Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Pravidelně padá na plochu

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
lafiman
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 18 srp 2013 14:05

Re: Pravidelně padá na plochu

#16 Příspěvek od lafiman »

Zkusil jsem to vše odinstalovat, protože už kameru nemám. Nejde to, furt to padá :(
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119492
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Pravidelně padá na plochu

#17 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lafiman
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 18 srp 2013 14:05

Re: Pravidelně padá na plochu

#18 Příspěvek od lafiman »

Zde je...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Filip at 2013-09-15 18:33:40
Microsoft Windows 7 Home Premium
System drive C: has 38 GB (16%) free of 233 GB
Total RAM: 3326 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:57, on 15.9.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\WinZipper\winzipersvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Origin\Origin.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\Filip\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\taskhost.exe
C:\Users\Filip\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Filip.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source= ... 1377211874
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source= ... 1377211874
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [ybcswx] C:\ProgramData\ybcswx.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] C:\Program Files\Origin\Origin.exe -AutoStart
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Filip\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Filip\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: SimilarSites - {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files\WinZipper\winzipersvc.exe

--
End of file - 7674 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\f8cjikd3.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"

"fe_3.6@nokia.com"=C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/esnlaunch,version=2.1.7]
"Description"=
"Path"=C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.11.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
aboutRights.js.moz-backup
aboutRobots.js.moz-backup
nsIQTScriptablePlugin.xpt
nsPostUpdateWin.js.moz-backup

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\f8cjikd3.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\f8cjikd3.default\searchplugins\
firmycz.xml
mapycz.xml
seznam.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-02-22 8522272]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"ybcswx"=C:\ProgramData\ybcswx.exe [2013-09-14 82944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Steam"=C:\Program Files\Steam\steam.exe [2013-09-06 1811368]
"EADM"=C:\Program Files\Origin\Origin.exe [2013-08-29 3549528]
"cz.seznam.software.autoupdate"=C:\Users\Filip\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Filip\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
C:\Program Files\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-08-29 1996200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Windows\system32\LVCOMSX.EXE [2005-07-19 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe [2003-05-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXO Auto Loader]
C:\Windows\MXOALDR.EXE [2003-04-07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-01-10 1083264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2010-11-25 2781000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe [2009-12-22 2647040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2012-04-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner]
C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe [2009-02-25 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-21 37888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.XFR1"=xfcodec.dll
"MSVideo8"=VfWWDM32.dll
"vidc.iv50"=ir50_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"MSVideo"=vfwwdm32.dll
"VIDC.FPS1"=frapsvid.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2013-09-14 18:32:00 ----A---- C:\ComboFix.txt
2013-09-14 18:28:09 ----D---- C:\$RECYCLE.BIN
2013-09-14 18:26:37 ----D---- C:\Windows\temp
2013-09-14 18:26:15 ----A---- C:\ProgramData\ybcswx.exe
2013-09-14 14:33:18 ----A---- C:\Windows\zip.exe
2013-09-14 14:33:18 ----A---- C:\Windows\SWSC.exe
2013-09-14 14:33:18 ----A---- C:\Windows\SWREG.exe
2013-09-14 14:33:18 ----A---- C:\Windows\sed.exe
2013-09-14 14:33:18 ----A---- C:\Windows\PEV.exe
2013-09-14 14:33:18 ----A---- C:\Windows\NIRCMD.exe
2013-09-14 14:33:18 ----A---- C:\Windows\MBR.exe
2013-09-14 14:33:18 ----A---- C:\Windows\grep.exe
2013-09-14 14:33:12 ----D---- C:\Qoobox
2013-09-14 14:32:54 ----D---- C:\Windows\erdnt
2013-08-23 00:50:35 ----D---- C:\Users\Filip\AppData\Roaming\WinZipper
2013-08-23 00:50:35 ----D---- C:\Program Files\WinZipper
2013-08-19 20:07:02 ----D---- C:\ProgramData\eSafe
2013-08-19 20:02:20 ----D---- C:\Program Files\Seznam.cz
2013-08-19 20:00:50 ----D---- C:\Users\Filip\AppData\Roaming\Seznam.cz
2013-08-19 13:33:19 ----D---- C:\rsit
2013-08-19 13:33:19 ----D---- C:\Program Files\trend micro
2013-08-19 11:22:51 ----D---- C:\Program Files\Battlelog Web Plugins
2013-08-19 11:17:27 ----D---- C:\ProgramData\EA Logs
2013-08-19 09:15:23 ----HD---- C:\Program Files\Common Files\EAInstaller
2013-08-18 15:22:50 ----D---- C:\AdwCleaner
2013-08-18 11:53:37 ----SHD---- C:\ProgramData\DSS
2013-08-18 00:46:12 ----D---- C:\Program Files\Mozilla Firefox
2013-08-18 00:43:30 ----A---- C:\Windows\system32\pbsvc_moh.exe
2013-08-18 00:41:57 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-08-17 20:42:33 ----D---- C:\ProgramData\Package Cache
2013-08-15 21:39:13 ----D---- C:\Program Files\Origin Games
2013-08-15 21:38:02 ----D---- C:\Users\Filip\AppData\Roaming\Origin
2013-08-15 21:33:34 ----D---- C:\ProgramData\Origin
2013-08-15 21:33:31 ----D---- C:\Program Files\Origin
2013-08-07 11:33:46 ----D---- C:\Program Files\Mozilla Thunderbird
2013-08-04 23:12:25 ----D---- C:\ProgramData\StarApp
2013-07-20 14:06:35 ----D---- C:\Users\Filip\AppData\Roaming\Malwarebytes
2013-07-20 14:06:16 ----D---- C:\ProgramData\Malwarebytes
2013-07-20 14:06:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-07-20 14:06:14 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-07-16 22:11:43 ----D---- C:\Windows\pss

======List of files/folders modified in the last 3 months======

2013-09-15 18:33:51 ----D---- C:\Windows\Prefetch
2013-09-15 17:50:59 ----D---- C:\Windows\system32\config
2013-09-15 15:38:55 ----D---- C:\Windows\system32\Tasks
2013-09-15 15:35:02 ----D---- C:\Program Files\Logitech
2013-09-15 11:40:50 ----D---- C:\Program Files\Steam
2013-09-15 11:40:10 ----D---- C:\Windows\System32
2013-09-15 11:38:03 ----D---- C:\Program Files\Common Files
2013-09-15 11:38:02 ----D---- C:\Windows\inf
2013-09-15 11:37:58 ----D---- C:\Windows\system32\DriverStore
2013-09-15 11:37:58 ----D---- C:\Windows\system32\catroot
2013-09-15 11:37:51 ----D---- C:\Windows\system32\drivers
2013-09-15 11:37:28 ----SHD---- C:\System Volume Information
2013-09-15 11:37:11 ----SHD---- C:\Windows\Installer
2013-09-14 18:28:20 ----D---- C:\Windows
2013-09-14 18:28:20 ----A---- C:\Windows\system.ini
2013-09-14 18:28:00 ----D---- C:\Windows\system32\drivers\etc
2013-09-14 18:26:15 ----D---- C:\ProgramData
2013-09-14 18:24:13 ----D---- C:\Windows\AppPatch
2013-09-14 14:48:58 ----D---- C:\Windows\SoftwareDistribution
2013-09-08 21:04:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-29 11:37:33 ----RD---- C:\Program Files
2013-08-28 21:45:55 ----D---- C:\Users\Filip\AppData\Roaming\vlc
2013-08-28 21:28:49 ----HD---- C:\Program Files\InstallShield Installation Information
2013-08-26 19:31:44 ----D---- C:\Windows\system32\catroot2
2013-08-22 22:17:25 ----RSD---- C:\Windows\assembly
2013-08-19 17:17:31 ----D---- C:\Users\Filip\AppData\Roaming\dvdcss
2013-08-19 14:36:05 ----D---- C:\Windows\debug
2013-08-19 11:26:13 ----A---- C:\Windows\system32\PnkBstrB.exe
2013-08-19 11:18:05 ----D---- C:\ProgramData\Electronic Arts
2013-08-19 09:14:49 ----A---- C:\Windows\system32\PnkBstrA.exe
2013-08-18 20:25:09 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-08-18 00:41:58 ----D---- C:\Windows\Logs
2013-08-18 00:41:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-08-17 23:19:34 ----D---- C:\Windows\ModemLogs
2013-08-17 20:28:24 ----D---- C:\Windows\Panther
2013-08-17 20:28:24 ----D---- C:\ProgramData\TP-LINK
2013-08-17 20:28:24 ----D---- C:\Program Files\TmNationsForever
2013-08-17 20:28:24 ----D---- C:\Program Files\HLSW
2013-08-17 20:28:23 ----D---- C:\Windows\system32\Msdtc
2013-08-17 20:27:59 ----D---- C:\Windows\Downloaded Program Files
2013-08-17 17:55:43 ----D---- C:\Windows\Minidump
2013-08-17 15:01:44 ----D---- C:\Users\Filip\AppData\Roaming\Skype
2013-08-16 15:52:26 ----SD---- C:\ProgramData\Microsoft
2013-08-16 00:20:12 ----D---- C:\Windows\system32\oodag
2013-08-02 15:51:59 ----D---- C:\Users\Filip\AppData\Roaming\TP-LINK
2013-07-24 10:57:05 ----D---- C:\Program Files\Common Files\Steam
2013-07-23 16:16:04 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-07-16 23:09:59 ----D---- C:\Program Files\SpeedFan
2013-06-23 10:43:35 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-22 721904]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-07-21 281760]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 96896]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-07-21 25888]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 athr;Wireless PCI Adapter Driver Service; C:\Windows\system32\DRIVERS\athr.sys [2012-10-11 1249792]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-02-22 3022944]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 30312]
S3 AODDriver;AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys [2009-02-23 7168]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 108560]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Filip\AppData\Local\Temp\catchme.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2013-01-13 17488]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-08-20 17488]
S3 GVTDrv;GVTDrv; \??\C:\Windows\system32\Drivers\GVTDrv.sys [2013-08-20 24944]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 MXOFX;USB Storage Adapter FX (MXO); C:\Windows\system32\DRIVERS\MXOFX.SYS [2003-04-14 32512]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 QCMerced;Logitech QuickCam Communicate; C:\Windows\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys [2009-02-25 9088]
S3 rt61x86;AirLive WT-2000PCI Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr61.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 xnacc;Služba ovladače pro řadič XBOX 360 pro systém Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 465408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2010-11-25 2404168]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2013-08-19 75136]
R2 winzipersvc;WinZiper service; C:\Program Files\WinZipper\winzipersvc.exe [2013-08-23 424104]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-20 116648]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-20 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-18 117656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2013-07-10 559016]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
S4 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 291840]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 1385896]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2011-12-12 751464]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119492
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Pravidelně padá na plochu

#19 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Program Files\Skype\Toolbars
C:\ProgramData\ybcswx.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ybcswx"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lafiman
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 18 srp 2013 14:05

Re: Pravidelně padá na plochu

#20 Příspěvek od lafiman »

Zde je zatim z OTM

All processes killed
========== FILES ==========
C:\Program Files\Skype\Toolbars\Shared folder moved successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\Skype\Toolbars folder moved successfully.
C:\ProgramData\ybcswx.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ybcswx deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Filip
->Temp folder emptied: 19204097 bytes
->Temporary Internet Files folder emptied: 366774 bytes
->Java cache emptied: 7673254 bytes
->FireFox cache emptied: 447460820 bytes
->Google Chrome cache emptied: 343955389 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 6615 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 437 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 781,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Filip
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 09152013_212646

Files moved on Reboot...

Registry entries deleted on Reboot...
Nahoru
lafiman
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 18 srp 2013 14:05

Re: Pravidelně padá na plochu

#21 Příspěvek od lafiman »

A tady přidávám z RSIT, ale jinak to vypadá zatim dobře :) tak schválně uvidim...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Filip at 2013-09-15 21:44:25
Microsoft Windows 7 Home Premium
System drive C: has 38 GB (16%) free of 233 GB
Total RAM: 3326 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:44:37, on 15.9.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WinZipper\winzipersvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\Filip\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Users\Filip\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Filip.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source= ... 1377211874
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source= ... 1377211874
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [sdoys] C:\ProgramData\sdoys.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] C:\Program Files\Origin\Origin.exe -AutoStart
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Filip\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Filip\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: SimilarSites - {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files\WinZipper\winzipersvc.exe

--
End of file - 7488 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\f8cjikd3.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"

"fe_3.6@nokia.com"=C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/esnlaunch,version=2.1.7]
"Description"=
"Path"=C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.11.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
aboutRights.js.moz-backup
aboutRobots.js.moz-backup
nsIQTScriptablePlugin.xpt
nsPostUpdateWin.js.moz-backup

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\f8cjikd3.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\f8cjikd3.default\searchplugins\
firmycz.xml
mapycz.xml
seznam.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-02-22 8522272]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"sdoys"=C:\ProgramData\sdoys.exe [2013-09-15 82944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Steam"=C:\Program Files\Steam\steam.exe [2013-09-06 1811368]
"EADM"=C:\Program Files\Origin\Origin.exe [2013-08-29 3549528]
"cz.seznam.software.autoupdate"=C:\Users\Filip\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Filip\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
C:\Program Files\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-08-29 1996200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe [2003-05-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXO Auto Loader]
C:\Windows\MXOALDR.EXE [2003-04-07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-01-10 1083264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2010-11-25 2781000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe [2009-12-22 2647040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2012-04-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner]
C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe [2009-02-25 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-21 37888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.XFR1"=xfcodec.dll
"MSVideo8"=VfWWDM32.dll
"vidc.iv50"=ir50_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"MSVideo"=vfwwdm32.dll
"VIDC.FPS1"=frapsvid.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2013-09-15 21:26:50 ----A---- C:\ProgramData\sdoys.exe
2013-09-15 21:26:46 ----D---- C:\_OTM
2013-09-14 18:32:00 ----A---- C:\ComboFix.txt
2013-09-14 18:28:09 ----D---- C:\$RECYCLE.BIN
2013-09-14 18:26:37 ----D---- C:\Windows\temp
2013-09-14 14:33:18 ----A---- C:\Windows\zip.exe
2013-09-14 14:33:18 ----A---- C:\Windows\SWSC.exe
2013-09-14 14:33:18 ----A---- C:\Windows\SWREG.exe
2013-09-14 14:33:18 ----A---- C:\Windows\sed.exe
2013-09-14 14:33:18 ----A---- C:\Windows\PEV.exe
2013-09-14 14:33:18 ----A---- C:\Windows\NIRCMD.exe
2013-09-14 14:33:18 ----A---- C:\Windows\MBR.exe
2013-09-14 14:33:18 ----A---- C:\Windows\grep.exe
2013-09-14 14:33:12 ----D---- C:\Qoobox
2013-09-14 14:32:54 ----D---- C:\Windows\erdnt
2013-08-23 00:50:35 ----D---- C:\Users\Filip\AppData\Roaming\WinZipper
2013-08-23 00:50:35 ----D---- C:\Program Files\WinZipper
2013-08-19 20:07:02 ----D---- C:\ProgramData\eSafe
2013-08-19 20:02:20 ----D---- C:\Program Files\Seznam.cz
2013-08-19 20:00:50 ----D---- C:\Users\Filip\AppData\Roaming\Seznam.cz
2013-08-19 13:33:19 ----D---- C:\rsit
2013-08-19 13:33:19 ----D---- C:\Program Files\trend micro
2013-08-19 11:22:51 ----D---- C:\Program Files\Battlelog Web Plugins
2013-08-19 11:17:27 ----D---- C:\ProgramData\EA Logs
2013-08-19 09:15:23 ----HD---- C:\Program Files\Common Files\EAInstaller
2013-08-18 15:22:50 ----D---- C:\AdwCleaner
2013-08-18 11:53:37 ----SHD---- C:\ProgramData\DSS
2013-08-18 00:46:12 ----D---- C:\Program Files\Mozilla Firefox
2013-08-18 00:43:30 ----A---- C:\Windows\system32\pbsvc_moh.exe
2013-08-17 20:42:33 ----D---- C:\ProgramData\Package Cache
2013-08-15 21:39:13 ----D---- C:\Program Files\Origin Games
2013-08-15 21:38:02 ----D---- C:\Users\Filip\AppData\Roaming\Origin
2013-08-15 21:33:34 ----D---- C:\ProgramData\Origin
2013-08-15 21:33:31 ----D---- C:\Program Files\Origin
2013-08-07 11:33:46 ----D---- C:\Program Files\Mozilla Thunderbird
2013-08-04 23:12:25 ----D---- C:\ProgramData\StarApp
2013-07-20 14:06:35 ----D---- C:\Users\Filip\AppData\Roaming\Malwarebytes
2013-07-20 14:06:16 ----D---- C:\ProgramData\Malwarebytes
2013-07-20 14:06:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-07-20 14:06:14 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-07-16 22:11:43 ----D---- C:\Windows\pss

======List of files/folders modified in the last 3 months======

2013-09-15 21:34:00 ----D---- C:\Windows\Prefetch
2013-09-15 21:31:36 ----D---- C:\Windows\system32\config
2013-09-15 21:28:57 ----D---- C:\Program Files\Steam
2013-09-15 21:26:57 ----D---- C:\Windows
2013-09-15 21:26:50 ----D---- C:\ProgramData
2013-09-15 21:26:46 ----RD---- C:\Program Files\Skype
2013-09-15 15:38:55 ----D---- C:\Windows\system32\Tasks
2013-09-15 15:35:02 ----D---- C:\Program Files\Logitech
2013-09-15 11:40:10 ----D---- C:\Windows\System32
2013-09-15 11:38:03 ----D---- C:\Program Files\Common Files
2013-09-15 11:38:02 ----D---- C:\Windows\inf
2013-09-15 11:37:58 ----D---- C:\Windows\system32\DriverStore
2013-09-15 11:37:58 ----D---- C:\Windows\system32\catroot
2013-09-15 11:37:51 ----D---- C:\Windows\system32\drivers
2013-09-15 11:37:28 ----SHD---- C:\System Volume Information
2013-09-15 11:37:11 ----SHD---- C:\Windows\Installer
2013-09-14 18:28:20 ----A---- C:\Windows\system.ini
2013-09-14 18:28:00 ----D---- C:\Windows\system32\drivers\etc
2013-09-14 18:24:13 ----D---- C:\Windows\AppPatch
2013-09-14 14:48:58 ----D---- C:\Windows\SoftwareDistribution
2013-09-08 21:04:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-29 11:37:33 ----RD---- C:\Program Files
2013-08-28 21:45:55 ----D---- C:\Users\Filip\AppData\Roaming\vlc
2013-08-28 21:28:49 ----HD---- C:\Program Files\InstallShield Installation Information
2013-08-26 19:31:44 ----D---- C:\Windows\system32\catroot2
2013-08-22 22:17:25 ----RSD---- C:\Windows\assembly
2013-08-19 17:17:31 ----D---- C:\Users\Filip\AppData\Roaming\dvdcss
2013-08-19 14:36:05 ----D---- C:\Windows\debug
2013-08-19 11:26:13 ----A---- C:\Windows\system32\PnkBstrB.exe
2013-08-19 11:18:05 ----D---- C:\ProgramData\Electronic Arts
2013-08-19 09:14:49 ----A---- C:\Windows\system32\PnkBstrA.exe
2013-08-18 20:25:09 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-08-18 00:41:58 ----D---- C:\Windows\Logs
2013-08-18 00:41:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-08-17 23:19:34 ----D---- C:\Windows\ModemLogs
2013-08-17 20:28:24 ----D---- C:\Windows\Panther
2013-08-17 20:28:24 ----D---- C:\ProgramData\TP-LINK
2013-08-17 20:28:24 ----D---- C:\Program Files\TmNationsForever
2013-08-17 20:28:24 ----D---- C:\Program Files\HLSW
2013-08-17 20:28:23 ----D---- C:\Windows\system32\Msdtc
2013-08-17 20:27:59 ----D---- C:\Windows\Downloaded Program Files
2013-08-17 17:55:43 ----D---- C:\Windows\Minidump
2013-08-17 15:01:44 ----D---- C:\Users\Filip\AppData\Roaming\Skype
2013-08-16 15:52:26 ----SD---- C:\ProgramData\Microsoft
2013-08-16 00:20:12 ----D---- C:\Windows\system32\oodag
2013-08-02 15:51:59 ----D---- C:\Users\Filip\AppData\Roaming\TP-LINK
2013-07-24 10:57:05 ----D---- C:\Program Files\Common Files\Steam
2013-07-23 16:16:04 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-07-16 23:09:59 ----D---- C:\Program Files\SpeedFan
2013-06-23 10:43:35 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-22 721904]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-07-21 281760]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 96896]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-07-21 25888]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 athr;Wireless PCI Adapter Driver Service; C:\Windows\system32\DRIVERS\athr.sys [2012-10-11 1249792]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-02-22 3022944]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 30312]
S3 AODDriver;AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys [2009-02-23 7168]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 108560]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Filip\AppData\Local\Temp\catchme.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2013-01-13 17488]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-08-20 17488]
S3 GVTDrv;GVTDrv; \??\C:\Windows\system32\Drivers\GVTDrv.sys [2013-08-20 24944]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 MXOFX;USB Storage Adapter FX (MXO); C:\Windows\system32\DRIVERS\MXOFX.SYS [2003-04-14 32512]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 QCMerced;Logitech QuickCam Communicate; C:\Windows\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys [2009-02-25 9088]
S3 rt61x86;AirLive WT-2000PCI Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr61.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 xnacc;Služba ovladače pro řadič XBOX 360 pro systém Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 465408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2010-11-25 2404168]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2013-08-19 75136]
R2 winzipersvc;WinZiper service; C:\Program Files\WinZipper\winzipersvc.exe [2013-08-23 424104]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-20 116648]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-20 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-18 117656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2013-07-10 559016]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
S4 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 291840]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 1385896]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2011-12-12 751464]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119492
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Pravidelně padá na plochu

#22 Příspěvek od Rudy »

Otestujte online na www.virustotal.com tento soubor: C:\ProgramData\sdoys.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lafiman
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 18 srp 2013 14:05

Re: Pravidelně padá na plochu

#23 Příspěvek od lafiman »

Zde je sken https://www.virustotal.com/cs/file/4350 ... 379275519/
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119492
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Pravidelně padá na plochu

#24 Příspěvek od Rudy »

Zkuste tento postup:
Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lafiman
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 18 srp 2013 14:05

Re: Pravidelně padá na plochu

#25 Příspěvek od lafiman »

Tak zde to je

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.16.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Filip :: FILIP-PC [administrátor]

16.9.2013 15:09:47
MBAM-log-2013-09-16 (19-39-00).txt

Typ: Kompletní kontrola (C:\|X:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 511092
Uplynulý čas: 2 hodin, 8 minut, 41 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 8
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cdcbr (Trojan.Downloader) -> Data: C:\ProgramData\cdcbr.exe -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 10
C:\ProgramData\cdcbr.exe (Trojan.Downloader) -> Nebyla provedena žádná instrukce.
C:\Users\Filip\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\ProgramData\InstallMate\{2566206D-DFFB-425C-A0B7-97D9FE85029B}\Setup.exe.vir (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\ProgramData\InstallMate\{2566206D-DFFB-425C-A0B7-97D9FE85029B}\TsuDll.dll.vir (PUP.Optional.Tarma.A) -> Nebyla provedena žádná instrukce.
C:\Qoobox\Quarantine\C\ProgramData\cdcbs.exe.vir (Trojan.Downloader) -> Nebyla provedena žádná instrukce.
C:\Qoobox\Quarantine\C\ProgramData\vbdeu.exe.vir (Trojan.Downloader) -> Nebyla provedena žádná instrukce.
C:\Users\Filip\Desktop\Filip\Download\Programy\Download.exe (PUP.Optional.Installex) -> Nebyla provedena žádná instrukce.
C:\_OTM\MovedFiles\09152013_212646\C_ProgramData\ybcswx.exe (Trojan.Downloader) -> Nebyla provedena žádná instrukce.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\Mozilla Firefox\browser\searchplugins\qvo6.xml (PUP.Optional.qvo6.A) -> Nebyla provedena žádná instrukce.

(konec)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119492
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Pravidelně padá na plochu

#26 Příspěvek od Rudy »

Spustil jste úplně něco jiného. Nalzené položky klidně smažte. Já jsem ale nechtěl sken MBAM, ale MBAR. To trochu něco jiného.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lafiman
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 18 srp 2013 14:05

Re: Pravidelně padá na plochu

#27 Příspěvek od lafiman »

Jo aha tak to jo... ale teď jsem to dal a nic to nenašlo žádný malware :( a dělá to dál... :(
Nahoru
lafiman
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 18 srp 2013 14:05

Re: Pravidelně padá na plochu

#28 Příspěvek od lafiman »

Ale teď mi vypadla wifi tak jsem znovu dal připojit a už to nepadá... nesouvisí to nějak ?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119492
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Pravidelně padá na plochu

#29 Příspěvek od Rudy »

Nejspíš to nebude virový problém, nýbrž problém té hry (her). Vzpomeňte si, co jste instaloval těsně před tím, než se problém objevil a zkuste to odinstalovat. Jinak problematiku her tu neřešíme.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lafiman
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 18 srp 2013 14:05

Re: Pravidelně padá na plochu

#30 Příspěvek od lafiman »

Jo díky za pomoc :thumbsup:
Nahoru
Odpovědět

Zpět na „Diskuze, řešení problémů“