prosím o kontrolu logu

Zpráva

karelhus · #1 Příspěvek od **karelhus** » 29 bře 2014 09:52

Dobrý den.Používám počítač po synovi několik let.Jsem laik co se týče IT.Kamarád mě zjistil že mám několik let nefukční Avast a tak mě ho odinstaloval a nainstaloval free verzi.Mám comp neskutečně pomalý.Mbam našel snad 30 trojanů a avast také.Na radu kamaráde se na vás obracím s prosbou na kontrolu logu s rsit.Děkuji za pomoc.
Logfile of random's system information tool 1.09 (written by random/random)
Run by XP at 2014-03-27 13:51:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (12%) free of 76 GB
Total RAM: 479 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:53:09, on 27.3.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\System32\SCardSvr.exe
C:\windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\system32\RunDll32.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\windows\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\XP\Dokumenty\Stažené soubory\RSIT.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\XP.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKLM\..\Run: [MSStp] C:\windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mnctgarSrv] C:\windows\system32\mnctgar.vbe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: BSC Applet Security - https://ibs.internetbanka.cz/ibs31/bin/ ... .99.99.cab
O16 - DPF: BSC Applet Utilities - https://ibs.internetbanka.cz/ibs31/bin/ ... .99.99.cab
O16 - DPF: BSC Business Objects - https://ibs.internetbanka.cz/ibs31/bin/ ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ibs.internetbanka.cz/ibs31/bin/ ... .99.99.cab
O16 - DPF: BSC Text Utilities - https://ibs.internetbanka.cz/ibs31/bin/ ... .99.99.cab
O16 - DPF: BSC Utilities - https://ibs.internetbanka.cz/ibs31/bin/ ... .99.99.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Security - https://ra.internetbanka.cz/ra31/bin/IB ... .2.0.1.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Utilities - https://ra.internetbanka.cz/ra31/bin/IB ... .0.1.0.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Security - https://ibs.internetbanka.cz/ibs31/bin/ ... .2.4.1.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities - https://ibs.internetbanka.cz/ibs31/bin/ ... .0.1.0.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ibs.internetbanka.cz/ibs31/bin/ ... .99.99.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://bb24.csob.cz/Comp/signer.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {5F509E42-537E-482B-B66C-145BC170054C} (FotoStarUploader Control) - http://www.album.cz/moje-alba/fs/FotoSt ... loader.dll
O16 - DPF: {AAF5E778-A1B8-4331-A9A6-AC4E4E85783D} (FotoStarUploader Control) - http://sberna.fotostar.cz/snadno-vlozit ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 8462 bytes

======Scheduled tasks folder======

C:\windows\tasks\avast! Emergency Update.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\windows\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\XP\Data aplikací\Mozilla\Firefox\Profiles\k50whwxl.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-03-27 597816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-10-08 859592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2003-10-30 249856]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Cobian Backup 8"=C:\Program Files\Cobian Backup 8\Cobian.exe [2006-11-16 499712]
"MSStp"=C:\windows\inf\msstp.vbe [2014-03-05 1584]
"mnctgarSrv"=C:\windows\system32\mnctgar.vbe [2014-03-05 7670]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-03-27 3854640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows]
C:\Users\Public\Public\run.vbs [2014-02-07 75]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2002-09-19 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
C:\PROGRA~1\MICROS~2\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ALWIL Software\AVAST32\avserver.exe"="C:\Program Files\ALWIL Software\AVAST32\avserver.exe:*:Enabled:Avast32 Server"
"C:\Program Files\ALWIL Software\AVAST32\avmaisrv.exe"="C:\Program Files\ALWIL Software\AVAST32\avmaisrv.exe:*:Enabled:Avast32 e-Mail Scanner Service"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\MHCZWNI7\incredimail_install[1].exe"="C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\MHCZWNI7\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\ChateauXP\ChateauXPServer.exe"="C:\Program Files\ChateauXP\ChateauXPServer.exe:*:Enabled:ChateauXPServer"
"C:\Program Files\ChateauXP\ChateauXP.exe"="C:\Program Files\ChateauXP\ChateauXP.exe:*:Enabled:Win32 Application"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\setup\HPPNIPRINT01.EXE"="D:\setup\HPPNIPRINT01.EXE:*:Enabled:hppniprint01.exe"
"D:\setup\HPPNIPRINT64.EXE"="D:\setup\HPPNIPRINT64.EXE:*:Enabled:hppniprint64.exe"
"D:\setup\HPPNICIFS01.EXE"="D:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe"
"D:\setup\CustomPrnDnld\HPPCSTPG.EXE"="D:\setup\CustomPrnDnld\HPPCSTPG.EXE:*:Enabled:hppcstpg.exe"
"D:\setup\HPBTPG.EXE"="D:\setup\HPBTPG.EXE:*:Enabled:hpbtpg.exe"
"D:\setup\LaunchApp.exe"="D:\setup\LaunchApp.exe:*:Enabled:launchapp.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-03-27 13:51:48 ----D---- C:\Program Files\trend micro
2014-03-27 13:51:14 ----D---- C:\rsit
2014-03-27 13:32:01 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2014-03-27 12:23:34 ----D---- C:\Documents and Settings\XP\Data aplikací\Malwarebytes
2014-03-27 08:51:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-03-27 07:47:25 ----D---- C:\Documents and Settings\XP\Data aplikací\AVAST Software
2014-03-27 07:47:12 ----A---- C:\windows\system32\drivers\mbam.sys
2014-03-27 07:46:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-03-27 07:45:26 ----A---- C:\windows\system32\drivers\aswTdi.sys
2014-03-27 07:45:25 ----A---- C:\windows\system32\drivers\aswVmm.sys
2014-03-27 07:45:24 ----A---- C:\windows\system32\drivers\aswSP.sys
2014-03-27 07:45:24 ----A---- C:\windows\system32\drivers\aswSnx.sys
2014-03-27 07:45:23 ----A---- C:\windows\system32\drivers\aswRvrt.sys
2014-03-27 07:45:22 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2014-03-27 07:45:20 ----A---- C:\windows\system32\drivers\aswRdr.sys
2014-03-27 07:45:13 ----A---- C:\windows\system32\aswBoot.exe
2014-03-27 07:45:07 ----A---- C:\windows\avastSS.scr
2014-03-27 07:42:50 ----D---- C:\Program Files\AVAST Software
2014-03-27 07:28:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-03-27 07:25:49 ----D---- C:\Documents and Settings\XP\Data aplikací\Mozilla
2014-03-27 07:25:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2014-03-27 07:25:37 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-03-27 07:25:29 ----D---- C:\Program Files\Mozilla Firefox
2014-03-27 06:59:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\VS Revo Group
2014-03-27 06:59:12 ----A---- C:\windows\system32\drivers\revoflt.sys
2014-03-27 06:59:08 ----D---- C:\Program Files\VS Revo Group
2014-03-27 06:58:19 ----D---- C:\Documents and Settings\XP\Data aplikací\WinRAR
2014-03-27 06:57:02 ----D---- C:\Program Files\WinRAR
2014-03-27 06:54:22 ----AS---- C:\windows\system32\lcpmnctgar.exe
2014-03-27 06:54:22 ----AS---- C:\windows\system32\dcgmnctgar.exe
2014-03-27 06:54:21 ----AS---- C:\windows\system32\acumnctgar.exe
2014-03-27 06:54:20 ----D---- C:\windows\system32\bitstreams
2014-03-27 06:54:20 ----AS---- C:\windows\system32\zlib1.dll
2014-03-27 06:54:20 ----AS---- C:\windows\system32\ssleay32.dll
2014-03-27 06:54:20 ----AS---- C:\windows\system32\pthreadVC2.dll
2014-03-27 06:54:20 ----AS---- C:\windows\system32\pthreadGC2.dll
2014-03-27 06:54:20 ----AS---- C:\windows\system32\libssh2.dll
2014-03-27 06:54:20 ----AS---- C:\windows\system32\librtmp.dll
2014-03-27 06:54:20 ----AS---- C:\windows\system32\libidn-11.dll
2014-03-27 06:54:20 ----AS---- C:\windows\system32\libeay32.dll
2014-03-27 06:54:20 ----AS---- C:\windows\system32\libcurl-4.dll
2014-03-27 06:54:19 ----AS---- C:\windows\system32\cudart32_50_35.dll
2014-03-27 06:54:18 ----D---- C:\Program Files\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK
2014-03-27 06:50:09 ----D---- C:\Users
2014-03-27 06:42:39 ----D---- C:\Program Files\Revo Uninstaller Pro v3.0.5 Final 32+64bit_SK+CZ
2014-03-27 06:25:53 ----D---- C:\AdwCleaner
2014-03-27 03:03:50 ----HDC---- C:\windows\$NtUninstallKB2934207$
2014-03-26 23:42:03 ----N---- C:\windows\system32\xp_eos.exe
2014-03-26 14:32:59 ----D---- C:\Program Files\CCleaner
2014-03-26 13:28:32 ----D---- C:\windows\pss
2014-03-16 15:11:14 ----HDC---- C:\windows\$NtUninstallKB2929961$
2014-03-16 15:10:19 ----HDC---- C:\windows\$NtUninstallKB2930275$
2014-03-08 16:05:14 ----HDC---- C:\windows\$NtUninstallKB2916036$
2014-03-08 15:52:40 ----D---- C:\spoolerlogs

======List of files/folders modified in the last 1 month======

2014-03-27 13:51:48 ----RD---- C:\Program Files
2014-03-27 13:51:07 ----D---- C:\windows\Prefetch
2014-03-27 13:32:01 ----D---- C:\windows\system32\drivers
2014-03-27 13:24:23 ----D---- C:\windows\Temp
2014-03-27 13:15:50 ----SHD---- C:\windows\Installer
2014-03-27 07:50:24 ----HD---- C:\windows\inf
2014-03-27 07:46:06 ----SD---- C:\windows\Tasks
2014-03-27 07:45:13 ----D---- C:\windows\WinSxS
2014-03-27 07:45:13 ----D---- C:\windows\system32
2014-03-27 07:45:12 ----D---- C:\WINDOWS
2014-03-27 07:22:45 ----A---- C:\windows\win.ini
2014-03-27 07:22:45 ----A---- C:\windows\system.ini
2014-03-27 07:16:31 ----D---- C:\Program Files\ALWIL Software
2014-03-27 07:15:40 ----A---- C:\windows\SchedLgU.Txt
2014-03-27 07:08:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2014-03-27 06:59:16 ----D---- C:\windows\system32\CatRoot2
2014-03-27 06:45:58 ----HD---- C:\Program Files\InstallShield Installation Information
2014-03-27 06:45:58 ----D---- C:\Program Files\Common Files\soft602
2014-03-27 06:27:54 ----SD---- C:\windows\Downloaded Program Files
2014-03-27 03:03:52 ----RSHDC---- C:\windows\system32\dllcache
2014-03-27 03:03:21 ----D---- C:\windows\system32\MRT
2014-03-27 03:00:27 ----D---- C:\windows\Debug
2014-03-27 03:00:21 ----A---- C:\windows\system32\MRT.exe
2014-03-26 14:38:55 ----D---- C:\windows\Minidump
2014-03-26 13:55:04 ----A---- C:\windows\NeroDigital.ini
2014-03-26 13:51:54 ----D---- C:\Documents and Settings\XP\Data aplikací\BSplayer
2014-03-16 15:12:16 ----D---- C:\Program Files\Internet Explorer
2014-03-08 16:00:28 ----D---- C:\windows\ie8updates
2014-03-08 15:53:35 ----D---- C:\CHEM-WELD

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-03-27 180760]
R0 SISAGP;SiS AGP Filter; C:\windows\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\windows\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 AFS2K;AFS2k; C:\windows\system32\drivers\AFS2K.sys [2005-02-08 82380]
R1 AmdK7;Ovladač procesoru AMD K7; C:\windows\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2014-03-27 54832]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-03-27 776976]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-03-27 411552]
R1 aswTdi;aswTdi; C:\windows\system32\drivers\aswTdi.sys [2014-03-27 57672]
R1 SiSkp;SiSkp; C:\windows\system32\DRIVERS\srvkp.sys [2003-10-29 11264]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-03-27 67824]
R3 cmuda;C-Media WDM Audio Interface; C:\windows\system32\drivers\cmuda.sys [2003-11-06 755392]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys []
R3 SiS315;SiS315; C:\windows\system32\DRIVERS\sisgrp.sys [2003-10-29 427776]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\windows\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\windows\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-03-27 49944]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196); C:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys [2004-06-11 62035]
S3 GTwinUSB;GTwinUSB; C:\windows\System32\Drivers\GTwinUSB.sys [2002-10-04 61776]
S3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 k600bus;Sony Ericsson 600i driver (WDM); C:\windows\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter; C:\windows\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers; C:\windows\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers; C:\windows\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers; C:\windows\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
S3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 Revoflt;Revoflt; C:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 sermouse;Ovladač sériové myši; C:\windows\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Vgdev;Vguard 7146 Serial Device; C:\windows\System32\Drivers\Vgdev.sys [2005-04-27 36665]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-03-27 50344]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S2 MSSQL$BANKKLIENT;MSSQL$BANKKLIENT; C:\GE CAPITAL\MSDE2K\MSSQL$BANKKLIENT\Binn\sqlservr.exe [2002-12-17 7520337]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-01 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-15 119408]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 29 bře 2014 10:08

Zdravim a pekne dopoledne preji

Jednak je v PC hodne haveti, ale i je PC uz hodne slabe na dnesni provoz

Zrejme casem stejne nezbyde nez koupit novejsi stroj

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

karelhus · #3 Příspěvek od **karelhus** » 29 bře 2014 18:27

Děkuji za pomoc.Když chci z vašeho odkazu stáhnout zoek.exe tak mě to avast zablokuje jako hrozbu win32 malware -gen viz tento odkaz: http://www.avast.com/cs-cz/lp-fr-virus- ... cpu=-1%2C0

karelhus · #4 Příspěvek od **karelhus** » 29 bře 2014 18:30

jinak log z JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by XP on so 29.03.2014 at 18:11:08,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B76E7A85-7322-428b-AB33-19A6A5FD1E73}

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 29.03.2014 at 18:29:54,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5 Příspěvek od **vyosek** » 29 bře 2014 19:13

Docasne vypnete antivir a stahnete Zoek - jedna se o falesnou detekci

karelhus · #6 Příspěvek od **karelhus** » 29 bře 2014 22:16

zde druhý log

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by XP on so 29.03.2014 at 20:59:57,84.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\XP\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.3.2014 21:01:46 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Documents and Settings\XP\pmtl04.dll deleted
C:\windows\Wininit.ini deleted
C:\windows\System32\SET18.tmp deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27.03.2014 07:45]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchT ... f8&oe=utf8"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{92F51B88-0DFA-481E-8355-361D80903A37} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\BS.Player ControlBar deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=0 3468529 bytes)

==== Empty Temp Folders ======================

C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\DOCUME~1\XP\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on so 29.03.2014 at 21:36:38,75 ======================

#7 Příspěvek od **vyosek** » 29 bře 2014 22:19

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

karelhus · #8 Příspěvek od **karelhus** » 30 bře 2014 00:40

zde frst

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by XP (administrator) on KANCELAR on 30-03-2014 00:34:44
Running from C:\Documents and Settings\XP\Plocha
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\windows\System32\SCardSvr.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\windows\system32\lcpmnctgar.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SiSUSBRG] - C:\WINDOWS\SiSUSBrg.exe [106496 2002-07-12] (Silicon Integrated Systems Corp.)
HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [MSStp] - C:\windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM\...\Run: [mnctgarSrv] - C:\windows\system32\mnctgar.vbe [7670 2014-03-05] ()
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-27] (AVAST Software)
HKLM\...\Run: [SiSPower] - C:\windows\system32\SiSPower.dll [53248 2010-10-26] (Silicon Integrated Systems Corporation)
HKU\S-1-5-21-839522115-1897051121-725345543-1004\...\MountPoints2: {13717974-ced8-11da-ae6b-00115b7eddb1} - E:\setupSNK.exe

==================== Internet (Whitelisted) ====================

ProxyServer: 10.0.0.1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll ()
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\windows\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll ()
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {4ADC518E-B607-11D4-B395-0001020F4519} https://bb24.csob.cz/Comp/signer.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {5F509E42-537E-482B-B66C-145BC170054C} http://www.album.cz/moje-alba/fs/FotoSt ... loader.dll
DPF: {AAF5E778-A1B8-4331-A9A6-AC4E4E85783D} http://sberna.fotostar.cz/snadno-vlozit ... loader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Documents and Settings\XP\Data aplikací\Mozilla\Firefox\Profiles\k50whwxl.default
FF Homepage: www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Shumway - C:\Documents and Settings\XP\Data aplikací\Mozilla\Firefox\Profiles\k50whwxl.default\Extensions\shumway@research.mozilla.org [2014-03-29]
FF Extension: DownloadHelper - C:\Documents and Settings\XP\Data aplikací\Mozilla\Firefox\Profiles\k50whwxl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-27]

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR DefaultSearchKeyword: seznam.cz
CHR DefaultSearchProvider: Seznam
CHR DefaultSearchURL: http://search.seznam.cz/?q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\XP\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-31]
CHR Extension: (Disk Google) - C:\Documents and Settings\XP\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-31]
CHR Extension: (YouTube) - C:\Documents and Settings\XP\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-31]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\XP\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-31]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\XP\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Gmail) - C:\Documents and Settings\XP\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-31]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-27] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 NitroReaderDriverReadSpool3; "C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 AFS2K; C:\windows\system32\Drivers\AFS2K.sys [82380 2005-02-08] (Oak Technology Inc.)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-03-27] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr.sys [54832 2014-03-27] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-03-27] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [776976 2014-03-27] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [411552 2014-03-27] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [57672 2014-03-27] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180760 2014-03-27] ()
R3 cmuda; C:\windows\System32\drivers\cmuda.sys [755392 2003-11-06] (C-Media Inc)
S3 gtcdcmdm; C:\windows\System32\DRIVERS\gtusbmdm_gpc6400.sys [62035 2004-06-11] (Flextronics Design Korea Ltd.)
S3 GTwinUSB; C:\windows\System32\Drivers\GTwinUSB.sys [61776 2002-10-04] (Gemplus)
S3 k600bus; C:\windows\System32\DRIVERS\k600bus.sys [52384 2005-05-11] (MCCI)
S3 k600mdfl; C:\windows\System32\DRIVERS\k600mdfl.sys [6096 2005-05-11] (MCCI)
S3 k600mdm; C:\windows\System32\DRIVERS\k600mdm.sys [87456 2005-05-11] (MCCI)
S3 k600mgmt; C:\windows\System32\DRIVERS\k600mgmt.sys [79248 2005-05-11] (MCCI)
S3 k600obex; C:\windows\System32\DRIVERS\k600obex.sys [77072 2005-05-11] (MCCI)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-29] (Malwarebytes Corporation)
S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [17134 2002-05-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 SiS315; C:\windows\System32\DRIVERS\sisgrp.sys [325120 2010-10-26] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\windows\System32\DRIVERS\srvkp.sys [19200 2010-10-26] (Silicon Integrated Systems Corporation)
R3 SISNIC; C:\windows\System32\DRIVERS\sisnic.sys [32256 2002-07-10] (SiS Corporation)
S3 Vgdev; C:\windows\System32\Drivers\Vgdev.sys [36665 2005-04-27] (Chateau Technical Corp.)
S4 IntelIde; No ImagePath
S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X]
U5 ScsiPort; C:\windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2099-05-20 22:29 - 2505-05-20 22:29 - 00003120 _____ () C:\windows\MF_C421.lfa
2099-05-20 22:29 - 2505-05-20 22:29 - 00003120 _____ () C:\windows\MF_C420.lfa
2014-03-30 00:34 - 2014-03-30 00:35 - 00011744 _____ () C:\Documents and Settings\XP\Plocha\FRST.txt
2014-03-30 00:33 - 2014-03-30 00:34 - 00000000 ____D () C:\FRST
2014-03-30 00:33 - 2014-03-30 00:32 - 01145856 _____ (Farbar) C:\Documents and Settings\XP\Plocha\FRST.exe
2014-03-30 00:20 - 2010-11-26 18:13 - 00093813 _____ () C:\windows\VGAsetup.ini
2014-03-30 00:18 - 2014-03-30 00:18 - 00000000 ____D () C:\windows\LastGood
2014-03-30 00:11 - 2010-10-26 11:04 - 00053248 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\SiSPower.dll
2014-03-30 00:11 - 2010-10-26 11:03 - 00012288 _____ (Silicon Integrated Systems Corporation) C:\windows\InstFunc.dll
2014-03-30 00:11 - 2010-06-04 16:17 - 00208896 _____ () C:\windows\Progress.exe
2014-03-30 00:11 - 2006-04-28 09:56 - 00049152 _____ () C:\windows\InstFunc.exe
2014-03-30 00:10 - 2010-10-26 11:46 - 03468288 ____C (Silicon Integrated Systems Corporation) C:\windows\system32\dllcache\sisgrv.dll
2014-03-30 00:10 - 2010-10-26 11:46 - 03468288 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\sisgrv.dll
2014-03-29 23:59 - 2014-03-30 00:12 - 00000033 _____ () C:\windows\system32\VGAunistlog.ini
2014-03-29 23:46 - 2014-03-29 23:46 - 00000664 _____ () C:\windows\system32\d3d9caps.dat
2014-03-29 23:10 - 2014-03-29 23:10 - 00000887 _____ () C:\Documents and Settings\XP\Plocha\EVEREST Ultimate Edition.lnk
2014-03-29 23:10 - 2014-03-29 23:10 - 00000000 ____D () C:\Program Files\Lavalys
2014-03-29 23:10 - 2014-03-29 23:10 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Lavalys
2014-03-29 23:02 - 2014-03-29 23:02 - 00040776 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2014-03-29 21:37 - 2014-03-29 21:38 - 00005412 _____ () C:\Documents and Settings\XP\Plocha\zoek-results.txt
2014-03-29 21:22 - 2014-03-29 20:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-03-29 21:01 - 2014-03-29 21:36 - 00005412 _____ () C:\zoek-results.log
2014-03-29 20:59 - 2014-03-29 21:16 - 00000000 ____D () C:\zoek_backup
2014-03-29 20:57 - 2014-03-29 20:57 - 01285120 _____ () C:\Documents and Settings\XP\Plocha\zoek.exe
2014-03-29 19:44 - 2014-03-29 19:44 - 00000000 ____D () C:\Documents and Settings\XP\dwhelper
2014-03-29 18:11 - 2014-03-29 18:11 - 00000000 ____D () C:\windows\ERUNT
2014-03-29 18:08 - 2014-03-29 18:08 - 01038974 _____ (Thisisu) C:\Documents and Settings\XP\Plocha\JRT.exe
2014-03-29 17:58 - 2014-03-29 17:58 - 00000866 _____ () C:\Documents and Settings\All Users\Plocha\PDF-Viewer.lnk
2014-03-29 17:58 - 2014-03-29 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\PDF-XChange PDF Viewer
2014-03-29 17:57 - 2014-03-29 17:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-03-29 17:44 - 2008-08-07 14:00 - 00163923 ____N () C:\windows\system32\SiSUninstall.exe
2014-03-29 17:44 - 2006-03-22 21:53 - 00337320 _____ (Microsoft Corporation) C:\windows\difxapi.dll
2014-03-29 17:42 - 2010-10-26 12:12 - 00019200 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\Drivers\srvkp.sys
2014-03-29 17:42 - 2010-10-26 12:10 - 01571001 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\sisgl.dll
2014-03-29 17:42 - 2010-10-26 11:39 - 00325120 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\Drivers\sisgrp.sys
2014-03-29 17:42 - 2010-10-26 11:04 - 00009728 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\SiSPIns2.dll
2014-03-29 17:42 - 2010-10-26 11:03 - 00258048 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\SiSParse.dll
2014-03-29 17:42 - 2010-10-26 11:03 - 00258048 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\_SiSParse.dll
2014-03-29 17:42 - 2010-10-26 11:03 - 00172032 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\SiSInst.dll
2014-03-29 17:42 - 2010-10-26 11:03 - 00172032 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\_SiSInst.dll
2014-03-29 17:42 - 2010-10-26 11:02 - 00049152 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\SiSBase.dll
2014-03-29 17:42 - 2010-10-26 11:02 - 00049152 _____ (Silicon Integrated Systems Corporation) C:\windows\system32\_SiSBase.dll
2014-03-29 17:42 - 2006-01-19 10:34 - 00049152 _____ () C:\windows\system32\sis660.bin
2014-03-29 17:42 - 2005-10-07 15:13 - 00065536 _____ () C:\windows\system32\sis760.bin
2014-03-29 17:42 - 2005-10-07 15:13 - 00065536 _____ () C:\windows\system32\sis741.bin
2014-03-29 17:42 - 2003-10-29 19:54 - 00427776 ____C (Silicon Integrated Systems Corporation) C:\windows\system32\dllcache\sisgrp.sys
2014-03-29 17:40 - 2014-03-29 17:40 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\Nitro
2014-03-29 17:38 - 2013-07-26 06:48 - 00027152 _____ (Nitro PDF Software) C:\windows\system32\nitrolocalmon2.dll
2014-03-29 17:38 - 2013-07-26 06:48 - 00018448 _____ (Nitro PDF Software) C:\windows\system32\nitrolocalui2.dll
2014-03-29 17:06 - 2014-03-29 18:00 - 00000000 ____D () C:\Program Files\Nitro
2014-03-29 17:06 - 2014-03-29 17:06 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-03-29 17:04 - 2014-03-29 17:04 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Nitro
2014-03-29 10:07 - 2014-03-30 00:05 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 10:07 - 2014-03-29 10:07 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-03-29 10:07 - 2014-03-29 10:07 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-28 13:38 - 2014-03-28 13:38 - 01628050 _____ () C:\Documents and Settings\XP\Plocha\Malwarebytes.bmp
2014-03-27 13:51 - 2014-03-27 13:53 - 00000000 ____D () C:\rsit
2014-03-27 13:51 - 2014-03-27 13:53 - 00000000 ____D () C:\Program Files\trend micro
2014-03-27 12:23 - 2014-03-27 12:23 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\Malwarebytes
2014-03-27 08:51 - 2014-03-27 13:21 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-03-27 08:51 - 2014-03-27 13:21 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-03-27 08:51 - 2014-03-27 08:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-03-27 07:47 - 2014-03-27 07:47 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\AVAST Software
2014-03-27 07:47 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-27 07:46 - 2014-03-30 00:24 - 00000356 ____H () C:\windows\Tasks\avast! Emergency Update.job
2014-03-27 07:46 - 2014-03-27 13:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-27 07:46 - 2014-03-27 07:46 - 00001733 _____ () C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
2014-03-27 07:46 - 2014-03-27 07:46 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast
2014-03-27 07:45 - 2014-03-27 07:45 - 00776976 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00411552 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00271264 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-03-27 07:45 - 2014-03-27 07:45 - 00180760 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00057672 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00054832 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-03-27 07:42 - 2014-03-27 07:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-27 07:28 - 2014-03-27 07:28 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-03-27 07:25 - 2014-03-29 17:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 07:25 - 2014-03-27 07:26 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\Mozilla
2014-03-27 07:25 - 2014-03-27 07:25 - 00000730 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2014-03-27 07:25 - 2014-03-27 07:25 - 00000724 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2014-03-27 07:25 - 2014-03-27 07:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-27 07:25 - 2014-03-27 07:25 - 00000000 ____D () C:\Documents and Settings\XP\Local Settings\Data aplikací\Mozilla
2014-03-27 07:25 - 2014-03-27 07:25 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
2014-03-27 07:19 - 2014-03-27 07:19 - 00000003 _____ () C:\Documents and Settings\XP\stut
2014-03-27 07:17 - 2014-03-30 00:17 - 00000000 _____ () C:\Documents and Settings\XP\rgut
2014-03-27 06:59 - 2014-03-27 06:59 - 00000925 _____ () C:\Documents and Settings\All Users\Plocha\Revo Uninstaller Pro.lnk
2014-03-27 06:59 - 2014-03-27 06:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-27 06:59 - 2014-03-27 06:59 - 00000000 ____D () C:\Documents and Settings\XP\Local Settings\Data aplikací\VS Revo Group
2014-03-27 06:59 - 2014-03-27 06:59 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Revo Uninstaller Pro
2014-03-27 06:59 - 2014-03-27 06:59 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\VS Revo Group
2014-03-27 06:59 - 2009-12-30 11:20 - 00027064 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-03-27 06:58 - 2014-03-27 06:58 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\WinRAR
2014-03-27 06:57 - 2014-03-27 06:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-27 06:57 - 2014-03-27 06:57 - 00000000 ____D () C:\Documents and Settings\XP\Nabídka Start\Programy\WinRAR
2014-03-27 06:57 - 2014-03-27 06:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR
2014-03-27 06:54 - 2014-03-27 06:56 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK
2014-03-27 06:54 - 2014-03-27 06:54 - 00000000 ____D () C:\windows\system32\bitstreams
2014-03-27 06:54 - 2014-03-05 22:19 - 00007670 ____S () C:\windows\system32\mnctgar.vbe
2014-03-27 06:54 - 2013-12-10 00:30 - 10236928 ____S () C:\windows\system32\acumnctgar.exe
2014-03-27 06:54 - 2013-10-26 20:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\windows\system32\libeay32.dll
2014-03-27 06:54 - 2013-10-26 20:30 - 00538126 ____S () C:\windows\system32\libcurl-4.dll
2014-03-27 06:54 - 2013-10-26 20:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\windows\system32\ssleay32.dll
2014-03-27 06:54 - 2013-10-26 20:30 - 00192512 ____S () C:\windows\system32\libidn-11.dll
2014-03-27 06:54 - 2013-10-26 20:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\windows\system32\libssh2.dll
2014-03-27 06:54 - 2013-10-26 20:30 - 00133632 ____S () C:\windows\system32\librtmp.dll
2014-03-27 06:54 - 2013-10-26 20:30 - 00044727 ____S () C:\windows\system32\diablo130302.cl
2014-03-27 06:54 - 2013-10-26 20:30 - 00043810 ____S () C:\windows\system32\poclbm130302.cl
2014-03-27 06:54 - 2013-10-26 20:30 - 00030802 ____S () C:\windows\system32\diakgcn121016.cl
2014-03-27 06:54 - 2013-10-26 20:30 - 00023825 ____S () C:\windows\system32\scrypt130511.cl
2014-03-27 06:54 - 2013-10-26 20:30 - 00013062 ____S () C:\windows\system32\phatk121016.cl
2014-03-27 06:54 - 2013-07-18 16:06 - 00187904 ____S () C:\windows\system32\lcpmnctgar.exe
2014-03-27 06:54 - 2013-06-12 15:15 - 00119888 ____S (Open Source Software community LGPL) C:\windows\system32\pthreadGC2.dll
2014-03-27 06:54 - 2013-06-12 15:15 - 00100864 ____S () C:\windows\system32\zlib1.dll
2014-03-27 06:54 - 2012-09-25 23:46 - 00472424 ____S (NVIDIA Corporation) C:\windows\system32\cudart32_50_35.dll
2014-03-27 06:54 - 2012-05-27 01:36 - 00055808 ____S (Open Source Software community LGPL) C:\windows\system32\pthreadVC2.dll
2014-03-27 06:42 - 2014-03-27 06:42 - 00000000 ____D () C:\Program Files\Revo Uninstaller Pro v3.0.5 Final 32+64bit_SK+CZ
2014-03-27 06:42 - 2014-03-27 06:42 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Revo Uninstaller Pro v3.0.5 Final 32+64bit_SK+CZ
2014-03-27 06:31 - 2014-03-27 06:31 - 00002284 _____ () C:\Documents and Settings\XP\Plocha\AdwCleaner[S0].txt
2014-03-27 06:30 - 2014-03-30 00:16 - 00000216 _____ () C:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-03-27 06:30 - 2014-03-27 07:17 - 00000210 _____ () C:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-03-27 06:25 - 2014-03-27 06:28 - 00000000 ____D () C:\AdwCleaner
2014-03-27 06:21 - 2014-03-27 06:21 - 00001626 _____ () C:\Documents and Settings\XP\Dokumenty\cc_20140327_062121.reg
2014-03-27 06:20 - 2014-03-27 06:21 - 00185128 _____ () C:\Documents and Settings\XP\Dokumenty\cc_20140327_062053.reg
2014-03-27 03:04 - 2014-03-30 00:20 - 00050435 _____ () C:\windows\setupapi.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00002359 _____ () C:\windows\tsoc.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00001987 _____ () C:\windows\comsetup.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00001374 _____ () C:\windows\imsins.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00001211 _____ () C:\windows\ntdtcsetup.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000957 _____ () C:\windows\iis6.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000386 _____ () C:\windows\ocmsn.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000309 _____ () C:\windows\msgsocm.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000000 _____ () C:\windows\setuperr.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000000 _____ () C:\windows\setupact.log
2014-03-27 03:03 - 2014-03-27 03:04 - 00006183 _____ () C:\windows\FaxSetup.log
2014-03-27 03:03 - 2014-03-27 03:04 - 00004833 _____ () C:\windows\KB2934207.log
2014-03-27 03:03 - 2014-03-27 03:04 - 00002956 _____ () C:\windows\ocgen.log
2014-03-27 03:03 - 2014-03-27 03:03 - 00000000 __HDC () C:\windows\$NtUninstallKB2934207$
2014-03-26 23:42 - 2014-02-27 00:28 - 00013312 ____N (Microsoft Corporation) C:\windows\system32\xp_eos.exe
2014-03-26 23:42 - 2014-02-27 00:28 - 00013312 ____C (Microsoft Corporation) C:\windows\system32\dllcache\xp_eos.exe
2014-03-26 14:33 - 2014-03-26 14:33 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-03-26 14:33 - 2014-03-26 14:33 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
2014-03-26 14:32 - 2014-03-26 14:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-26 14:29 - 2014-03-30 00:32 - 00000000 ____D () C:\Documents and Settings\XP\Dokumenty\Stažené soubory
2014-03-26 13:28 - 2014-03-27 07:22 - 00000000 ____D () C:\windows\pss
2014-03-16 15:11 - 2014-03-16 15:11 - 00000000 __HDC () C:\windows\$NtUninstallKB2929961$
2014-03-16 15:10 - 2014-03-16 15:10 - 00000000 __HDC () C:\windows\$NtUninstallKB2930275$
2014-03-08 16:05 - 2014-03-08 16:05 - 00000000 __HDC () C:\windows\$NtUninstallKB2916036$

==================== One Month Modified Files and Folders =======

2099-05-20 22:29 - 2505-05-20 22:29 - 00003120 _____ () C:\windows\MF_C421.lfa
2099-05-20 22:29 - 2505-05-20 22:29 - 00003120 _____ () C:\windows\MF_C420.lfa
2014-03-30 00:35 - 2014-03-30 00:34 - 00011744 _____ () C:\Documents and Settings\XP\Plocha\FRST.txt
2014-03-30 00:34 - 2014-03-30 00:33 - 00000000 ____D () C:\FRST
2014-03-30 00:34 - 2005-02-04 16:59 - 00000000 ____D () C:\Documents and Settings\XP\Plocha
2014-03-30 00:32 - 2014-03-30 00:33 - 01145856 _____ (Farbar) C:\Documents and Settings\XP\Plocha\FRST.exe
2014-03-30 00:32 - 2014-03-26 14:29 - 00000000 ____D () C:\Documents and Settings\XP\Dokumenty\Stažené soubory
2014-03-30 00:24 - 2014-03-27 07:46 - 00000356 ____H () C:\windows\Tasks\avast! Emergency Update.job
2014-03-30 00:24 - 2005-02-04 16:51 - 01665343 _____ () C:\windows\WindowsUpdate.log
2014-03-30 00:22 - 2013-10-31 08:22 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 00:20 - 2014-03-27 03:04 - 00050435 _____ () C:\windows\setupapi.log
2014-03-30 00:19 - 2004-08-18 13:00 - 00013646 _____ () C:\windows\system32\wpa.dbl
2014-03-30 00:18 - 2014-03-30 00:18 - 00000000 ____D () C:\windows\LastGood
2014-03-30 00:17 - 2014-03-27 07:17 - 00000000 _____ () C:\Documents and Settings\XP\rgut
2014-03-30 00:17 - 2005-02-04 17:45 - 00000300 _____ () C:\windows\wiadebug.log
2014-03-30 00:17 - 2005-02-04 17:45 - 00000049 _____ () C:\windows\wiaservc.log
2014-03-30 00:16 - 2014-03-27 06:30 - 00000216 _____ () C:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-03-30 00:16 - 2013-10-31 08:22 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 00:16 - 2005-02-04 16:58 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-30 00:15 - 2005-02-04 16:59 - 00000178 ___SH () C:\Documents and Settings\XP\ntuser.ini
2014-03-30 00:15 - 2005-02-04 16:59 - 00000000 ____D () C:\Documents and Settings\XP
2014-03-30 00:15 - 2005-02-04 16:58 - 00032350 _____ () C:\windows\SchedLgU.Txt
2014-03-30 00:12 - 2014-03-29 23:59 - 00000033 _____ () C:\windows\system32\VGAunistlog.ini
2014-03-30 00:05 - 2014-03-29 10:07 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 23:46 - 2014-03-29 23:46 - 00000664 _____ () C:\windows\system32\d3d9caps.dat
2014-03-29 23:10 - 2014-03-29 23:10 - 00000887 _____ () C:\Documents and Settings\XP\Plocha\EVEREST Ultimate Edition.lnk
2014-03-29 23:10 - 2014-03-29 23:10 - 00000000 ____D () C:\Program Files\Lavalys
2014-03-29 23:10 - 2014-03-29 23:10 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Lavalys
2014-03-29 23:10 - 2005-02-04 17:43 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-03-29 23:04 - 2005-02-04 16:59 - 00000000 __RHD () C:\Documents and Settings\XP\Data aplikací
2014-03-29 23:02 - 2014-03-29 23:02 - 00040776 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2014-03-29 22:44 - 2005-02-04 17:36 - 00000000 ____D () C:\windows\pchealth
2014-03-29 22:01 - 2005-02-04 17:43 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2014-03-29 22:01 - 2005-02-04 17:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-29 21:38 - 2014-03-29 21:37 - 00005412 _____ () C:\Documents and Settings\XP\Plocha\zoek-results.txt
2014-03-29 21:36 - 2014-03-29 21:01 - 00005412 _____ () C:\zoek-results.log
2014-03-29 21:16 - 2014-03-29 20:59 - 00000000 ____D () C:\zoek_backup
2014-03-29 21:00 - 2005-02-04 16:50 - 00000000 ____D () C:\windows\system32\Restore
2014-03-29 20:59 - 2014-03-29 21:22 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-03-29 20:57 - 2014-03-29 20:57 - 01285120 _____ () C:\Documents and Settings\XP\Plocha\zoek.exe
2014-03-29 19:44 - 2014-03-29 19:44 - 00000000 ____D () C:\Documents and Settings\XP\dwhelper
2014-03-29 18:11 - 2014-03-29 18:11 - 00000000 ____D () C:\windows\ERUNT
2014-03-29 18:08 - 2014-03-29 18:08 - 01038974 _____ (Thisisu) C:\Documents and Settings\XP\Plocha\JRT.exe
2014-03-29 18:02 - 2005-02-04 17:43 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-03-29 18:00 - 2014-03-29 17:06 - 00000000 ____D () C:\Program Files\Nitro
2014-03-29 17:58 - 2014-03-29 17:58 - 00000866 _____ () C:\Documents and Settings\All Users\Plocha\PDF-Viewer.lnk
2014-03-29 17:58 - 2014-03-29 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\PDF-XChange PDF Viewer
2014-03-29 17:58 - 2014-03-29 17:57 - 00000000 ____D () C:\Program Files\Tracker Software
2014-03-29 17:58 - 2014-03-27 07:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 17:44 - 2005-02-04 17:14 - 00000000 ____D () C:\windows\system32\ReinstallBackups
2014-03-29 17:40 - 2014-03-29 17:40 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\Nitro
2014-03-29 17:40 - 2005-02-04 17:42 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-03-29 17:06 - 2014-03-29 17:06 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-03-29 17:05 - 2005-02-04 16:56 - 00000178 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini
2014-03-29 17:04 - 2014-03-29 17:04 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Nitro
2014-03-29 16:55 - 2013-11-26 09:37 - 00000000 ____D () C:\CHEM-WELD
2014-03-29 16:39 - 2009-02-15 13:07 - 00000000 ____D () C:\Fotky
2014-03-29 16:39 - 2009-02-15 13:06 - 00000000 ____D () C:\CD -Twilight
2014-03-29 16:39 - 2006-01-12 08:05 - 00000000 ___RD () C:\Documents and Settings\XP\Dokumenty\foto
2014-03-29 16:39 - 2005-02-16 11:55 - 00000000 ____D () C:\pc-form
2014-03-29 16:39 - 2005-02-16 11:28 - 00000000 ____D () C:\ESAB
2014-03-29 16:39 - 2005-02-16 10:56 - 00000000 ____D () C:\Program Files\Common Files\soft602
2014-03-29 16:39 - 2005-02-04 16:59 - 00000000 ___RD () C:\Documents and Settings\XP\Dokumenty
2014-03-29 15:46 - 2005-02-04 16:59 - 00000000 ___RD () C:\Documents and Settings\XP\Nabídka Start\Programy
2014-03-29 15:28 - 2009-03-21 11:31 - 00000000 ____D () C:\Program Files\Enlight
2014-03-29 15:10 - 2005-03-02 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Adobe
2014-03-29 14:56 - 2005-02-08 12:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-29 14:56 - 2005-02-08 12:39 - 00000000 ____D () C:\Program Files\Adobe
2014-03-29 14:56 - 2005-02-04 17:43 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-03-29 10:07 - 2014-03-29 10:07 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-03-29 10:07 - 2014-03-29 10:07 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-29 09:02 - 2006-02-08 12:25 - 00000000 ____D () C:\Buziol Games
2014-03-29 08:59 - 2004-08-18 13:00 - 00000826 _____ () C:\windows\win.ini
2014-03-29 08:59 - 2004-08-18 13:00 - 00000227 _____ () C:\windows\system.ini
2014-03-28 13:45 - 2006-12-16 03:00 - 00000000 __HDC () C:\windows\$NtUninstallKB923694$
2014-03-28 13:38 - 2014-03-28 13:38 - 01628050 _____ () C:\Documents and Settings\XP\Plocha\Malwarebytes.bmp
2014-03-27 13:53 - 2014-03-27 13:51 - 00000000 ____D () C:\rsit
2014-03-27 13:53 - 2014-03-27 13:51 - 00000000 ____D () C:\Program Files\trend micro
2014-03-27 13:21 - 2014-03-27 08:51 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-03-27 13:21 - 2014-03-27 08:51 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-03-27 13:21 - 2014-03-27 07:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-27 12:23 - 2014-03-27 12:23 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\Malwarebytes
2014-03-27 08:51 - 2014-03-27 08:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-03-27 07:57 - 2005-02-04 16:59 - 00000000 ___HD () C:\Documents and Settings\XP\Local Settings\Data aplikací
2014-03-27 07:47 - 2014-03-27 07:47 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\AVAST Software
2014-03-27 07:46 - 2014-03-27 07:46 - 00001733 _____ () C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
2014-03-27 07:46 - 2014-03-27 07:46 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast
2014-03-27 07:45 - 2014-03-27 07:45 - 00776976 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00411552 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00271264 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-03-27 07:45 - 2014-03-27 07:45 - 00180760 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00057672 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00054832 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-03-27 07:45 - 2014-03-27 07:45 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-03-27 07:42 - 2014-03-27 07:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-27 07:28 - 2014-03-27 07:28 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-03-27 07:28 - 2005-02-04 17:21 - 00033608 _____ () C:\Documents and Settings\XP\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-03-27 07:26 - 2014-03-27 07:25 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\Mozilla
2014-03-27 07:25 - 2014-03-27 07:25 - 00000730 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2014-03-27 07:25 - 2014-03-27 07:25 - 00000724 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2014-03-27 07:25 - 2014-03-27 07:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-27 07:25 - 2014-03-27 07:25 - 00000000 ____D () C:\Documents and Settings\XP\Local Settings\Data aplikací\Mozilla
2014-03-27 07:25 - 2014-03-27 07:25 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
2014-03-27 07:22 - 2014-03-26 13:28 - 00000000 ____D () C:\windows\pss
2014-03-27 07:19 - 2014-03-27 07:19 - 00000003 _____ () C:\Documents and Settings\XP\stut
2014-03-27 07:17 - 2014-03-27 06:30 - 00000210 _____ () C:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-03-27 07:16 - 2005-02-08 12:04 - 00000000 ____D () C:\Program Files\ALWIL Software
2014-03-27 07:08 - 2013-10-31 08:25 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome
2014-03-27 07:08 - 2007-01-02 15:13 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Google
2014-03-27 07:08 - 2005-11-01 13:16 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2014-03-27 07:03 - 2005-02-04 16:52 - 00002505 _____ () C:\windows\system32\CONFIG.NT
2014-03-27 06:59 - 2014-03-27 06:59 - 00000925 _____ () C:\Documents and Settings\All Users\Plocha\Revo Uninstaller Pro.lnk
2014-03-27 06:59 - 2014-03-27 06:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-27 06:59 - 2014-03-27 06:59 - 00000000 ____D () C:\Documents and Settings\XP\Local Settings\Data aplikací\VS Revo Group
2014-03-27 06:59 - 2014-03-27 06:59 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Revo Uninstaller Pro
2014-03-27 06:59 - 2014-03-27 06:59 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\VS Revo Group
2014-03-27 06:58 - 2014-03-27 06:58 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\WinRAR
2014-03-27 06:57 - 2014-03-27 06:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-27 06:57 - 2014-03-27 06:57 - 00000000 ____D () C:\Documents and Settings\XP\Nabídka Start\Programy\WinRAR
2014-03-27 06:57 - 2014-03-27 06:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR
2014-03-27 06:56 - 2014-03-27 06:54 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK
2014-03-27 06:54 - 2014-03-27 06:54 - 00000000 ____D () C:\windows\system32\bitstreams
2014-03-27 06:42 - 2014-03-27 06:42 - 00000000 ____D () C:\Program Files\Revo Uninstaller Pro v3.0.5 Final 32+64bit_SK+CZ
2014-03-27 06:42 - 2014-03-27 06:42 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Revo Uninstaller Pro v3.0.5 Final 32+64bit_SK+CZ
2014-03-27 06:31 - 2014-03-27 06:31 - 00002284 _____ () C:\Documents and Settings\XP\Plocha\AdwCleaner[S0].txt
2014-03-27 06:30 - 2005-02-04 17:42 - 01484832 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-27 06:28 - 2014-03-27 06:25 - 00000000 ____D () C:\AdwCleaner
2014-03-27 06:28 - 2005-02-08 12:20 - 01114112 _____ () C:\windows\system32\config\Antivirus.Evt
2014-03-27 06:21 - 2014-03-27 06:21 - 00001626 _____ () C:\Documents and Settings\XP\Dokumenty\cc_20140327_062121.reg
2014-03-27 06:21 - 2014-03-27 06:20 - 00185128 _____ () C:\Documents and Settings\XP\Dokumenty\cc_20140327_062053.reg
2014-03-27 03:04 - 2014-03-27 03:04 - 00002359 _____ () C:\windows\tsoc.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00001987 _____ () C:\windows\comsetup.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00001374 _____ () C:\windows\imsins.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00001211 _____ () C:\windows\ntdtcsetup.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000957 _____ () C:\windows\iis6.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000386 _____ () C:\windows\ocmsn.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000309 _____ () C:\windows\msgsocm.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000000 _____ () C:\windows\setuperr.log
2014-03-27 03:04 - 2014-03-27 03:04 - 00000000 _____ () C:\windows\setupact.log
2014-03-27 03:04 - 2014-03-27 03:03 - 00006183 _____ () C:\windows\FaxSetup.log
2014-03-27 03:04 - 2014-03-27 03:03 - 00004833 _____ () C:\windows\KB2934207.log
2014-03-27 03:04 - 2014-03-27 03:03 - 00002956 _____ () C:\windows\ocgen.log
2014-03-27 03:03 - 2014-03-27 03:03 - 00000000 __HDC () C:\windows\$NtUninstallKB2934207$
2014-03-27 03:03 - 2013-09-28 08:36 - 00000000 ____D () C:\windows\system32\MRT
2014-03-27 03:00 - 2005-05-11 14:47 - 87350280 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-26 14:38 - 2005-11-30 08:52 - 00000000 ____D () C:\windows\Minidump
2014-03-26 14:33 - 2014-03-26 14:33 - 00000682 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-03-26 14:33 - 2014-03-26 14:33 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
2014-03-26 14:33 - 2014-03-26 14:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-26 13:55 - 2005-03-31 07:07 - 00000049 _____ () C:\windows\NeroDigital.ini
2014-03-26 13:51 - 2009-01-04 17:13 - 00000000 ____D () C:\Documents and Settings\XP\Data aplikací\BSplayer
2014-03-16 15:11 - 2014-03-16 15:11 - 00000000 __HDC () C:\windows\$NtUninstallKB2929961$
2014-03-16 15:10 - 2014-03-16 15:10 - 00000000 __HDC () C:\windows\$NtUninstallKB2930275$
2014-03-08 16:05 - 2014-03-08 16:05 - 00000000 __HDC () C:\windows\$NtUninstallKB2916036$
2014-03-08 16:00 - 2013-11-28 03:59 - 00000000 ____D () C:\windows\ie8updates
2014-03-05 22:19 - 2014-03-27 06:54 - 00007670 ____S () C:\windows\system32\mnctgar.vbe

Files to move or delete:
====================
C:\Documents and Settings\XP\hpothb07.dat

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe
[2004-08-18 13:00] - [2008-04-14 04:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\windows\system32\winlogon.exe
[2004-08-18 13:00] - [2008-04-14 04:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\windows\system32\svchost.exe
[2004-08-18 13:00] - [2008-04-14 04:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\windows\system32\services.exe
[2004-08-18 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\windows\system32\User32.dll
[2004-08-18 13:00] - [2008-04-14 04:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\windows\system32\userinit.exe
[2004-08-18 13:00] - [2008-04-14 04:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys
[2004-08-18 13:00] - [2008-04-14 03:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

==================== End Of Log ============================

#9 Příspěvek od **vyosek** » 30 bře 2014 08:19

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [MSStp] - C:\windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM\...\Run: [mnctgarSrv] - C:\windows\system32\mnctgar.vbe [7670 2014-03-05] ()
HKU\S-1-5-21-839522115-1897051121-725345543-1004\...\MountPoints2: {13717974-ced8-11da-ae6b-00115b7eddb1} - E:\setupSNK.exe

ProxyServer: 10.0.0.1
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
Toolbar: HKCU - BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll ()

C:\Users\Public\Public\run.vbs
C:\windows\system32\mnctgar.vbe 
C:\windows\inf\msstp.vbe
C:\Program Files\BS.Player ControlBar
2014-03-29 21:37 - 2014-03-29 21:38 - 00005412 _____ () C:\Documents and Settings\XP\Plocha\zoek-results.txt
2014-03-29 21:22 - 2014-03-29 20:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-03-29 21:01 - 2014-03-29 21:36 - 00005412 _____ () C:\zoek-results.log
2014-03-29 20:59 - 2014-03-29 21:16 - 00000000 ____D () C:\zoek_backup
2014-03-29 20:57 - 2014-03-29 20:57 - 01285120 _____ () C:\Documents and Settings\XP\Plocha\zoek.exe
2014-03-29 18:08 - 2014-03-29 18:08 - 01038974 _____ (Thisisu) C:\Documents and Settings\XP\Plocha\JRT.exe
2014-03-27 06:54 - 2014-03-05 22:19 - 00007670 ____S () C:\windows\system32\mnctgar.vbe
2014-03-27 06:31 - 2014-03-27 06:31 - 00002284 _____ () C:\Documents and Settings\XP\Plocha\AdwCleaner[S0].txt

C:\windows\tasks\avast! Emergency Update.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\windows\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows" /f

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

karelhus · #10 Příspěvek od **karelhus** » 30 bře 2014 10:01

Tak jsem přesunul fixlist vedle ikony FRST(ne na ní) a spustil FRST a dal fix.Sice neproběhl restart ale vypsalo to log. Zde je:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by XP at 2014-03-30 11:02:46 Run:1
Running from C:\Documents and Settings\XP\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [MSStp] - C:\windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM\...\Run: [mnctgarSrv] - C:\windows\system32\mnctgar.vbe [7670 2014-03-05] ()
HKU\S-1-5-21-839522115-1897051121-725345543-1004\...\MountPoints2: {13717974-ced8-11da-ae6b-00115b7eddb1} - E:\setupSNK.exe

ProxyServer: 10.0.0.1
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
Toolbar: HKCU - BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll ()

C:\Users\Public\Public\run.vbs
C:\windows\system32\mnctgar.vbe
C:\windows\inf\msstp.vbe
C:\Program Files\BS.Player ControlBar
2014-03-29 21:37 - 2014-03-29 21:38 - 00005412 _____ () C:\Documents and Settings\XP\Plocha\zoek-results.txt
2014-03-29 21:22 - 2014-03-29 20:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-03-29 21:01 - 2014-03-29 21:36 - 00005412 _____ () C:\zoek-results.log
2014-03-29 20:59 - 2014-03-29 21:16 - 00000000 ____D () C:\zoek_backup
2014-03-29 20:57 - 2014-03-29 20:57 - 01285120 _____ () C:\Documents and Settings\XP\Plocha\zoek.exe
2014-03-29 18:08 - 2014-03-29 18:08 - 01038974 _____ (Thisisu) C:\Documents and Settings\XP\Plocha\JRT.exe
2014-03-27 06:54 - 2014-03-05 22:19 - 00007670 ____S () C:\windows\system32\mnctgar.vbe
2014-03-27 06:31 - 2014-03-27 06:31 - 00002284 _____ () C:\Documents and Settings\XP\Plocha\AdwCleaner[S0].txt

C:\windows\tasks\avast! Emergency Update.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\windows\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows" /f

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSStp => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mnctgarSrv => Value deleted successfully.
HKU\S-1-5-21-839522115-1897051121-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13717974-ced8-11da-ae6b-00115b7eddb1} => Key deleted successfully.
HKCR\CLSID\{13717974-ced8-11da-ae6b-00115b7eddb1} => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2C688203-7EB3-4327-9995-1CB417BA23F9} => Value deleted successfully.
HKCR\CLSID\{2C688203-7EB3-4327-9995-1CB417BA23F9} => Key deleted successfully.
"C:\Users\Public\Public\run.vbs" => File/Directory not found.
C:\windows\system32\mnctgar.vbe => Moved successfully.
C:\windows\inf\msstp.vbe => Moved successfully.
C:\Program Files\BS.Player ControlBar => Moved successfully.
"C:\Documents and Settings\XP\Plocha\zoek-results.txt" => File/Directory not found.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\XP\Plocha\zoek.exe => Moved successfully.
C:\Documents and Settings\XP\Plocha\JRT.exe => Moved successfully.
"C:\windows\system32\mnctgar.vbe" => File/Directory not found.
"C:\Documents and Settings\XP\Plocha\AdwCleaner[S0].txt" => File/Directory not found.
C:\windows\tasks\avast! Emergency Update.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\windows\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\windows\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

#11 Příspěvek od **vyosek** » 30 bře 2014 11:35

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

karelhus · #12 Příspěvek od **karelhus** » 01 dub 2014 17:37

Dobrý den.Omlouvám se za větší pauzu, ale musel jsem služebně nečekaně mimo Prahu.Udělal jsem předposlední věc a to s TFC ale bohužel po spuštění mě zmizí všechny ikony na ploše,okno programu po volbě start zatuhne a tím i celý comp.Není možná ani volba alt ctrl del.Nic nefunguje a tak jedině restart.Zkoušeno vícetkrát.

#13 Příspěvek od **vyosek** » 01 dub 2014 19:29

Pokracujte dalsimi kroky

karelhus · #14 Příspěvek od **karelhus** » 02 dub 2014 06:55

nevím jakými.tak jsem dal poslední utilitu ccleaner.myslel jste toto tím posledním krokem?

#15 Příspěvek od **vyosek** » 02 dub 2014 07:32

Ano CCleaner by mel byt posledni...

A pokud nejsou problemy, je to z me strany vse

VIRY.CZ

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu