/folders modified in the last 1 month======
2014-02-08 20:50:07 ----D---- C:\WINDOWS\Prefetch
2014-02-08 20:32:38 ----D---- C:\WINDOWS\system32\drivers
2014-02-08 20:31:05 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-08 20:28:58 ----D---- C:\WINDOWS
2014-02-08 20:28:58 ----A---- C:\WINDOWS\system.ini
2014-02-08 20:28:50 ----D---- C:\WINDOWS\system32\drivers\etc
2014-02-08 20:27:11 ----D---- C:\WINDOWS\system32\config
2014-02-08 20:25:23 ----D---- C:\WINDOWS\system32
2014-02-08 20:25:23 ----D---- C:\WINDOWS\AppPatch
2014-02-08 20:25:22 ----D---- C:\Program Files\Common Files
2014-02-08 18:36:08 ----D---- C:\Documents and Settings\Radim\Data aplikací\uTorrent
2014-02-08 17:52:35 ----SD---- C:\WINDOWS\Tasks
2014-02-08 17:48:01 ----SHD---- C:\System Volume Information
2014-02-08 17:48:01 ----D---- C:\WINDOWS\system32\Restore
2014-02-08 17:46:21 ----D---- C:\WINDOWS\system32\NtmsData
2014-02-08 17:45:28 ----RD---- C:\Program Files
2014-02-08 17:39:36 ----RASH---- C:\boot.ini
2014-02-08 12:16:57 ----D---- C:\WINDOWS\WinSxS
2014-02-07 22:05:13 ----D---- C:\Filmy
2014-02-07 19:46:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-07 18:32:26 ----D---- C:\Install
2014-02-07 18:29:53 ----D---- C:\Program Files\Mozilla Firefox
2014-02-07 17:38:44 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-02-06 07:08:57 ----HD---- C:\WINDOWS\inf
2014-02-06 00:49:21 ----D---- C:\WINDOWS\Microsoft.NET
2014-02-06 00:48:44 ----RSD---- C:\WINDOWS\assembly
2014-02-06 00:28:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-06 00:28:51 ----SHD---- C:\WINDOWS\Installer
2014-02-06 00:28:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-05 22:47:15 ----A---- C:\WINDOWS\NeroDigital.ini
2014-02-05 22:05:19 ----D---- C:\Program Files\VideoLAN
2014-02-05 16:12:05 ----D---- C:\Program Files\Windows Media Connect 2
2014-02-05 16:12:01 ----D---- C:\Program Files\Messenger
2014-02-05 16:12:00 ----D---- C:\Program Files\ACDSee32
2014-02-05 14:34:13 ----D---- C:\Program Files\totalcmd
2014-02-05 14:30:27 ----D---- C:\Program Files\CCleaner
2014-02-05 13:37:23 ----AD---- C:\Moje filmy
2014-02-05 00:00:33 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-02 22:50:39 ----D---- C:\Documents and Settings\Radim\Data aplikací\Skype
2014-02-01 19:05:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2014-02-01 19:05:49 ----RD---- C:\Program Files\Skype
2014-02-01 07:55:19 ----D---- C:\WINDOWS\system32\LogFiles
2014-02-01 04:41:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-01-31 20:17:14 ----D---- C:\WINDOWS\pss
2014-01-31 09:20:44 ----RD---- C:\WINDOWS\Web
2014-01-30 10:49:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\VSO
2014-01-19 08:32:23 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2014-01-16 00:24:21 ----D---- C:\Program Files\Glary Utilities
2014-01-16 00:24:21 ----D---- C:\Documents and Settings\Radim\Data aplikací\GlarySoft
2014-01-15 19:52:10 ----D---- C:\Documents and Settings\Radim\Data aplikací\Vso
2014-01-14 21:31:05 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BootDefragDriver;BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [2014-01-22 13504]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2011-07-18 432664]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 DKRtWrt;DKRtWrt; C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys [2011-02-14 38608]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-08-30 6435432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-09-16 846792]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 MpKsl247733c8;MpKsl247733c8; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys []
S1 MpKslb7b84e2a;MpKslb7b84e2a; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys []
S1 MpKslefaba5f7;MpKslefaba5f7; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Radim\LOCALS~1\Temp\mbr.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2011-03-03 2148176]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-28 135664]
S3 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-28 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
S3 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S3 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-28 118896]
S3 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Serviio;Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [2013-03-22 323584]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
-----------------EOF-----------------
Run by Radim at 2014-02-08 20:49:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (20%) free of 114 GB
Total RAM: 2558 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:50:07, on 8.2.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Radim\Plocha\RSIT.exe
C:\Program Files\trend micro\Radim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4879006000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
--
End of file - 5868 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GlaryInitialize 4.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\
WebSiteRecommendation@weliketheweb.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-11 194128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-08 1001936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-03 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-11 194128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Aplikace\Balicky2013\jre\bin\java.exe"="C:\Aplikace\Balicky2013\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\Serviio\bin\ServiioService.exe"="C:\Program Files\Serviio\bin\ServiioService.exe:*:Enabled:Serviio"
"C:\Program Files\Serviio\bin\ServiioConsole.exe"="C:\Program Files\Serviio\bin\ServiioConsole.exe:*:Enabled:Serviio"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
======File associations======
.js - edit -
.js - open - "C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe" /OPEN("%1")
======List of files/folders created in the last 1 month======
2014-02-08 20:32:35 ----A---- C:\ComboFix.txt
2014-02-08 20:26:54 ----D---- C:\WINDOWS\temp
2014-02-08 17:39:36 ----A---- C:\Boot.bak
2014-02-08 17:39:33 ----RASHD---- C:\cmdcons
2014-02-08 17:37:09 ----A---- C:\WINDOWS\zip.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\SWSC.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\SWREG.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\sed.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\PEV.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\NIRCMD.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\MBR.exe
2014-02-08 17:37:09 ----A---- C:\WINDOWS\grep.exe
2014-02-08 17:37:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-02-08 17:37:01 ----D---- C:\Qoobox
2014-02-08 17:36:48 ----D---- C:\WINDOWS\erdnt
2014-02-08 14:20:39 ----D---- C:\AdwCleaner
2014-02-07 18:08:16 ----D---- C:\rsit
2014-02-07 18:08:16 ----D---- C:\Program Files\trend micro
2014-02-07 12:49:01 ----A---- C:\WINDOWS\ntbtlog.txt
2014-02-06 10:39:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-02-06 00:28:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2808679$
2014-02-05 23:24:39 ----D---- C:\Program Files\The KMPlayer
2014-02-05 22:23:00 ----D---- C:\Documents and Settings\Radim\Data aplikací\Nico Mak Computing
2014-02-05 14:31:32 ----A---- C:\WINDOWS\system32\drivers\BootDefragDriver.sys
2014-01-29 20:42:58 ----A---- C:\Zástupce - Jednotka CD-ROM.lnk
2014-01-27 18:14:15 ----D---- C:\Documents and Settings\Radim\Data aplikací\DominiGames
2014-01-27 18:08:03 ----D---- C:\Program Files\Kostej Nesmrtelny
2014-01-20 07:59:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2014-01-16 00:24:19 ----D---- C:\ProgramData
2014-01-16 00:24:17 ----A---- C:\WINDOWS\system32\BootDefrag.exe
2014-01-16 00:24:03 ----D---- C:\Program Files\Glary Utilities 4
======List of files/folders modified in the last 1 month======
2014-02-08 20:50:07 ----D---- C:\WINDOWS\Prefetch
2014-02-08 20:32:38 ----D---- C:\WINDOWS\system32\drivers
2014-02-08 20:31:05 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-08 20:28:58 ----D---- C:\WINDOWS
2014-02-08 20:28:58 ----A---- C:\WINDOWS\system.ini
2014-02-08 20:28:50 ----D---- C:\WINDOWS\system32\drivers\etc
2014-02-08 20:27:11 ----D---- C:\WINDOWS\system32\config
2014-02-08 20:25:23 ----D---- C:\WINDOWS\system32
2014-02-08 20:25:23 ----D---- C:\WINDOWS\AppPatch
2014-02-08 20:25:22 ----D---- C:\Program Files\Common Files
2014-02-08 18:36:08 ----D---- C:\Documents and Settings\Radim\Data aplikací\uTorrent
2014-02-08 17:52:35 ----SD---- C:\WINDOWS\Tasks
2014-02-08 17:48:01 ----SHD---- C:\System Volume Information
2014-02-08 17:48:01 ----D---- C:\WINDOWS\system32\Restore
2014-02-08 17:46:21 ----D---- C:\WINDOWS\system32\NtmsData
2014-02-08 17:45:28 ----RD---- C:\Program Files
2014-02-08 17:39:36 ----RASH---- C:\boot.ini
2014-02-08 12:16:57 ----D---- C:\WINDOWS\WinSxS
2014-02-07 22:05:13 ----D---- C:\Filmy
2014-02-07 19:46:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-07 18:32:26 ----D---- C:\Install
2014-02-07 18:29:53 ----D---- C:\Program Files\Mozilla Firefox
2014-02-07 17:38:44 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-02-06 07:08:57 ----HD---- C:\WINDOWS\inf
2014-02-06 00:49:21 ----D---- C:\WINDOWS\Microsoft.NET
2014-02-06 00:48:44 ----RSD---- C:\WINDOWS\assembly
2014-02-06 00:28:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-06 00:28:51 ----SHD---- C:\WINDOWS\Installer
2014-02-06 00:28:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-05 22:47:15 ----A---- C:\WINDOWS\NeroDigital.ini
2014-02-05 22:05:19 ----D---- C:\Program Files\VideoLAN
2014-02-05 16:12:05 ----D---- C:\Program Files\Windows Media Connect 2
2014-02-05 16:12:01 ----D---- C:\Program Files\Messenger
2014-02-05 16:12:00 ----D---- C:\Program Files\ACDSee32
2014-02-05 14:34:13 ----D---- C:\Program Files\totalcmd
2014-02-05 14:30:27 ----D---- C:\Program Files\CCleaner
2014-02-05 13:37:23 ----AD---- C:\Moje filmy
2014-02-05 00:00:33 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-02 22:50:39 ----D---- C:\Documents and Settings\Radim\Data aplikací\Skype
2014-02-01 19:05:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2014-02-01 19:05:49 ----RD---- C:\Program Files\Skype
2014-02-01 07:55:19 ----D---- C:\WINDOWS\system32\LogFiles
2014-02-01 04:41:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-01-31 20:17:14 ----D---- C:\WINDOWS\pss
2014-01-31 09:20:44 ----RD---- C:\WINDOWS\Web
2014-01-30 10:49:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\VSO
2014-01-19 08:32:23 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2014-01-16 00:24:21 ----D---- C:\Program Files\Glary Utilities
2014-01-16 00:24:21 ----D---- C:\Documents and Settings\Radim\Data aplikací\GlarySoft
2014-01-15 19:52:10 ----D---- C:\Documents and Settings\Radim\Data aplikací\Vso
2014-01-14 21:31:05 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BootDefragDriver;BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [2014-01-22 13504]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2011-07-18 432664]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 DKRtWrt;DKRtWrt; C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys [2011-02-14 38608]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-08-30 6435432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-09-16 846792]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 MpKsl247733c8;MpKsl247733c8; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys []
S1 MpKslb7b84e2a;MpKslb7b84e2a; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys []
S1 MpKslefaba5f7;MpKslefaba5f7; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Radim\LOCALS~1\Temp\mbr.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2011-03-03 2148176]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-28 135664]
S3 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-28 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28 194032]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
S3 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S3 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-28 118896]
S3 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Serviio;Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [2013-03-22 323584]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
-----------------EOF-----------------
Re: Policejní virus
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Policejní virus
OTL logfile created on: 8.2.2014 21:02:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Radim\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,50 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 70,39% Memory free
4,34 Gb Paging File | 3,76 Gb Available in Paging File | 86,62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 22,30 Gb Free Space | 19,95% Space Free | Partition Type: NTFS
Computer Name: 84B938A95D0145B | User Name: Radim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.02.08 20:58:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radim\Plocha\OTL.exe
PRC - [2014.01.28 07:54:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.10.23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.03.03 14:49:14 | 002,148,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
========== Modules (No Company Name) ==========
MOD - [2014.02.06 00:48:08 | 011,896,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\2d837a3e24db0f672c71f3ecda4ca5f3\System.Web.ni.dll
MOD - [2014.02.06 00:28:26 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2014.02.06 00:28:25 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014.01.28 07:54:18 | 003,583,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.10.11 12:44:19 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013.10.11 11:50:26 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013.08.17 07:48:46 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013.08.17 07:45:27 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013.08.17 07:43:45 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013.07.11 19:23:10 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012.05.22 12:53:48 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2012.05.22 12:53:46 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014.02.05 00:00:35 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.01.28 07:54:10 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.03.22 15:58:12 | 000,323,584 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.03.03 14:49:14 | 002,148,176 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys -- (MpKslefaba5f7)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys -- (MpKslb7b84e2a)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys -- (MpKsl247733c8)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Radim\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014.01.22 02:09:34 | 000,013,504 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.30 16:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.02.14 02:04:48 | 000,038,608 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.04.14 13:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2006.05.23 21:06:00 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.09.30 10:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.09.16 13:09:02 | 000,846,792 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004.03.28 23:04:18 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.BAK -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..\SearchScopes\{D17E06F4-8FF1-4155-A33F-259C56A80459}: "URL" = http://www.google.cz/search?q={searchTe ... AZ_csCZ451
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:7.5
FF - prefs.js..extensions.enabledAddons: WebSiteRecommendation%40weliketheweb.com:1.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.09.13 09:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Extensions
[2014.02.05 20:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions
[2013.08.27 08:10:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.12.24 08:05:54 | 000,000,000 | ---D | M] ("WebSite Recommendation") -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\WebSiteRecommendation@weliketheweb.com
[2013.10.16 16:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profilesx1wiz4ly.default\extensions
[2013.10.16 16:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profilesx1wiz4ly.default\extensions\staged
[2013.04.20 15:25:05 | 000,301,821 | ---- | M] () (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\compatibility@addons.mozilla.org.xpi
[2013.12.22 07:58:14 | 000,152,142 | ---- | M] () (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2014.01.16 21:15:07 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.12.20 18:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.12.20 18:05:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.02.07 18:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.12.20 18:05:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.02.07 18:29:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RADIM\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\X1WIZ4LY.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RADIM\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\X1WIZ4LY.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RADIM\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\X1WIZ4LY.DEFAULT\EXTENSIONS\WEBSITERECOMMENDATION@WELIKETHEWEB.COM
[2011.09.10 17:14:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Radim\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Radim\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Radim\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Radim\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Verbatim Translatio = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bobgnmijljonenlachekpkgikohcghon\1.1.0_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014.02.08 20:28:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..Trusted Domains: csobpoj.cz ([fe] https in Důvěryhodné servery)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 4879006000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 172.22.52.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE2F3637-21B5-4D4B-86B2-C5860E62187B}: DhcpNameServer = 8.8.8.8 172.22.52.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.02.08 20:58:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Radim\Plocha\OTL.exe
[2014.02.08 20:26:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014.02.08 17:39:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014.02.08 17:37:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014.02.08 17:37:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014.02.08 17:37:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014.02.08 17:37:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014.02.08 17:37:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.02.08 17:36:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014.02.08 17:33:47 | 005,180,173 | R--- | C] (Swearware) -- C:\Documents and Settings\Radim\Plocha\ComboFix.exe
[2014.02.08 14:20:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.07 18:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Plocha\RK_Quarantine
[2014.02.07 18:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.02.07 18:08:16 | 000,000,000 | ---D | C] -- C:\rsit
[2014.02.07 17:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Plocha\RogueKiller
[2014.02.06 10:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2014.02.06 00:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2014.02.05 23:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Nabídka Start\Programy\The KMPlayer
[2014.02.05 23:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2014.02.05 22:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Data aplikací\Nico Mak Computing
[2014.02.05 14:31:32 | 000,013,504 | ---- | C] (Glarysoft Ltd) -- C:\WINDOWS\System32\drivers\BootDefragDriver.sys
[2014.02.01 05:40:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Radim\Recent
[2014.01.27 18:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Data aplikací\DominiGames
[2014.01.27 18:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Kostěj Nesmrtelný
[2014.01.27 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kostej Nesmrtelny
[2014.01.20 07:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\McAfee
[2014.01.16 13:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Plocha\Dopis info změny NOZ
[2014.01.16 00:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData
[2014.01.16 00:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Glary Utilities 4
[2014.01.16 00:24:17 | 000,101,664 | ---- | C] (Glarysoft Ltd) -- C:\WINDOWS\System32\BootDefrag.exe
[2014.01.16 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities 4
[2014.01.14 21:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Plocha\VSO ConvertXtoDVD 5.1.0.2 Portable
[2012.11.28 22:35:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Radim\Data aplikací\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2014.02.08 21:04:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.02.08 21:00:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.02.08 20:58:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radim\Plocha\OTL.exe
[2014.02.08 20:45:08 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.08 20:29:47 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize 4.job
[2014.02.08 20:28:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014.02.08 20:28:47 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
[2014.02.08 20:28:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.02.08 17:39:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014.02.08 17:35:12 | 005,180,173 | R--- | M] (Swearware) -- C:\Documents and Settings\Radim\Plocha\ComboFix.exe
[2014.02.08 14:14:01 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\adwcleaner.exe
[2014.02.08 13:28:04 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\Windows Media Player.lnk
[2014.02.08 13:23:45 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\Microsoft Office Outlook 2007.lnk
[2014.02.07 19:46:43 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2014.02.07 18:29:56 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2014.02.07 18:06:22 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\RSIT.exe
[2014.02.07 16:03:01 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\mbam.context.scan
[2014.02.07 14:40:31 | 003,809,792 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\RogueKiller.exe
[2014.02.06 06:55:14 | 000,000,189 | ---- | M] () -- C:\.dir
[2014.02.06 00:37:59 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\KMPlayer.lnk
[2014.02.06 00:28:40 | 000,497,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.02.06 00:28:40 | 000,492,492 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.02.06 00:28:40 | 000,099,882 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.02.06 00:28:40 | 000,085,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.02.06 00:20:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.02.05 22:47:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014.02.05 14:31:33 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Glary Utilities 4.lnk
[2014.02.05 14:30:32 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2014.02.05 00:00:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014.02.05 00:00:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.02.03 09:25:06 | 000,520,657 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\KIS_zadanky_manuál.pdf
[2014.02.02 10:22:39 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2014.02.01 14:24:15 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\Microsoft Office Word 2007.lnk
[2014.01.29 20:42:58 | 000,000,145 | ---- | M] () -- C:\Zástupce - Jednotka CD-ROM.lnk
[2014.01.27 18:14:08 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Kostěj Nesmrtelný.lnk
[2014.01.22 02:16:52 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- C:\WINDOWS\System32\BootDefrag.exe
[2014.01.22 02:09:34 | 000,013,504 | ---- | M] (Glarysoft Ltd) -- C:\WINDOWS\System32\drivers\BootDefragDriver.sys
[2014.01.19 08:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014.01.14 21:14:54 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Zástupce - Jednotka CD-ROM.lnk
[2014.01.14 03:18:30 | 000,001,185 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\vso_ts_preview.xml
========== Files Created - No Company Name ==========
[2014.02.08 21:04:25 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.02.08 17:39:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014.02.08 17:39:33 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2014.02.08 17:37:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014.02.08 17:37:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014.02.08 17:37:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014.02.08 17:37:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014.02.08 17:37:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014.02.08 14:14:01 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\adwcleaner.exe
[2014.02.07 18:06:22 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\RSIT.exe
[2014.02.07 17:38:45 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
[2014.02.07 17:38:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2014.02.07 14:54:10 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\mbam.context.scan
[2014.02.06 12:13:48 | 003,809,792 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\RogueKiller.exe
[2014.02.06 00:37:59 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\KMPlayer.lnk
[2014.02.05 16:05:11 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\Windows Media Player.lnk
[2014.02.03 09:25:08 | 000,520,657 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\KIS_zadanky_manuál.pdf
[2014.01.29 20:42:58 | 000,000,145 | ---- | C] () -- C:\Zástupce - Jednotka CD-ROM.lnk
[2014.01.27 18:14:08 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Kostěj Nesmrtelný.lnk
[2014.01.16 00:24:18 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Glary Utilities 4.lnk
[2014.01.16 00:24:18 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Glary Utilities 4.lnk
[2014.01.16 00:24:18 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize 4.job
[2014.01.14 21:14:54 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\Zástupce - Jednotka CD-ROM.lnk
[2014.01.09 14:16:45 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Radim\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.11.26 00:19:37 | 000,301,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.10.07 17:27:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013.05.29 22:49:14 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Radim\.dir
[2013.05.26 15:04:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.04.12 01:45:19 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\ASSDraw3.cfg
[2012.11.28 22:35:39 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\inst.exe
[2012.11.28 22:35:39 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\pcouffin.cat
[2012.11.28 22:35:39 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\pcouffin.inf
[2012.06.27 11:11:13 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Radim\Local Settings\Data aplikací\Model6.env
[2012.02.16 10:41:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.09 13:41:48 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Radim\Local Settings\Data aplikací\DelUnist.bat
[2011.09.15 16:49:08 | 000,001,185 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\vso_ts_preview.xml
[2011.09.10 18:29:54 | 007,434,240 | ---- | C] () -- C:\Documents and Settings\Radim\s-1-5-21-299502267-362288127-1177238915-1004.rrr
[2011.09.10 18:29:53 | 000,005,341 | ---- | C] () -- C:\Documents and Settings\Radim\intlname.ols
[2011.09.10 18:29:53 | 000,001,361 | ---- | C] () -- C:\Documents and Settings\Radim\cleaner-config.xml
[2011.09.10 18:29:53 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Radim\CommandDispatchers.xml
[2011.09.10 18:29:53 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Radim\default.pls
========== ZeroAccess Check ==========
[2011.09.10 13:17:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.06.21 19:18:03 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014.02.06 10:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2014.01.05 10:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Diskeeper Corporation
[2013.10.23 22:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Fenomen Games
[2011.12.31 14:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Readon
[2011.12.09 11:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SolidDocuments
[2012.08.07 14:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2013.03.14 15:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SQL Anywhere 11
[2014.01.30 10:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\VSO
[2012.01.18 18:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2013.09.16 16:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Absolutist
[2013.05.07 14:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Aegisub
[2013.05.27 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Artogon
[2011.09.19 02:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Azureus
[2014.01.27 18:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\DominiGames
[2013.06.02 14:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ERS G-Studio
[2013.09.16 08:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ERS Game Studios
[2011.09.10 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\GHISLER
[2014.01.16 00:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\GlarySoft
[2013.10.04 18:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Gygan
[2011.09.10 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ICQ
[2011.09.10 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\IObit
[2013.06.02 08:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Jetdogs Studios
[2013.06.27 10:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Meridian93
[2013.05.29 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\mkvtoolnix
[2014.02.05 22:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Nico Mak Computing
[2011.09.10 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Opera
[2013.05.12 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Rainbow
[2011.12.09 12:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\SolidDocuments
[2013.11.11 18:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Specialbit
[2013.11.15 16:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\spidla
[2013.04.28 12:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\SQL Anywhere 11
[2012.09.06 22:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\TrTUploader
[2013.05.02 16:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Ulozto File Manager
[2014.02.08 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\uTorrent
[2014.01.15 19:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Vso
[2011.12.09 12:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\YCanPDF
[2013.11.15 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Špidla Data Processing, s.r.o
========== Purity Check ==========
========== Custom Scans ==========
< >
[2011.09.10 12:59:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011.09.10 13:04:30 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.07.10 16:07:41 | 000,032,386 | ---- | C] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2013.10.10 07:35:43 | 000,000,936 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
[2013.10.10 07:35:44 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.11.16 12:51:02 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2014.01.16 00:24:18 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Tasks\GlaryInitialize 4.job
< >
< MD5 for: AGP440.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:AGP440.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 15:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\AUTOCHK.EXE
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:Changer.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: IASTOR.SYS >
[2011.07.18 11:29:16 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\WINDOWS\NLDRV\001\iastor.sys
[2011.07.18 11:29:16 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: ISAPNP.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:isapnp.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 13:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\erdnt\cache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 15:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=3C3393C92A73A3006C7B706DAC54A812 -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\SYSTEM32\SMSS.EXE
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2013.02.07 13:54:08 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=CBEEBEB899E31EF52B962CB31FC8CA5C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\erdnt\cache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013.09.16 16:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Absolutist
[2011.09.10 17:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Adobe
[2013.05.07 14:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Aegisub
[2011.09.12 01:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Ahead
[2013.05.27 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Artogon
[2011.09.10 16:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ATI
[2011.09.19 02:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Azureus
[2014.01.27 18:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\DominiGames
[2013.10.07 21:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\dvdcss
[2013.06.02 14:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ERS G-Studio
[2013.09.16 08:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ERS Game Studios
[2011.09.10 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\GHISLER
[2014.01.16 00:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\GlarySoft
[2012.06.07 00:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Google
[2013.10.04 18:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Gygan
[2011.09.10 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ICQ
[2011.09.10 13:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Identities
[2011.09.10 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\IObit
[2013.06.02 08:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Jetdogs Studios
[2013.10.11 12:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Macromedia
[2011.10.05 01:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Malwarebytes
[2012.06.24 19:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Media Player Classic
[2013.06.27 10:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Meridian93
[2013.10.10 01:22:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Radim\Data aplikací\Microsoft
[2013.05.29 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\mkvtoolnix
[2011.09.13 09:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Mozilla
[2014.02.05 22:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Nico Mak Computing
[2011.09.10 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Opera
[2013.05.12 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Rainbow
[2014.02.02 22:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Skype
[2011.12.09 12:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\SolidDocuments
[2013.11.11 18:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Specialbit
[2013.11.15 16:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\spidla
[2013.04.28 12:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\SQL Anywhere 11
[2011.09.10 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Sun
[2012.09.06 22:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\TrTUploader
[2013.05.02 16:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Ulozto File Manager
[2014.02.08 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\uTorrent
[2014.01.15 19:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Vso
[2011.09.12 01:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\WinRAR
[2011.12.09 12:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\YCanPDF
[2013.11.15 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Špidla Data Processing, s.r.o
< %APPDATA%\*.exe /s >
[2012.11.28 22:42:09 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\inst.exe
[2013.11.15 16:30:55 | 003,134,976 | -H-- | M] () -- C:\Documents and Settings\Radim\Data aplikací\spidla\wrapper_trial\Mezi nebem a zemí\game.exe
[2013.11.06 09:43:58 | 007,801,054 | ---- | M] (Spidla) -- C:\Documents and Settings\Radim\Data aplikací\spidla\wrapper_trial\Mezi nebem a zemí\Mezi nebem a zemi.exe
[2013.11.15 16:24:26 | 000,706,224 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\spidla\wrapper_trial\Mezi nebem a zemí\unins000.exe
[2005.10.17 10:12:46 | 000,258,048 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\uTorrent\wget.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011.09.10 14:34:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.09.10 14:34:52 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.09.10 14:34:52 | 000,487,424 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.02.06 00:28:40 | 000,099,882 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2014.02.06 00:28:40 | 000,085,692 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2014.02.06 00:28:40 | 000,492,492 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2014.02.06 00:28:40 | 000,497,208 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2014.02.06 00:28:40 | 001,150,610 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2014.02.06 00:20:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.02.08 21:04:25 | 000,000,512 | ---- | M] () MD5=CBDD76DD6C2BFBB164E0218072DB8C4C -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2014.01.13 01:07:18 | 000,679,154 | ---- | M] () -- \Filmy\CCleaner 4.09.4471\Crack\Crack.exe
[2014.01.13 01:07:18 | 000,679,154 | ---- | M] () -- \Install\ccsetup409\Crack\Crack.exe
[2014.01.13 01:07:18 | 000,679,154 | ---- | M] () -- \Program Files\CCleaner\Crack.exe
< *keygen* /s >
[2011.10.07 16:12:52 | 047,109,671 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\Diskeeper-2011-enterprise_Patch_Keygen+CZ.rar
[2007.11.21 01:26:54 | 000,177,152 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\Glary_Utilities_PRO_2.10.0.622\Glary Utilities PRO 2.20.0.831\KEYGEN\Glary.Utilities.Pro.v2.3.xx.Keygen-TWK.exe
[2011.10.07 17:12:50 | 047,109,671 | ---- | M] () -- \Install\Diskeeper-2011-enterprise_Patch_Keygen+CZ.rar
[2011.03.25 11:26:38 | 000,106,496 | ---- | M] () -- \Install\Diskeeper-2011-enterprise_Patch_Keygen+CZ\Diskeeper 2011 enterprise_Patch_Keygen+CZ\Keygen.exe
[2007.11.21 02:26:54 | 000,177,152 | ---- | M] () -- \Install\Glary_Utilities_PRO_2.10.0.622\Glary Utilities PRO 2.20.0.831\KEYGEN\Glary.Utilities.Pro.v2.3.xx.Keygen-TWK.exe
[2010.03.31 14:21:38 | 000,104,960 | ---- | M] () -- \Install\WinRAR v3.93 CZ\WinRAR v3.93 CZ\Keyfilemaker-CORE\keygen.exe
< *AntiWPA* /s >
< *loader* /s >
[2013.04.04 16:35:36 | 000,000,000 | ---- | M] () -- \Aplikace\Balicky2013\aktualizace\log\XMLLoader.log
[2013.06.22 09:27:36 | 000,001,849 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\content\images\ajax-loader.gif
[2013.08.31 15:26:25 | 000,002,021 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\axis\CiselnikLoader$1.class
[2013.08.31 15:26:25 | 000,001,435 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\axis\CiselnikLoader$2.class
[2013.08.31 15:26:25 | 000,010,238 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\axis\CiselnikLoader.class
[2013.02.11 15:56:22 | 000,002,803 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\kontroly\KVinkulaceSubjektLoader$1.class
[2013.02.11 15:56:22 | 000,005,203 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\kontroly\KVinkulaceSubjektLoader.class
[2013.08.31 15:26:32 | 000,002,065 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\save\SKlicLoader$1.class
[2013.08.31 15:26:32 | 000,002,341 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\save\SKlicLoader.class
[2013.11.29 13:54:19 | 000,027,231 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\serviceXml\XMLLoaderPSService.class
[2013.02.11 15:56:22 | 000,001,335 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderErrorHandlerIv.class
[2013.02.11 15:56:22 | 000,000,560 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderPSServiceIvBase.class
[2013.11.29 13:54:20 | 000,002,511 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderPSServiceIvKalkulace$1.class
[2013.11.29 13:54:20 | 000,011,165 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderPSServiceIvKalkulace.class
[2013.11.29 13:54:20 | 000,002,466 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderPSServiceIvVznik.class
[2013.09.25 10:37:40 | 000,002,724 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderServiceIvBaseImpl.class
[2013.09.25 10:37:40 | 000,008,955 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderServiceIvKalkulace.class
[2013.11.29 13:54:46 | 000,015,591 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderServiceIvVznik.class
[2013.08.31 15:26:37 | 000,000,947 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\service\XMLLoaderPSServiceIntf.class
[2013.02.11 15:56:22 | 000,001,173 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\service\XMLLoaderServiceIntf.class
[2013.02.11 15:56:22 | 000,002,077 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\service\XMLLoaderServiceManager.class
[2013.02.11 15:56:24 | 000,002,740 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\viewcontroller\action\bal002\XMLLoaderMenuSelectionAction.class
[2013.02.11 15:56:26 | 000,003,033 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\xmlLoader\TransactionXmlLoaderContextImpl.class
[2013.09.25 10:37:41 | 000,005,736 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\xmlLoader\XMLLoaderErrorHandler.class
[2013.02.11 15:56:26 | 000,006,395 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\xmlLoader\XMLLoaderLogger.class
[2013.09.25 10:37:41 | 000,013,408 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\xmlLoader\XMLLoaderServiceImpl.class
[2013.02.11 15:56:26 | 000,004,962 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\it\sauronsoftware\ftp4j\connectors\HTTPBrowserProxyDownloader.class
[2014.02.07 19:09:24 | 000,000,000 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\logs\XMLLoader.log
[2013.02.11 15:55:52 | 000,000,904 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\pages\ls\LSXMLLoader.jsp
[2013.02.11 15:57:00 | 000,009,126 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\work\Standalone\localhost\IPBPBalicky\org\apache\jsp\WEB_002dINF\pages\ls\LSXMLLoader_jsp.class
[2013.02.20 15:28:38 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2013.02.20 15:28:38 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2013.10.09 17:07:12 | 000,006,012 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.10.09 17:07:12 | 000,021,956 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.02.20 15:28:38 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\retina\loader@2x.png
[2011.10.21 02:29:19 | 005,342,064 | ---- | M] () -- \Install\YouTubeDownloaderSetup34.exe
[2009.08.13 12:30:43 | 003,258,368 | ---- | M] () -- \Install\YoutubeDownloaderSetup_1.1.msi
[2008.04.14 15:00:00 | 000,017,419 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\DMLOADER.DL_
[2008.04.14 15:00:00 | 000,114,925 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\OSLOADER.EX_
[2008.04.14 15:00:00 | 000,132,513 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\OSLOADER.NT_
[2011.11.28 19:09:31 | 041,292,389 | ---- | M] () -- \Install\TrTUploader3002\TrTUploader_setup3.0.0.2.exe
[2006.11.09 21:31:32 | 000,163,840 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2013.05.16 12:27:36 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\licenses\loaderbinarylegal.txt
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2006.12.23 16:37:56 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2008.04.14 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
[2012.01.24 23:34:04 | 000,288,256 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\TractorrActivator.exe
[2012.01.25 00:34:03 | 000,288,256 | ---- | M] () -- \Install\TractorrActivator.exe
< *serial* /s >
[2013.08.31 15:26:26 | 000,003,509 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\controlmodule\utils\SerialUtils.class
[2013.02.11 15:55:52 | 000,278,281 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\lib\xalan-serializer-2.7.1.jar
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2010.11.18 15:08:04 | 000,000,346 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\ConvertXtoDVD v4.1.7.343 + portable\serial.txt
[2010.11.18 15:08:04 | 000,000,346 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\ConvertXtoDVD v4.1.7.343 + portable\ConvertXtoDVD v4.1.7.343 + portable\serial.txt
[2009.01.13 09:24:12 | 000,000,198 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\Glary_Utilities_PRO_2.10.0.622\Glary Utilities PRO 2.20.0.831\SERIAL.txt
[2011.03.24 17:42:04 | 000,001,386 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\VSO.ConvertXToDVD.4.1.16.360.Final.Repacked\VSO.ConvertXToDVD.4.1.16.360.Final.Repacked\Serials.txt
[2011.12.29 18:02:41 | 000,000,059 | ---- | M] () -- \Filmy\Movienizer 4.5.248 Cz\Serial.txt
[2010.11.18 16:08:02 | 000,000,346 | ---- | M] () -- \Install\ConvertXtoDVD v4.1.7.343 + portable\serial.txt
[2010.11.18 16:08:02 | 000,000,346 | ---- | M] () -- \Install\ConvertXtoDVD v4.1.7.343 + portable\ConvertXtoDVD v4.1.7.343 + portable\serial.txt
[2009.01.13 10:24:11 | 000,000,198 | ---- | M] () -- \Install\Glary_Utilities_PRO_2.10.0.622\Glary Utilities PRO 2.20.0.831\SERIAL.txt
[2008.04.14 15:00:00 | 000,024,869 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\DPSERIAL.DL_
[2008.04.14 15:00:00 | 000,030,075 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\SERIAL.SY_
[2008.04.14 15:00:00 | 000,006,409 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\SERIALUI.DL_
[2013.09.13 00:53:56 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013.10.11 01:37:24 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2013.05.16 12:25:40 | 000,049,217 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\plugins\com.serialio_2.13.6.201305161305.jar
[2013.05.16 12:25:50 | 000,005,999 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\plugins\com.sonymobile.cs.serialcommunication_2.13.6.201305161305.jar
[2012.05.22 12:53:47 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 00:28:24 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.05.22 12:53:54 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013.01.10 08:51:19 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.08.17 08:57:29 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.17 08:55:31 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2013.10.11 01:38:38 | 002,659,328 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
[2013.08.17 08:58:56 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\ad3522eafb95969623aeef7c389246bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.07.11 20:00:29 | 000,009,216 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\cda839ea462e123d42cb6d0883cf0f4d\System.Xml.Serialization.ni.dll
[2011.09.10 13:52:32 | 000,966,656 | ---- | M] () -- \WINDOWS\assembly\tmp\KT19HPX5\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 001,026,936 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\System.Runtime.Serialization.dll.x86
[2011.12.26 17:16:58 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.10.11 01:42:06 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011.12.26 17:16:57 | 000,099,208 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013.10.11 01:42:04 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.10.11 01:42:11 | 000,011,120 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 16:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 05:06:54 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 15:48:20 | 000,011,120 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2010.06.15 02:33:16 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.06.15 02:33:16 | 000,099,208 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2008.04.14 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2008.04.14 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 13:00:00 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
[2005.09.16 13:09:02 | 000,846,792 | ---- | M] () -- \WINDOWS\system32\drivers\smserial.sys
< *w7lxe* /s >
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Radim\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,50 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 70,39% Memory free
4,34 Gb Paging File | 3,76 Gb Available in Paging File | 86,62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 22,30 Gb Free Space | 19,95% Space Free | Partition Type: NTFS
Computer Name: 84B938A95D0145B | User Name: Radim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.02.08 20:58:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radim\Plocha\OTL.exe
PRC - [2014.01.28 07:54:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.10.23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.03.03 14:49:14 | 002,148,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
========== Modules (No Company Name) ==========
MOD - [2014.02.06 00:48:08 | 011,896,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\2d837a3e24db0f672c71f3ecda4ca5f3\System.Web.ni.dll
MOD - [2014.02.06 00:28:26 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2014.02.06 00:28:25 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014.01.28 07:54:18 | 003,583,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.10.11 12:44:19 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013.10.11 11:50:26 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013.08.17 07:48:46 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013.08.17 07:45:27 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013.08.17 07:43:45 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013.07.11 19:23:10 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012.05.22 12:53:48 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2012.05.22 12:53:46 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014.02.05 00:00:35 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.01.28 07:54:10 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.03.22 15:58:12 | 000,323,584 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.03.03 14:49:14 | 002,148,176 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslefaba5f7.sys -- (MpKslefaba5f7)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKslb7b84e2a.sys -- (MpKslb7b84e2a)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{08E9A34C-0E96-4C8E-A50B-93CBD5B3F6C6}\MpKsl247733c8.sys -- (MpKsl247733c8)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Radim\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014.01.22 02:09:34 | 000,013,504 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.30 16:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.02.14 02:04:48 | 000,038,608 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.04.14 13:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2006.05.23 21:06:00 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.09.30 10:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.09.16 13:09:02 | 000,846,792 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004.03.28 23:04:18 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.BAK -- (Aspi32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..\SearchScopes\{D17E06F4-8FF1-4155-A33F-259C56A80459}: "URL" = http://www.google.cz/search?q={searchTe ... AZ_csCZ451
IE - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:7.5
FF - prefs.js..extensions.enabledAddons: WebSiteRecommendation%40weliketheweb.com:1.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.09.13 09:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Extensions
[2014.02.05 20:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions
[2013.08.27 08:10:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.12.24 08:05:54 | 000,000,000 | ---D | M] ("WebSite Recommendation") -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\WebSiteRecommendation@weliketheweb.com
[2013.10.16 16:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profilesx1wiz4ly.default\extensions
[2013.10.16 16:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profilesx1wiz4ly.default\extensions\staged
[2013.04.20 15:25:05 | 000,301,821 | ---- | M] () (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\compatibility@addons.mozilla.org.xpi
[2013.12.22 07:58:14 | 000,152,142 | ---- | M] () (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2014.01.16 21:15:07 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\x1wiz4ly.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.12.20 18:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.12.20 18:05:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.02.07 18:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.12.20 18:05:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.02.07 18:29:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RADIM\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\X1WIZ4LY.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RADIM\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\X1WIZ4LY.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RADIM\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\X1WIZ4LY.DEFAULT\EXTENSIONS\WEBSITERECOMMENDATION@WELIKETHEWEB.COM
[2011.09.10 17:14:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Radim\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Radim\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Radim\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Radim\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Verbatim Translatio = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bobgnmijljonenlachekpkgikohcghon\1.1.0_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Radim\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014.02.08 20:28:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1708537768-1364589140-1177238915-1004\..Trusted Domains: csobpoj.cz ([fe] https in Důvěryhodné servery)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 4879006000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 172.22.52.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE2F3637-21B5-4D4B-86B2-C5860E62187B}: DhcpNameServer = 8.8.8.8 172.22.52.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.02.08 20:58:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Radim\Plocha\OTL.exe
[2014.02.08 20:26:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014.02.08 17:39:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014.02.08 17:37:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014.02.08 17:37:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014.02.08 17:37:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014.02.08 17:37:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014.02.08 17:37:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.02.08 17:36:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014.02.08 17:33:47 | 005,180,173 | R--- | C] (Swearware) -- C:\Documents and Settings\Radim\Plocha\ComboFix.exe
[2014.02.08 14:20:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.07 18:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Plocha\RK_Quarantine
[2014.02.07 18:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.02.07 18:08:16 | 000,000,000 | ---D | C] -- C:\rsit
[2014.02.07 17:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Plocha\RogueKiller
[2014.02.06 10:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2014.02.06 00:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2014.02.05 23:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Nabídka Start\Programy\The KMPlayer
[2014.02.05 23:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2014.02.05 22:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Data aplikací\Nico Mak Computing
[2014.02.05 14:31:32 | 000,013,504 | ---- | C] (Glarysoft Ltd) -- C:\WINDOWS\System32\drivers\BootDefragDriver.sys
[2014.02.01 05:40:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Radim\Recent
[2014.01.27 18:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Data aplikací\DominiGames
[2014.01.27 18:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Kostěj Nesmrtelný
[2014.01.27 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kostej Nesmrtelny
[2014.01.20 07:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\McAfee
[2014.01.16 13:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Plocha\Dopis info změny NOZ
[2014.01.16 00:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData
[2014.01.16 00:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Glary Utilities 4
[2014.01.16 00:24:17 | 000,101,664 | ---- | C] (Glarysoft Ltd) -- C:\WINDOWS\System32\BootDefrag.exe
[2014.01.16 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities 4
[2014.01.14 21:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radim\Plocha\VSO ConvertXtoDVD 5.1.0.2 Portable
[2012.11.28 22:35:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Radim\Data aplikací\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2014.02.08 21:04:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.02.08 21:00:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.02.08 20:58:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radim\Plocha\OTL.exe
[2014.02.08 20:45:08 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.08 20:29:47 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize 4.job
[2014.02.08 20:28:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014.02.08 20:28:47 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
[2014.02.08 20:28:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.02.08 17:39:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014.02.08 17:35:12 | 005,180,173 | R--- | M] (Swearware) -- C:\Documents and Settings\Radim\Plocha\ComboFix.exe
[2014.02.08 14:14:01 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\adwcleaner.exe
[2014.02.08 13:28:04 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\Windows Media Player.lnk
[2014.02.08 13:23:45 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\Microsoft Office Outlook 2007.lnk
[2014.02.07 19:46:43 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2014.02.07 18:29:56 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2014.02.07 18:06:22 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\RSIT.exe
[2014.02.07 16:03:01 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\mbam.context.scan
[2014.02.07 14:40:31 | 003,809,792 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\RogueKiller.exe
[2014.02.06 06:55:14 | 000,000,189 | ---- | M] () -- C:\.dir
[2014.02.06 00:37:59 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\KMPlayer.lnk
[2014.02.06 00:28:40 | 000,497,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.02.06 00:28:40 | 000,492,492 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.02.06 00:28:40 | 000,099,882 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.02.06 00:28:40 | 000,085,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.02.06 00:20:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.02.05 22:47:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014.02.05 14:31:33 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Glary Utilities 4.lnk
[2014.02.05 14:30:32 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2014.02.05 00:00:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014.02.05 00:00:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.02.03 09:25:06 | 000,520,657 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\KIS_zadanky_manuál.pdf
[2014.02.02 10:22:39 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2014.02.01 14:24:15 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Radim\Plocha\Microsoft Office Word 2007.lnk
[2014.01.29 20:42:58 | 000,000,145 | ---- | M] () -- C:\Zástupce - Jednotka CD-ROM.lnk
[2014.01.27 18:14:08 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Kostěj Nesmrtelný.lnk
[2014.01.22 02:16:52 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- C:\WINDOWS\System32\BootDefrag.exe
[2014.01.22 02:09:34 | 000,013,504 | ---- | M] (Glarysoft Ltd) -- C:\WINDOWS\System32\drivers\BootDefragDriver.sys
[2014.01.19 08:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014.01.14 21:14:54 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Zástupce - Jednotka CD-ROM.lnk
[2014.01.14 03:18:30 | 000,001,185 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\vso_ts_preview.xml
========== Files Created - No Company Name ==========
[2014.02.08 21:04:25 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.02.08 17:39:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014.02.08 17:39:33 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2014.02.08 17:37:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014.02.08 17:37:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014.02.08 17:37:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014.02.08 17:37:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014.02.08 17:37:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014.02.08 14:14:01 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\adwcleaner.exe
[2014.02.07 18:06:22 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\RSIT.exe
[2014.02.07 17:38:45 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
[2014.02.07 17:38:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2014.02.07 14:54:10 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\mbam.context.scan
[2014.02.06 12:13:48 | 003,809,792 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\RogueKiller.exe
[2014.02.06 00:37:59 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\KMPlayer.lnk
[2014.02.05 16:05:11 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\Windows Media Player.lnk
[2014.02.03 09:25:08 | 000,520,657 | ---- | C] () -- C:\Documents and Settings\Radim\Plocha\KIS_zadanky_manuál.pdf
[2014.01.29 20:42:58 | 000,000,145 | ---- | C] () -- C:\Zástupce - Jednotka CD-ROM.lnk
[2014.01.27 18:14:08 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Kostěj Nesmrtelný.lnk
[2014.01.16 00:24:18 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Glary Utilities 4.lnk
[2014.01.16 00:24:18 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Glary Utilities 4.lnk
[2014.01.16 00:24:18 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize 4.job
[2014.01.14 21:14:54 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\Zástupce - Jednotka CD-ROM.lnk
[2014.01.09 14:16:45 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Radim\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.11.26 00:19:37 | 000,301,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.10.07 17:27:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013.05.29 22:49:14 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Radim\.dir
[2013.05.26 15:04:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.04.12 01:45:19 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\ASSDraw3.cfg
[2012.11.28 22:35:39 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\inst.exe
[2012.11.28 22:35:39 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\pcouffin.cat
[2012.11.28 22:35:39 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\pcouffin.inf
[2012.06.27 11:11:13 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Radim\Local Settings\Data aplikací\Model6.env
[2012.02.16 10:41:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.09 13:41:48 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Radim\Local Settings\Data aplikací\DelUnist.bat
[2011.09.15 16:49:08 | 000,001,185 | ---- | C] () -- C:\Documents and Settings\Radim\Data aplikací\vso_ts_preview.xml
[2011.09.10 18:29:54 | 007,434,240 | ---- | C] () -- C:\Documents and Settings\Radim\s-1-5-21-299502267-362288127-1177238915-1004.rrr
[2011.09.10 18:29:53 | 000,005,341 | ---- | C] () -- C:\Documents and Settings\Radim\intlname.ols
[2011.09.10 18:29:53 | 000,001,361 | ---- | C] () -- C:\Documents and Settings\Radim\cleaner-config.xml
[2011.09.10 18:29:53 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Radim\CommandDispatchers.xml
[2011.09.10 18:29:53 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Radim\default.pls
========== ZeroAccess Check ==========
[2011.09.10 13:17:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.06.21 19:18:03 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014.02.06 10:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2014.01.05 10:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Diskeeper Corporation
[2013.10.23 22:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Fenomen Games
[2011.12.31 14:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Readon
[2011.12.09 11:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SolidDocuments
[2012.08.07 14:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2013.03.14 15:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SQL Anywhere 11
[2014.01.30 10:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\VSO
[2012.01.18 18:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2013.09.16 16:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Absolutist
[2013.05.07 14:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Aegisub
[2013.05.27 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Artogon
[2011.09.19 02:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Azureus
[2014.01.27 18:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\DominiGames
[2013.06.02 14:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ERS G-Studio
[2013.09.16 08:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ERS Game Studios
[2011.09.10 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\GHISLER
[2014.01.16 00:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\GlarySoft
[2013.10.04 18:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Gygan
[2011.09.10 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ICQ
[2011.09.10 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\IObit
[2013.06.02 08:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Jetdogs Studios
[2013.06.27 10:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Meridian93
[2013.05.29 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\mkvtoolnix
[2014.02.05 22:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Nico Mak Computing
[2011.09.10 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Opera
[2013.05.12 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Rainbow
[2011.12.09 12:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\SolidDocuments
[2013.11.11 18:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Specialbit
[2013.11.15 16:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\spidla
[2013.04.28 12:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\SQL Anywhere 11
[2012.09.06 22:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\TrTUploader
[2013.05.02 16:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Ulozto File Manager
[2014.02.08 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\uTorrent
[2014.01.15 19:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Vso
[2011.12.09 12:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\YCanPDF
[2013.11.15 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Špidla Data Processing, s.r.o
========== Purity Check ==========
========== Custom Scans ==========
< >
[2011.09.10 12:59:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011.09.10 13:04:30 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.07.10 16:07:41 | 000,032,386 | ---- | C] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2013.10.10 07:35:43 | 000,000,936 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce78fd2397c5f2.job
[2013.10.10 07:35:44 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.11.16 12:51:02 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2014.01.16 00:24:18 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Tasks\GlaryInitialize 4.job
< >
< MD5 for: AGP440.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:AGP440.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 15:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\AUTOCHK.EXE
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:Changer.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: IASTOR.SYS >
[2011.07.18 11:29:16 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\WINDOWS\NLDRV\001\iastor.sys
[2011.07.18 11:29:16 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: ISAPNP.SYS >
[2011.01.12 21:46:00 | 017,780,914 | ---- | M] () .cab file -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\sp3.cab:isapnp.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 13:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\erdnt\cache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 15:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=3C3393C92A73A3006C7B706DAC54A812 -- C:\Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\SYSTEM32\SMSS.EXE
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2013.02.07 13:54:08 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=CBEEBEB899E31EF52B962CB31FC8CA5C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\erdnt\cache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013.09.16 16:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Absolutist
[2011.09.10 17:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Adobe
[2013.05.07 14:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Aegisub
[2011.09.12 01:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Ahead
[2013.05.27 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Artogon
[2011.09.10 16:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ATI
[2011.09.19 02:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Azureus
[2014.01.27 18:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\DominiGames
[2013.10.07 21:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\dvdcss
[2013.06.02 14:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ERS G-Studio
[2013.09.16 08:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ERS Game Studios
[2011.09.10 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\GHISLER
[2014.01.16 00:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\GlarySoft
[2012.06.07 00:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Google
[2013.10.04 18:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Gygan
[2011.09.10 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\ICQ
[2011.09.10 13:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Identities
[2011.09.10 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\IObit
[2013.06.02 08:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Jetdogs Studios
[2013.10.11 12:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Macromedia
[2011.10.05 01:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Malwarebytes
[2012.06.24 19:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Media Player Classic
[2013.06.27 10:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Meridian93
[2013.10.10 01:22:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Radim\Data aplikací\Microsoft
[2013.05.29 21:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\mkvtoolnix
[2011.09.13 09:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Mozilla
[2014.02.05 22:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Nico Mak Computing
[2011.09.10 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Opera
[2013.05.12 15:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Rainbow
[2014.02.02 22:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Skype
[2011.12.09 12:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\SolidDocuments
[2013.11.11 18:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Specialbit
[2013.11.15 16:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\spidla
[2013.04.28 12:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\SQL Anywhere 11
[2011.09.10 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Sun
[2012.09.06 22:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\TrTUploader
[2013.05.02 16:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Ulozto File Manager
[2014.02.08 18:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\uTorrent
[2014.01.15 19:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Vso
[2011.09.12 01:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\WinRAR
[2011.12.09 12:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\YCanPDF
[2013.11.15 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radim\Data aplikací\Špidla Data Processing, s.r.o
< %APPDATA%\*.exe /s >
[2012.11.28 22:42:09 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\inst.exe
[2013.11.15 16:30:55 | 003,134,976 | -H-- | M] () -- C:\Documents and Settings\Radim\Data aplikací\spidla\wrapper_trial\Mezi nebem a zemí\game.exe
[2013.11.06 09:43:58 | 007,801,054 | ---- | M] (Spidla) -- C:\Documents and Settings\Radim\Data aplikací\spidla\wrapper_trial\Mezi nebem a zemí\Mezi nebem a zemi.exe
[2013.11.15 16:24:26 | 000,706,224 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\spidla\wrapper_trial\Mezi nebem a zemí\unins000.exe
[2005.10.17 10:12:46 | 000,258,048 | ---- | M] () -- C:\Documents and Settings\Radim\Data aplikací\uTorrent\wget.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011.09.10 14:34:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.09.10 14:34:52 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.09.10 14:34:52 | 000,487,424 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.02.06 00:28:40 | 000,099,882 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2014.02.06 00:28:40 | 000,085,692 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2014.02.06 00:28:40 | 000,492,492 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2014.02.06 00:28:40 | 000,497,208 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2014.02.06 00:28:40 | 001,150,610 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2014.02.06 00:20:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.02.08 21:04:25 | 000,000,512 | ---- | M] () MD5=CBDD76DD6C2BFBB164E0218072DB8C4C -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2014.01.13 01:07:18 | 000,679,154 | ---- | M] () -- \Filmy\CCleaner 4.09.4471\Crack\Crack.exe
[2014.01.13 01:07:18 | 000,679,154 | ---- | M] () -- \Install\ccsetup409\Crack\Crack.exe
[2014.01.13 01:07:18 | 000,679,154 | ---- | M] () -- \Program Files\CCleaner\Crack.exe
< *keygen* /s >
[2011.10.07 16:12:52 | 047,109,671 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\Diskeeper-2011-enterprise_Patch_Keygen+CZ.rar
[2007.11.21 01:26:54 | 000,177,152 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\Glary_Utilities_PRO_2.10.0.622\Glary Utilities PRO 2.20.0.831\KEYGEN\Glary.Utilities.Pro.v2.3.xx.Keygen-TWK.exe
[2011.10.07 17:12:50 | 047,109,671 | ---- | M] () -- \Install\Diskeeper-2011-enterprise_Patch_Keygen+CZ.rar
[2011.03.25 11:26:38 | 000,106,496 | ---- | M] () -- \Install\Diskeeper-2011-enterprise_Patch_Keygen+CZ\Diskeeper 2011 enterprise_Patch_Keygen+CZ\Keygen.exe
[2007.11.21 02:26:54 | 000,177,152 | ---- | M] () -- \Install\Glary_Utilities_PRO_2.10.0.622\Glary Utilities PRO 2.20.0.831\KEYGEN\Glary.Utilities.Pro.v2.3.xx.Keygen-TWK.exe
[2010.03.31 14:21:38 | 000,104,960 | ---- | M] () -- \Install\WinRAR v3.93 CZ\WinRAR v3.93 CZ\Keyfilemaker-CORE\keygen.exe
< *AntiWPA* /s >
< *loader* /s >
[2013.04.04 16:35:36 | 000,000,000 | ---- | M] () -- \Aplikace\Balicky2013\aktualizace\log\XMLLoader.log
[2013.06.22 09:27:36 | 000,001,849 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\content\images\ajax-loader.gif
[2013.08.31 15:26:25 | 000,002,021 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\axis\CiselnikLoader$1.class
[2013.08.31 15:26:25 | 000,001,435 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\axis\CiselnikLoader$2.class
[2013.08.31 15:26:25 | 000,010,238 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\axis\CiselnikLoader.class
[2013.02.11 15:56:22 | 000,002,803 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\kontroly\KVinkulaceSubjektLoader$1.class
[2013.02.11 15:56:22 | 000,005,203 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\kontroly\KVinkulaceSubjektLoader.class
[2013.08.31 15:26:32 | 000,002,065 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\save\SKlicLoader$1.class
[2013.08.31 15:26:32 | 000,002,341 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\save\SKlicLoader.class
[2013.11.29 13:54:19 | 000,027,231 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\model\pojistnaSmlouva\serviceXml\XMLLoaderPSService.class
[2013.02.11 15:56:22 | 000,001,335 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderErrorHandlerIv.class
[2013.02.11 15:56:22 | 000,000,560 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderPSServiceIvBase.class
[2013.11.29 13:54:20 | 000,002,511 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderPSServiceIvKalkulace$1.class
[2013.11.29 13:54:20 | 000,011,165 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderPSServiceIvKalkulace.class
[2013.11.29 13:54:20 | 000,002,466 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderPSServiceIvVznik.class
[2013.09.25 10:37:40 | 000,002,724 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderServiceIvBaseImpl.class
[2013.09.25 10:37:40 | 000,008,955 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderServiceIvKalkulace.class
[2013.11.29 13:54:46 | 000,015,591 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\rozhraniIV\xmlLoader\XMLLoaderServiceIvVznik.class
[2013.08.31 15:26:37 | 000,000,947 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\service\XMLLoaderPSServiceIntf.class
[2013.02.11 15:56:22 | 000,001,173 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\service\XMLLoaderServiceIntf.class
[2013.02.11 15:56:22 | 000,002,077 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\service\XMLLoaderServiceManager.class
[2013.02.11 15:56:24 | 000,002,740 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\viewcontroller\action\bal002\XMLLoaderMenuSelectionAction.class
[2013.02.11 15:56:26 | 000,003,033 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\xmlLoader\TransactionXmlLoaderContextImpl.class
[2013.09.25 10:37:41 | 000,005,736 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\xmlLoader\XMLLoaderErrorHandler.class
[2013.02.11 15:56:26 | 000,006,395 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\xmlLoader\XMLLoaderLogger.class
[2013.09.25 10:37:41 | 000,013,408 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\xmlLoader\XMLLoaderServiceImpl.class
[2013.02.11 15:56:26 | 000,004,962 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\it\sauronsoftware\ftp4j\connectors\HTTPBrowserProxyDownloader.class
[2014.02.07 19:09:24 | 000,000,000 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\logs\XMLLoader.log
[2013.02.11 15:55:52 | 000,000,904 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\pages\ls\LSXMLLoader.jsp
[2013.02.11 15:57:00 | 000,009,126 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\work\Standalone\localhost\IPBPBalicky\org\apache\jsp\WEB_002dINF\pages\ls\LSXMLLoader_jsp.class
[2013.02.20 15:28:38 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2013.02.20 15:28:38 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2013.10.09 17:07:12 | 000,006,012 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.10.09 17:07:12 | 000,021,956 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.02.20 15:28:38 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\retina\loader@2x.png
[2011.10.21 02:29:19 | 005,342,064 | ---- | M] () -- \Install\YouTubeDownloaderSetup34.exe
[2009.08.13 12:30:43 | 003,258,368 | ---- | M] () -- \Install\YoutubeDownloaderSetup_1.1.msi
[2008.04.14 15:00:00 | 000,017,419 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\DMLOADER.DL_
[2008.04.14 15:00:00 | 000,114,925 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\OSLOADER.EX_
[2008.04.14 15:00:00 | 000,132,513 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\OSLOADER.NT_
[2011.11.28 19:09:31 | 041,292,389 | ---- | M] () -- \Install\TrTUploader3002\TrTUploader_setup3.0.0.2.exe
[2006.11.09 21:31:32 | 000,163,840 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2013.05.16 12:27:36 | 000,001,702 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\licenses\loaderbinarylegal.txt
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2006.12.23 16:37:56 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2008.04.14 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
[2012.01.24 23:34:04 | 000,288,256 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\TractorrActivator.exe
[2012.01.25 00:34:03 | 000,288,256 | ---- | M] () -- \Install\TractorrActivator.exe
< *serial* /s >
[2013.08.31 15:26:26 | 000,003,509 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\classes\cz\csobp\balicky\controlmodule\utils\SerialUtils.class
[2013.02.11 15:55:52 | 000,278,281 | ---- | M] () -- \Aplikace\Balicky2013\tomcat\webapps\IPBPBalicky\WEB-INF\lib\xalan-serializer-2.7.1.jar
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2010.11.18 15:08:04 | 000,000,346 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\ConvertXtoDVD v4.1.7.343 + portable\serial.txt
[2010.11.18 15:08:04 | 000,000,346 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\ConvertXtoDVD v4.1.7.343 + portable\ConvertXtoDVD v4.1.7.343 + portable\serial.txt
[2009.01.13 09:24:12 | 000,000,198 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\Glary_Utilities_PRO_2.10.0.622\Glary Utilities PRO 2.20.0.831\SERIAL.txt
[2011.03.24 17:42:04 | 000,001,386 | ---- | M] () -- \Documents and Settings\Radim\Plocha\Moje\Instal\VSO.ConvertXToDVD.4.1.16.360.Final.Repacked\VSO.ConvertXToDVD.4.1.16.360.Final.Repacked\Serials.txt
[2011.12.29 18:02:41 | 000,000,059 | ---- | M] () -- \Filmy\Movienizer 4.5.248 Cz\Serial.txt
[2010.11.18 16:08:02 | 000,000,346 | ---- | M] () -- \Install\ConvertXtoDVD v4.1.7.343 + portable\serial.txt
[2010.11.18 16:08:02 | 000,000,346 | ---- | M] () -- \Install\ConvertXtoDVD v4.1.7.343 + portable\ConvertXtoDVD v4.1.7.343 + portable\serial.txt
[2009.01.13 10:24:11 | 000,000,198 | ---- | M] () -- \Install\Glary_Utilities_PRO_2.10.0.622\Glary Utilities PRO 2.20.0.831\SERIAL.txt
[2008.04.14 15:00:00 | 000,024,869 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\DPSERIAL.DL_
[2008.04.14 15:00:00 | 000,030,075 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\SERIAL.SY_
[2008.04.14 15:00:00 | 000,006,409 | ---- | M] () -- \Install\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.jonasdemonoidme\Microsoft.Windows.XP.Professional.SP3.Integrated.January.2011.SATA.By.jonasdemonoidme\I386\SERIALUI.DL_
[2013.09.13 00:53:56 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013.10.11 01:37:24 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2013.05.16 12:25:40 | 000,049,217 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\plugins\com.serialio_2.13.6.201305161305.jar
[2013.05.16 12:25:50 | 000,005,999 | ---- | M] () -- \Program Files\Sony Ericsson\Update Engine\plugins\com.sonymobile.cs.serialcommunication_2.13.6.201305161305.jar
[2012.05.22 12:53:47 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 00:28:24 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.05.22 12:53:54 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013.01.10 08:51:19 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.08.17 08:57:29 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.17 08:55:31 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2013.10.11 01:38:38 | 002,659,328 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
[2013.08.17 08:58:56 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\ad3522eafb95969623aeef7c389246bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.07.11 20:00:29 | 000,009,216 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\cda839ea462e123d42cb6d0883cf0f4d\System.Xml.Serialization.ni.dll
[2011.09.10 13:52:32 | 000,966,656 | ---- | M] () -- \WINDOWS\assembly\tmp\KT19HPX5\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 001,026,936 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\System.Runtime.Serialization.dll.x86
[2011.12.26 17:16:58 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.10.11 01:42:06 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2011.12.26 17:16:57 | 000,099,208 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013.10.11 01:42:04 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.10.11 01:42:11 | 000,011,120 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 16:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 05:06:54 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 15:48:20 | 000,011,120 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2010.06.15 02:33:16 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.06.15 02:33:16 | 000,099,208 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2008.04.14 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2008.04.14 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 13:00:00 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
[2005.09.16 13:09:02 | 000,846,792 | ---- | M] () -- \WINDOWS\system32\drivers\smserial.sys
< *w7lxe* /s >
< End of report >
Přispějete na provoz fóra?
