Kontrola logu, neco v PC zustalo

[radek178]

Ahoj,

prosim o kontrolu logu. Na rovinu reknu, ze mne jde spis o to objevit, kde a jak se malware skryva. Ve virtualu si ruzne zkousim ruzne infikovane soubory. Pak PC zkousim cistit. Tohle ale odstranit nedokazu. Pouzil jsem na to spoustu utilit, programu apod. a presto nejsem schopen to z PC vykopat. Mohl byste někdo poradit?

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2014-08-04 08:03:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (42%) free of 10 GB
Total RAM: 1023 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:13, on 4.8.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" -n vmusr
O4 - HKLM\..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: KYESCAN.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O23 - Service: Bitdefender 60-Second Virus Scanner Service (pdserv) - Bitdefender - C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - Cortado AG - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: TP VC Gateway Service (TPVCGateway) - Cortado AG - C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
O23 - Service: VMware Tools (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
O23 - Service: VMware Physical Disk Helper Service - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmacthlp.exe

--
End of file - 4108 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\jti1n3hl.default

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VMware User Process"=C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2014-03-21 63704]
"InstallerLauncher"=C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe /run:C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"pdiface"=C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [2013-10-30 261984]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
KYESCAN.lnk - C:\PROGRA~1\ScannerU\KYESCAN.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSimpleNetIDList"=1
"EditLevel"=0
"NoCommonGroups"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

======List of files/folders created in the last 1 month======

2014-08-03 21:30:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\BDLogging
2014-08-03 21:21:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Bitdefender
2014-08-03 21:21:31 ----D---- C:\Program Files\Bitdefender
2014-08-03 21:11:43 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2014-08-03 21:11:28 ----D---- C:\Program Files\Mozilla Firefox
2014-08-03 21:07:26 ----SHD---- C:\RECYCLER
2014-08-03 20:49:01 ----A---- C:\Report 2014-08-03 20.49.01.txt
2014-08-03 20:48:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\QuickScan
2014-08-03 20:18:04 ----A---- C:\ComboFix.txt
2014-08-03 19:58:56 ----A---- C:\Boot.bak
2014-08-03 19:58:50 ----RASHD---- C:\cmdcons
2014-08-03 19:57:12 ----A---- C:\WINDOWS\zip.exe
2014-08-03 19:57:12 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-08-03 19:57:12 ----A---- C:\WINDOWS\SWSC.exe
2014-08-03 19:57:12 ----A---- C:\WINDOWS\SWREG.exe
2014-08-03 19:57:12 ----A---- C:\WINDOWS\sed.exe
2014-08-03 19:57:12 ----A---- C:\WINDOWS\PEV.exe
2014-08-03 19:57:12 ----A---- C:\WINDOWS\NIRCMD.exe
2014-08-03 19:57:12 ----A---- C:\WINDOWS\MBR.exe
2014-08-03 19:57:12 ----A---- C:\WINDOWS\grep.exe
2014-08-03 19:56:17 ----D---- C:\Qoobox
2014-08-03 19:55:51 ----D---- C:\WINDOWS\erdnt
2014-08-03 19:42:44 ----D---- C:\rsit
2014-08-03 19:42:44 ----D---- C:\Program Files\trend micro
2014-08-03 19:15:44 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-03 18:54:56 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2014-08-03 18:54:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-08-03 18:49:43 ----D---- C:\AdwCleaner
2014-08-03 17:18:19 ----D---- C:\EEK
2014-08-03 17:14:45 ----A---- C:\TDSSKiller.3.0.0.40_03.08.2014_17.14.45_log.txt
2014-08-03 17:12:27 ----A---- C:\TDSSKiller.3.0.0.40_03.08.2014_17.12.27_log.txt
2014-08-03 15:13:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2014-08-03 15:13:01 ----D---- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2014-08-03 15:09:46 ----D---- C:\Documents and Settings\Administrator\Data aplikací\IconFiles
2014-08-03 09:09:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2014-08-03 07:55:21 ----D---- C:\WINDOWS\pss
2014-07-30 16:47:49 ----A---- C:\test.ini
2014-07-30 16:26:40 ----D---- C:\WINDOWS\system32\NtmsData
2014-07-30 14:53:54 ----D---- C:\WINDOWS\Minidump
2014-07-30 13:18:53 ----A---- C:\WINDOWS\UC.PIF
2014-07-30 13:18:53 ----A---- C:\WINDOWS\RAR.PIF
2014-07-30 13:18:53 ----A---- C:\WINDOWS\LHA.PIF
2014-07-30 13:18:53 ----A---- C:\WINDOWS\ARJ.PIF
2014-07-30 13:18:52 ----D---- C:\totalcmd
2014-07-30 13:18:52 ----D---- C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2014-07-30 12:12:53 ----D---- C:\Program Files\7-Zip
2014-07-30 11:18:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2014-07-30 11:02:17 ----A---- C:\WINDOWS\system32\d3d9caps.dat

======List of files/folders modified in the last 1 month======

2014-08-04 08:02:52 ----D---- C:\WINDOWS\Prefetch
2014-08-04 08:00:25 ----D---- C:\WINDOWS\system32
2014-08-04 07:59:49 ----D---- C:\WINDOWS\Temp
2014-08-04 07:59:34 ----D---- C:\WINDOWS\system32\CatRoot2
2014-08-04 07:59:22 ----D---- C:\WINDOWS
2014-08-04 07:58:13 ----D---- C:\WINDOWS\system32\drivers
2014-08-04 07:57:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-08-04 07:56:47 ----D---- C:\Program Files\Common Files\Bitdefender
2014-08-04 07:55:45 ----A---- C:\bdlog.txt
2014-08-04 07:52:01 ----RD---- C:\WINDOWS\Offline Web Pages
2014-08-04 07:51:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2014-08-03 21:45:54 ----D---- C:\WINDOWS\system32\drivers\etc
2014-08-03 21:21:31 ----D---- C:\Program Files
2014-08-03 20:28:44 ----SD---- C:\WINDOWS\Tasks
2014-08-03 20:13:40 ----SHD---- C:\System Volume Information
2014-08-03 20:13:40 ----D---- C:\WINDOWS\system32\Restore
2014-08-03 20:13:37 ----A---- C:\WINDOWS\system.ini
2014-08-03 20:11:52 ----D---- C:\WINDOWS\system32\config
2014-08-03 20:06:41 ----D---- C:\WINDOWS\AppPatch
2014-08-03 20:06:30 ----D---- C:\Program Files\Common Files
2014-08-03 19:58:57 ----RASH---- C:\boot.ini
2014-08-03 19:51:19 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2014-08-03 18:22:31 ----D---- C:\WINDOWS\Debug
2014-08-03 15:08:41 ----SHD---- C:\WINDOWS\Installer
2014-08-03 15:07:33 ----HD---- C:\WINDOWS\inf
2014-07-30 16:26:37 ----D---- C:\WINDOWS\repair
2014-07-30 16:26:27 ----D---- C:\WINDOWS\Registration
2014-07-30 15:22:11 ----D---- C:\WINDOWS\system32\MRT
2014-07-30 15:20:51 ----A---- C:\WINDOWS\system32\MRT.exe
2014-07-30 11:21:29 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 vmci;VMware VMCI Bus Driver; C:\WINDOWS\system32\DRIVERS\vmci.sys [2013-10-08 71888]
R0 vmscsi;VMware Storage Controller Driver; C:\WINDOWS\system32\drivers\vmscsi.sys [2013-10-17 14232]
R0 vsock;vSockets Driver; C:\WINDOWS\system32\drivers\vsock.sys [2013-10-08 63824]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 vmhgfs;VMware Host Guest Client Redirector; C:\WINDOWS\system32\drivers\vmhgfs.sys [2014-03-21 157528]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 VMMEMCTL;Memory Control Driver; \??\C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2013-10-17 11800]
R3 vmusbmouse;VMware USB Pointing Device; C:\WINDOWS\system32\DRIVERS\vmusbmouse.sys [2013-10-17 11928]
R3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2014-03-21 62808]
R3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2013-10-17 30064]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cleanhlp;cleanhlp; \??\C:\EEK\Run\cleanhlp32.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 pdserv;Bitdefender 60-Second Virus Scanner Service; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [2013-11-11 1221384]
R2 VMTools;VMware Tools; C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2014-03-21 63704]
R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [2014-03-21 430296]
R3 TPAutoConnSvc;TP AutoConnect Service; C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe [2014-03-21 382288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 TPVCGateway;TP VC Gateway Service; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2014-03-21 406864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]

-----------------EOF-----------------

[JaRon]

ahoj,
otazka znie: preco myslis, ze v PC nieo zostalo uz ten sposob hlava-nehlava scanovat PC vsetkym na co si spomenies nebola najlepsia ,,,
1. odinstaluj vsetky pouzite programy na vycistenie co si pouzil + cistka CCleanerom
3. prescanuj PC s MBAM + AVPTool

[radek178]

Něco tam je, protože IE porad, i když je nastaven Seznam jako domovska stranka, po zapnuti smeruje na nejakej cinskej web a pak MBAM nejde instalovat a popis chyby je na forum MBAM oznacovan tak, ze to nejde z duvodu zavirovaného PC.

Ja jsem samozrejme neskenoval téma programama najednou. Vsechno jsem postupne instaloval a odinstaloval. Nikdy jsem tam tech ruznych věciček nemel vic najednou.

Všechny programy na cisteni jsou odinstalovany, krom RSIT apod., ale ty se snad neinstaluji, ale pouze spousti.

[JaRon]

skus nainstalovat a spustit MBAM v 1.75 v nudzovom rezime PC

[radek178]

Prave kvůli MBAM jsem to všechno delal, protože jsem objevil jednu mrchu, co projde přes plne virtualizovanej sandbox comoda. Chtel jsem vedet, jestli to pak nejakej z programu najde. Nechytl se ani jeden. No a tu další cinskou mrchu jsem tam dal kdoví s cim. Nic ji nenaslo, az ted Spyhunter. Ten to ale neodstrani. Nasel jsem to v registrech, smazal, ale IE se porad presmerovava na ty cinany. Nevis nahodou, kde ještě hledat? MBAM ta stara verze nainstalovat sla, ale nic nenasla.

[JaRon]

vloz log FRST

[radek178]

Uz se zda, ze je ten cinan pryc. Nechavam doskenovat. Pak to sem dam. No su celkem zklamanej ze vsechprogramu. Jedinej, kterej si cinana vsiml byl Spyhunter. Jinak všechny zklamaly, jak MBAM, tak COMBOFIX, rkill, roguekiller, Hitman, JRT, Adwcleaner atd.

[radek178]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by Administrator (administrator) on AFRICA1 on 04-08-2014 10:03:41
Running from C:\Documents and Settings\Administrator\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Cortado AG) C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
(Cortado AG) C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-606747145-1202660629-725345543-500\...\Policies\Explorer: [EditLevel] 0
HKU\S-1-5-21-606747145-1202660629-725345543-500\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-606747145-1202660629-725345543-500\...\Policies\Explorer: [NoCommonGroups] 0
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\KYESCAN.lnk
ShortcutTarget: KYESCAN.lnk -> C:\Program Files\ScannerU\KyeScan.exe (KYE SYSTEMS CORP.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.140.2

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\jti1n3hl.default
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
R3 TPAutoConnSvc; C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe [382288 2014-03-21] (Cortado AG)
S3 TPVCGateway; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [406864 2014-03-21] (Cortado AG)
R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [430296 2014-03-21] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-08-03] (Emsisoft GmbH)
R3 es1371; C:\WINDOWS\System32\drivers\es1371mp.sys [40704 2001-08-17] (Creative Technology Ltd.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R2 VMMEMCTL; C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys [18520 2014-03-21] (VMware, Inc.)
R0 vmscsi; C:\WINDOWS\System32\drivers\vmscsi.sys [14232 2013-10-17] (VMware, Inc.)
R3 vmusbmouse; C:\WINDOWS\System32\DRIVERS\vmusbmouse.sys [11928 2013-10-17] (VMware, Inc.)
R3 vmxnet; C:\WINDOWS\System32\DRIVERS\vmxnet.sys [30064 2013-10-17] (VMware, Inc.)
R3 vmx_svga; C:\WINDOWS\System32\DRIVERS\vmx_svga.sys [62808 2014-03-21] (VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 10:03 - 2014-08-04 10:04 - 00005990 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-08-04 10:03 - 2014-08-04 10:03 - 00000000 ____D () C:\FRST
2014-08-04 10:02 - 2014-08-04 10:02 - 01084928 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2014-08-04 10:02 - 2014-08-04 10:02 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-08-04 09:42 - 2014-08-04 09:42 - 00081920 _____ () C:\WINDOWS\Minidump\Mini080414-02.dmp
2014-08-04 09:17 - 2014-08-04 09:16 - 00081920 _____ () C:\WINDOWS\Minidump\Mini080414-01.dmp
2014-08-04 09:15 - 2014-08-04 09:15 - 01016261 _____ (Thisisu) C:\Documents and Settings\Administrator\Plocha\JRT.exe
2014-08-04 09:15 - 2014-08-04 09:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-04 08:49 - 2014-08-04 08:49 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-08-04 08:49 - 2014-08-04 08:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-04 08:49 - 2014-08-04 08:49 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-08-04 08:49 - 2014-08-04 08:49 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-08-04 08:49 - 2014-08-04 08:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2014-08-04 08:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-04 08:43 - 2014-08-04 08:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Plocha\mbam-setup-1.75.0.1300.exe
2014-08-04 08:40 - 2014-08-04 08:40 - 00001983 _____ () C:\Documents and Settings\Administrator\Plocha\SpyHunter.lnk
2014-08-04 08:40 - 2014-08-04 08:40 - 00000000 ____D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-08-04 08:40 - 2014-08-04 08:40 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-04 08:40 - 2014-08-04 08:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Nabídka Start\Programy\SpyHunter
2014-08-04 08:35 - 2014-08-04 08:35 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-04 08:34 - 2014-08-04 08:39 - 00722816 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Administrator\Plocha\SpyHunter-Installer-k.com
2014-08-04 08:23 - 2014-08-04 08:23 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 07:51 - 2014-08-04 07:51 - 00000385 _____ () C:\Documents and Settings\Administrator\Data aplikacíuser_gensett.xml
2014-08-03 21:21 - 2014-08-04 08:18 - 00000000 ____D () C:\Program Files\Bitdefender
2014-08-03 21:16 - 2014-08-04 10:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory
2014-08-03 21:11 - 2014-08-03 21:11 - 00000730 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2014-08-03 21:11 - 2014-08-03 21:11 - 00000724 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2014-08-03 21:11 - 2014-08-03 21:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-03 21:11 - 2014-08-03 21:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
2014-08-03 21:11 - 2014-08-03 21:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2014-08-03 20:51 - 2014-08-04 08:40 - 00006196 _____ () C:\WINDOWS\setupapi.log
2014-08-03 20:51 - 2014-08-03 21:31 - 00001884 _____ () C:\WINDOWS\setupact.log
2014-08-03 20:51 - 2014-08-03 20:51 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-03 20:49 - 2014-08-03 20:51 - 00037185 _____ () C:\Report 2014-08-03 20.49.01.txt
2014-08-03 20:47 - 2014-08-03 20:48 - 09927424 _____ () C:\Documents and Settings\Administrator\Plocha\Antivirus_Free_Edition_x86.exe
2014-08-03 20:47 - 2014-08-03 20:47 - 00162208 _____ () C:\Documents and Settings\Administrator\Plocha\Antivirus_Free_Edition.exe
2014-08-03 20:18 - 2014-08-04 10:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-03 20:18 - 2014-08-03 20:18 - 00011294 _____ () C:\ComboFix.txt
2014-08-03 20:18 - 2014-08-03 20:18 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-03 20:18 - 2014-08-03 20:18 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-03 20:18 - 2014-08-03 20:18 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-08-03 20:11 - 2014-08-03 20:11 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-08-03 20:11 - 2014-08-03 20:11 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-08-03 20:11 - 2014-08-03 20:11 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-08-03 20:11 - 2014-08-03 20:11 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-08-03 20:11 - 2014-08-03 20:11 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-08-03 19:58 - 2014-08-03 19:58 - 00000000 _RSHD () C:\cmdcons
2014-08-03 19:58 - 2014-02-23 13:47 - 00000211 _____ () C:\Boot.bak
2014-08-03 19:58 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2014-08-03 19:56 - 2014-08-03 19:56 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Nástroje pro správu
2014-08-03 19:56 - 2014-08-03 19:56 - 00000000 ___RD () C:\Documents and Settings\Administrator\Dokumenty\Filmy
2014-08-03 19:55 - 2014-08-04 08:21 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-03 19:52 - 2014-08-03 19:54 - 00003194 _____ () C:\Documents and Settings\Administrator\Plocha\Rkill.txt
2014-08-03 19:52 - 2014-08-03 19:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Plocha\rkill.exe
2014-08-03 19:42 - 2014-08-04 08:03 - 00000000 ____D () C:\Program Files\trend micro
2014-08-03 19:42 - 2014-08-03 19:42 - 01107968 _____ () C:\Documents and Settings\Administrator\Plocha\RSIT.exe
2014-08-03 19:42 - 2014-08-03 19:42 - 00013560 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-08-03 19:42 - 2014-08-03 19:42 - 00000000 ____D () C:\rsit
2014-08-03 19:15 - 2014-08-03 19:15 - 00096664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-03 19:11 - 2014-08-03 19:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\backups
2014-08-03 19:08 - 2014-08-03 19:13 - 00004353 _____ () C:\Documents and Settings\Administrator\Plocha\hijackthis.log
2014-08-03 19:08 - 2014-08-03 19:08 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
2014-08-03 18:54 - 2014-08-03 18:54 - 00029160 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-03 18:54 - 2014-08-03 18:54 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-08-03 18:52 - 2014-08-03 18:52 - 04806744 _____ () C:\Documents and Settings\Administrator\Plocha\RogueKiller.exe
2014-08-03 18:49 - 2014-08-04 09:13 - 00000000 ____D () C:\AdwCleaner
2014-08-03 18:49 - 2014-08-03 18:49 - 01361309 _____ () C:\Documents and Settings\Administrator\Plocha\adwcleaner_3.302.exe
2014-08-03 18:32 - 2014-08-03 18:32 - 18615872 _____ (SUPERAntiSpyware) C:\Documents and Settings\Administrator\Plocha\SAS_418C11.EXE
2014-08-03 18:21 - 2014-08-03 18:21 - 05125829 _____ () C:\Documents and Settings\Administrator\Plocha\ccsetup416.zip
2014-08-03 18:21 - 2014-08-03 18:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\ccsetup416
2014-08-03 17:26 - 2014-08-03 17:26 - 00003270 _____ () C:\EamClean.log
2014-08-03 17:18 - 2014-08-03 17:18 - 00000462 _____ () C:\Documents and Settings\Administrator\Plocha\Emsisoft Emergency Kit.lnk
2014-08-03 17:18 - 2014-08-03 17:18 - 00000000 ____D () C:\EEK
2014-08-03 17:12 - 2014-08-03 17:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Plocha\tdsskiller.exe
2014-08-03 16:12 - 2014-08-03 16:12 - 00321848 _____ (Malwarebytes Corporation) C:\Documents and Settings\Administrator\Plocha\mbam-clean-2.1.1.1001.exe
2014-08-03 15:55 - 2014-08-03 15:55 - 00000000 ____D () C:\Documents and Settings\LocalService\Data aplikac韁Baidu
2014-08-03 15:13 - 2014-08-03 15:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2014-08-03 15:12 - 2014-08-03 15:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google
2014-08-03 15:09 - 2014-08-03 15:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\IconFiles
2014-08-03 14:59 - 2014-08-03 15:29 - 02345472 _____ (BBCD) C:\Documents and Settings\All Users\Dokumenty\xkna_50161.exe
2014-08-03 14:56 - 2014-08-03 15:03 - 00001024 ____H () C:\WINDOWS\system32\config\elam.LOG
2014-08-03 14:56 - 2014-08-03 14:56 - 00262144 _____ () C:\WINDOWS\system32\config\elam
2014-08-03 09:11 - 2014-08-03 09:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Plocha\mbam-setup-2.0.2.1012.exe
2014-08-03 09:09 - 2014-08-03 09:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2014-08-03 09:08 - 2014-08-03 09:09 - 10279264 _____ (SurfRight B.V.) C:\Documents and Settings\Administrator\Plocha\HitmanPro.exe
2014-08-03 08:06 - 2014-08-03 08:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\ProcessExplorer
2014-08-03 08:04 - 2014-08-03 08:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\Autoruns
2014-08-03 07:55 - 2014-08-03 07:55 - 00000000 ____D () C:\WINDOWS\pss
2014-08-03 07:11 - 2014-08-03 07:11 - 04834344 _____ (AVAST Software) C:\Documents and Settings\Administrator\Plocha\avast_premier_antivirus_setup_online.exe
2014-08-02 22:07 - 2014-07-28 18:10 - 00152112 _____ () C:\Documents and Settings\Administrator\Plocha\virussign.com_a50560e487926530e40fb1cd8f1c3496.exe
2014-08-02 21:57 - 2014-07-28 18:10 - 00152112 _____ () C:\Documents and Settings\Administrator\Plocha\install.exe
2014-08-02 11:07 - 2014-08-02 11:10 - 97654893 _____ () C:\Documents and Settings\Administrator\Plocha\VirusSignList_Free_140802.zip
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start\Programy
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start
2014-07-30 16:47 - 2014-07-30 17:03 - 00000002 _____ () C:\test.ini
2014-07-30 16:26 - 2014-07-30 16:27 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-30 15:30 - 2014-07-30 15:30 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1406727053359
2014-07-30 14:53 - 2014-08-04 09:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-30 13:18 - 2014-07-30 13:19 - 00000000 ____D () C:\totalcmd
2014-07-30 13:18 - 2014-07-30 13:18 - 00000548 _____ () C:\Documents and Settings\Administrator\Plocha\Total Commander.lnk
2014-07-30 13:18 - 2014-07-30 13:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Total Commander
2014-07-30 13:18 - 2014-07-30 13:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2014-07-30 13:18 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\UC.PIF
2014-07-30 13:18 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\RAR.PIF
2014-07-30 13:18 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\LHA.PIF
2014-07-30 13:18 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\ARJ.PIF
2014-07-30 12:14 - 2014-07-30 12:15 - 111107701 _____ () C:\Documents and Settings\Administrator\Plocha\VirusSignList_Free_140729.zip
2014-07-30 12:12 - 2014-07-30 12:12 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-30 12:12 - 2014-07-30 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\7-Zip
2014-07-30 12:08 - 2014-07-30 12:08 - 112466537 _____ () C:\Documents and Settings\Administrator\Plocha\VirusSignList_Free_140730.zip
2014-07-30 11:48 - 2014-07-30 11:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Temp
2014-07-30 11:18 - 2014-07-30 11:18 - 04861584 _____ (AVAST Software) C:\Documents and Settings\Administrator\Plocha\avast_free_antivirus_setup_online.exe
2014-07-09 19:19 - 2014-08-03 21:19 - 00085582 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-606747145-1202660629-725345543-500-0.dat
2014-07-09 19:09 - 2014-07-09 19:09 - 00000000 __SHD () C:\Documents and Settings\LocalService\IETldCache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 10:04 - 2014-08-04 10:03 - 00005990 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-08-04 10:04 - 2014-08-03 20:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-04 10:03 - 2014-08-04 10:03 - 00000000 ____D () C:\FRST
2014-08-04 10:03 - 2014-02-23 14:02 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-08-04 10:03 - 2014-02-23 14:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2014-08-04 10:02 - 2014-08-04 10:02 - 01084928 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2014-08-04 10:02 - 2014-08-04 10:02 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-08-04 10:01 - 2014-08-03 21:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory
2014-08-04 09:44 - 2014-02-23 13:53 - 01066615 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 09:43 - 2014-02-23 14:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-04 09:43 - 2014-02-23 14:46 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-08-04 09:42 - 2014-08-04 09:42 - 00081920 _____ () C:\WINDOWS\Minidump\Mini080414-02.dmp
2014-08-04 09:42 - 2014-07-30 14:53 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-04 09:42 - 2014-02-23 14:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-04 09:28 - 2014-02-23 14:02 - 00000000 ___RD () C:\Documents and Settings\Administrator\Dokumenty
2014-08-04 09:23 - 2014-02-23 14:41 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-08-04 09:16 - 2014-08-04 09:17 - 00081920 _____ () C:\WINDOWS\Minidump\Mini080414-01.dmp
2014-08-04 09:15 - 2014-08-04 09:15 - 01016261 _____ (Thisisu) C:\Documents and Settings\Administrator\Plocha\JRT.exe
2014-08-04 09:15 - 2014-08-04 09:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-04 09:13 - 2014-08-03 18:49 - 00000000 ____D () C:\AdwCleaner
2014-08-04 08:49 - 2014-08-04 08:49 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-08-04 08:49 - 2014-08-04 08:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-04 08:49 - 2014-08-04 08:49 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-08-04 08:49 - 2014-08-04 08:49 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-08-04 08:49 - 2014-08-04 08:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2014-08-04 08:49 - 2014-02-23 14:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-08-04 08:49 - 2014-02-23 14:41 - 00000000 ___HD () C:\Documents and Settings\All Users\Data aplikací
2014-08-04 08:49 - 2014-02-23 14:02 - 00000000 ___HD () C:\Documents and Settings\Administrator\Data aplikací
2014-08-04 08:48 - 2014-08-04 08:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Plocha\mbam-setup-1.75.0.1300.exe
2014-08-04 08:47 - 2014-02-23 14:11 - 00001475 _____ () C:\Documents and Settings\Administrator\Plocha\Průzkumník Windows.lnk
2014-08-04 08:47 - 2014-02-23 13:56 - 00001599 _____ () C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-08-04 08:47 - 2014-02-23 13:56 - 00001563 _____ () C:\Documents and Settings\All Users\Nabídka Start\Přístup a výchozí nastavení programů.lnk
2014-08-04 08:47 - 2014-02-23 13:56 - 00001507 _____ () C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2014-08-04 08:46 - 2014-02-23 14:02 - 00001599 _____ () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-08-04 08:40 - 2014-08-04 08:40 - 00001983 _____ () C:\Documents and Settings\Administrator\Plocha\SpyHunter.lnk
2014-08-04 08:40 - 2014-08-04 08:40 - 00000000 ____D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-08-04 08:40 - 2014-08-04 08:40 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-04 08:40 - 2014-08-04 08:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Nabídka Start\Programy\SpyHunter
2014-08-04 08:40 - 2014-08-03 20:51 - 00006196 _____ () C:\WINDOWS\setupapi.log
2014-08-04 08:40 - 2014-02-23 14:02 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy
2014-08-04 08:39 - 2014-08-04 08:34 - 00722816 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Administrator\Plocha\SpyHunter-Installer-k.com
2014-08-04 08:35 - 2014-08-04 08:35 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-04 08:35 - 2014-02-23 14:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 08:23 - 2014-08-04 08:23 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 08:22 - 2014-02-23 14:07 - 00524288 _____ () C:\WINDOWS\system32\config\ThinPrint.evt
2014-08-04 08:22 - 2014-02-23 14:01 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-04 08:21 - 2014-08-03 19:55 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-04 08:21 - 2014-02-23 13:52 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-04 08:18 - 2014-08-03 21:21 - 00000000 ____D () C:\Program Files\Bitdefender
2014-08-04 08:03 - 2014-08-03 19:42 - 00000000 ____D () C:\Program Files\trend micro
2014-08-04 07:57 - 2014-02-23 14:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-08-04 07:56 - 2014-02-23 14:20 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-08-04 07:52 - 2014-02-23 13:54 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2014-08-04 07:51 - 2014-08-04 07:51 - 00000385 _____ () C:\Documents and Settings\Administrator\Data aplikacíuser_gensett.xml
2014-08-04 07:51 - 2014-02-23 14:02 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-03 21:31 - 2014-08-03 20:51 - 00001884 _____ () C:\WINDOWS\setupact.log
2014-08-03 21:19 - 2014-07-09 19:19 - 00085582 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-606747145-1202660629-725345543-500-0.dat
2014-08-03 21:19 - 2014-02-23 19:10 - 00085582 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2014-08-03 21:11 - 2014-08-03 21:11 - 00000730 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2014-08-03 21:11 - 2014-08-03 21:11 - 00000724 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2014-08-03 21:11 - 2014-08-03 21:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-03 21:11 - 2014-08-03 21:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
2014-08-03 21:11 - 2014-08-03 21:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2014-08-03 20:51 - 2014-08-03 20:51 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-03 20:51 - 2014-08-03 20:49 - 00037185 _____ () C:\Report 2014-08-03 20.49.01.txt
2014-08-03 20:48 - 2014-08-03 20:47 - 09927424 _____ () C:\Documents and Settings\Administrator\Plocha\Antivirus_Free_Edition_x86.exe
2014-08-03 20:47 - 2014-08-03 20:47 - 00162208 _____ () C:\Documents and Settings\Administrator\Plocha\Antivirus_Free_Edition.exe
2014-08-03 20:19 - 2014-02-23 14:01 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-03 20:18 - 2014-08-03 20:18 - 00011294 _____ () C:\ComboFix.txt
2014-08-03 20:18 - 2014-08-03 20:18 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-03 20:18 - 2014-08-03 20:18 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-03 20:18 - 2014-08-03 20:18 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-08-03 20:13 - 2001-10-25 16:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-03 20:12 - 2014-02-23 14:41 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-08-03 20:12 - 2014-02-23 14:41 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-08-03 20:12 - 2014-02-23 14:40 - 15204352 _____ () C:\WINDOWS\system32\config\software.bak
2014-08-03 20:12 - 2014-02-23 14:40 - 03932160 _____ () C:\WINDOWS\system32\config\system.bak
2014-08-03 20:12 - 2014-02-23 14:40 - 00262144 _____ () C:\WINDOWS\system32\config\default.bak
2014-08-03 20:11 - 2014-08-03 20:11 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-08-03 20:11 - 2014-08-03 20:11 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-08-03 20:11 - 2014-08-03 20:11 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-08-03 20:11 - 2014-08-03 20:11 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-08-03 20:11 - 2014-08-03 20:11 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-08-03 20:10 - 2014-02-23 14:41 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-08-03 19:58 - 2014-08-03 19:58 - 00000000 _RSHD () C:\cmdcons
2014-08-03 19:58 - 2014-02-23 14:40 - 00000327 __RSH () C:\boot.ini
2014-08-03 19:56 - 2014-08-03 19:56 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Nástroje pro správu
2014-08-03 19:56 - 2014-08-03 19:56 - 00000000 ___RD () C:\Documents and Settings\Administrator\Dokumenty\Filmy
2014-08-03 19:54 - 2014-08-03 19:52 - 00003194 _____ () C:\Documents and Settings\Administrator\Plocha\Rkill.txt
2014-08-03 19:52 - 2014-08-03 19:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Plocha\rkill.exe
2014-08-03 19:42 - 2014-08-03 19:42 - 01107968 _____ () C:\Documents and Settings\Administrator\Plocha\RSIT.exe
2014-08-03 19:42 - 2014-08-03 19:42 - 00013560 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-08-03 19:42 - 2014-08-03 19:42 - 00000000 ____D () C:\rsit
2014-08-03 19:29 - 2014-02-23 14:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-08-03 19:29 - 2014-02-23 14:32 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-03 19:15 - 2014-08-03 19:15 - 00096664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-03 19:13 - 2014-08-03 19:08 - 00004353 _____ () C:\Documents and Settings\Administrator\Plocha\hijackthis.log
2014-08-03 19:12 - 2014-08-03 19:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\backups
2014-08-03 19:08 - 2014-08-03 19:08 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
2014-08-03 18:54 - 2014-08-03 18:54 - 00029160 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-03 18:54 - 2014-08-03 18:54 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-08-03 18:52 - 2014-08-03 18:52 - 04806744 _____ () C:\Documents and Settings\Administrator\Plocha\RogueKiller.exe
2014-08-03 18:49 - 2014-08-03 18:49 - 01361309 _____ () C:\Documents and Settings\Administrator\Plocha\adwcleaner_3.302.exe
2014-08-03 18:32 - 2014-08-03 18:32 - 18615872 _____ (SUPERAntiSpyware) C:\Documents and Settings\Administrator\Plocha\SAS_418C11.EXE
2014-08-03 18:21 - 2014-08-03 18:21 - 05125829 _____ () C:\Documents and Settings\Administrator\Plocha\ccsetup416.zip
2014-08-03 18:21 - 2014-08-03 18:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\ccsetup416
2014-08-03 17:26 - 2014-08-03 17:26 - 00003270 _____ () C:\EamClean.log
2014-08-03 17:26 - 2014-02-23 14:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Data aplikací
2014-08-03 17:18 - 2014-08-03 17:18 - 00000462 _____ () C:\Documents and Settings\Administrator\Plocha\Emsisoft Emergency Kit.lnk
2014-08-03 17:18 - 2014-08-03 17:18 - 00000000 ____D () C:\EEK
2014-08-03 17:12 - 2014-08-03 17:12 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Plocha\tdsskiller.exe
2014-08-03 16:12 - 2014-08-03 16:12 - 00321848 _____ (Malwarebytes Corporation) C:\Documents and Settings\Administrator\Plocha\mbam-clean-2.1.1.1001.exe
2014-08-03 15:55 - 2014-08-03 15:55 - 00000000 ____D () C:\Documents and Settings\LocalService\Data aplikac韁Baidu
2014-08-03 15:55 - 2014-02-23 14:01 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-03 15:29 - 2014-08-03 14:59 - 02345472 _____ (BBCD) C:\Documents and Settings\All Users\Dokumenty\xkna_50161.exe
2014-08-03 15:13 - 2014-08-03 15:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2014-08-03 15:12 - 2014-08-03 15:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google
2014-08-03 15:09 - 2014-08-03 15:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\IconFiles
2014-08-03 15:03 - 2014-08-03 14:56 - 00001024 ____H () C:\WINDOWS\system32\config\elam.LOG
2014-08-03 14:56 - 2014-08-03 14:56 - 00262144 _____ () C:\WINDOWS\system32\config\elam
2014-08-03 14:51 - 2014-02-23 14:02 - 00000792 _____ () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Windows Media Player.lnk
2014-08-03 09:15 - 2014-08-03 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\HitmanPro
2014-08-03 09:11 - 2014-08-03 09:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Plocha\mbam-setup-2.0.2.1012.exe
2014-08-03 09:09 - 2014-08-03 09:08 - 10279264 _____ (SurfRight B.V.) C:\Documents and Settings\Administrator\Plocha\HitmanPro.exe
2014-08-03 08:06 - 2014-08-03 08:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\ProcessExplorer
2014-08-03 08:05 - 2014-08-03 08:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\Autoruns
2014-08-03 07:55 - 2014-08-03 07:55 - 00000000 ____D () C:\WINDOWS\pss
2014-08-03 07:11 - 2014-08-03 07:11 - 04834344 _____ (AVAST Software) C:\Documents and Settings\Administrator\Plocha\avast_premier_antivirus_setup_online.exe
2014-08-02 21:38 - 2001-10-25 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-02 11:10 - 2014-08-02 11:07 - 97654893 _____ () C:\Documents and Settings\Administrator\Plocha\VirusSignList_Free_140802.zip
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start\Programy
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\Documents and Settings\LocalService\Nabídka Start
2014-07-30 17:03 - 2014-07-30 16:47 - 00000002 _____ () C:\test.ini
2014-07-30 16:27 - 2014-07-30 16:26 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-30 16:26 - 2014-02-23 14:38 - 00000000 ____D () C:\WINDOWS\repair
2014-07-30 16:26 - 2014-02-23 13:52 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-30 15:30 - 2014-07-30 15:30 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1406727053359
2014-07-30 15:22 - 2014-02-23 16:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-30 15:20 - 2014-02-23 16:33 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-30 13:19 - 2014-07-30 13:18 - 00000000 ____D () C:\totalcmd
2014-07-30 13:18 - 2014-07-30 13:18 - 00000548 _____ () C:\Documents and Settings\Administrator\Plocha\Total Commander.lnk
2014-07-30 13:18 - 2014-07-30 13:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Total Commander
2014-07-30 13:18 - 2014-07-30 13:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2014-07-30 12:15 - 2014-07-30 12:14 - 111107701 _____ () C:\Documents and Settings\Administrator\Plocha\VirusSignList_Free_140729.zip
2014-07-30 12:12 - 2014-07-30 12:12 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-30 12:12 - 2014-07-30 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\7-Zip
2014-07-30 12:08 - 2014-07-30 12:08 - 112466537 _____ () C:\Documents and Settings\Administrator\Plocha\VirusSignList_Free_140730.zip
2014-07-30 11:48 - 2014-07-30 11:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Temp
2014-07-30 11:46 - 2014-06-23 06:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha\+ - kopie
2014-07-30 11:18 - 2014-07-30 11:18 - 04861584 _____ (AVAST Software) C:\Documents and Settings\Administrator\Plocha\avast_free_antivirus_setup_online.exe
2014-07-28 18:10 - 2014-08-02 22:07 - 00152112 _____ () C:\Documents and Settings\Administrator\Plocha\virussign.com_a50560e487926530e40fb1cd8f1c3496.exe
2014-07-28 18:10 - 2014-08-02 21:57 - 00152112 _____ () C:\Documents and Settings\Administrator\Plocha\install.exe
2014-07-09 19:09 - 2014-07-09 19:09 - 00000000 __SHD () C:\Documents and Settings\LocalService\IETldCache

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:9.99 GB) (Free:4.8 GB) NTFS ==>[Drive with boot components (Windows XP)]

Available physical RAM: 628.75 MB
Total physical RAM: 1023.48 MB
Percentage of memory in use: 38%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 10 GB) (Disk ID: B1A8B1A8)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: 360 Internet Security (Disabled - Up to date) {D737F2DE-FA43-4036-AF5B-911612E2D674}
AV: Kaspersky Anti-Virus (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Administrator\Plocha" je 466 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[JaRon]

tazko podla jedneho smejda posudzovat utility - podstatne je, ze to mas OK
pouzi este vyskovo "tak jeste uklidime" http://forum.viry.cz/viewtopic.php?f=13 ... 2#p1337872

[radek178]

Jasne, chápu, ze ne všechny utility budou fungovat na všechno, ale ze nezabere ani jedno, z toho znamejsiho me zklamalo. Jsem zvedavej, co na to reknou v Comodu. Psal jsem jim na forum a nejak se nevyjadruji. To je celkem v prcicich, když to ze spousty programu jednomu umozni prolezt prez sandbox tak, aby si zapsal hodnotu do registru po spusteni a po naslednym restartu si toho smejda uz bez sandboxu spustil.

Jinak ten smejd se jmenoval Hao 123 a jak rikam, nic z utilit si ho ani nevsimlo.