Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivní kontrola

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
LadyLacoste
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 23 zář 2013 15:54

Re: Preventivní kontrola

#16 Příspěvek od LadyLacoste »

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.29.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
vendy :: VENDY-PC [administrátor]

Ochrana: Povolena

30.9.2013 11:52:47
mbam-log-2013-09-30 (11-52-47).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 255134
Uplynulý čas: 42 minut, 31 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#17 Příspěvek od Márty84 »

:arrow: MBAM odinstalujte.

:!: Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
LadyLacoste
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 23 zář 2013 15:54

Re: Preventivní kontrola

#18 Příspěvek od LadyLacoste »

RogueKiller V8.7.0 [Sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : vendy [Práva správce]
Mód : Kontrola -- Datum : 10/01/2013 16:10:07
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] IAT @explorer.exe (UnhookWindowsHookEx) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C1A70)
[Inline] IAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C18A0)
[Inline] IAT @explorer.exe (SetWinEventHook) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C1400)
[Address] IAT @explorer.exe (GetUserNameExW) : Secur32.dll -> HOOKED (C:\Windows\system32\SSPICLI.DLL @ 0x75462AAF)
[Inline] EAT @explorer.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BA520)
[Inline] EAT @explorer.exe (LdrUnloadDll) : ntdll.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BA630)
[Inline] EAT @explorer.exe (_wpgmptr) : msvcrt.dll -> HOOKED (Unknown @ 0x57E53165)
[Inline] EAT @explorer.exe (ChangeServiceConfig2A) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BC370)
[Inline] EAT @explorer.exe (ChangeServiceConfig2W) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BC5C0)
[Inline] EAT @explorer.exe (ChangeServiceConfigA) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BBB20)
[Inline] EAT @explorer.exe (ChangeServiceConfigW) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BBF90)
[Inline] EAT @explorer.exe (CreateServiceA) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BACD0)
[Inline] EAT @explorer.exe (CreateServiceW) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BB1A0)
[Inline] EAT @explorer.exe (DeleteService) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BB8B0)
[Inline] EAT @explorer.exe (SetServiceObjectSecurity) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BE980)
[Inline] EAT @explorer.exe (SetWinEventHook) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C1400)
[Inline] EAT @explorer.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C16D0)
[Inline] EAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C18A0)
[Inline] EAT @explorer.exe (UnhookWinEvent) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C15A0)
[Inline] EAT @explorer.exe (UnhookWindowsHookEx) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C1A70)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - WDC WD6400BEVT-22A0RT0 ATA Device +++++
--- User ---
[MBR] 130122215e45e3433208c86090274d44
[BSP] f1d58c58e1c531a5a760f45364b53aa9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 598085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_10012013_161007.txt >>
RKreport[0]_S_10012013_155852.txt
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#19 Příspěvek od Márty84 »

:arrow: Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
LadyLacoste
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 23 zář 2013 15:54

Re: Preventivní kontrola

#20 Příspěvek od LadyLacoste »

RogueKiller V8.7.0 [Sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : vendy [Práva správce]
Mód : Odebrat -- Datum : 10/02/2013 08:11:37
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] IAT @explorer.exe (UnhookWindowsHookEx) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C1A70)
[Inline] IAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C18A0)
[Inline] IAT @explorer.exe (SetWinEventHook) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C1400)
[Address] IAT @explorer.exe (GetUserNameExW) : Secur32.dll -> HOOKED (C:\Windows\system32\SSPICLI.DLL @ 0x75462AAF)
[Inline] EAT @explorer.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BA520)
[Inline] EAT @explorer.exe (LdrUnloadDll) : ntdll.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BA630)
[Inline] EAT @explorer.exe (_wpgmptr) : msvcrt.dll -> HOOKED (Unknown @ 0x57E53165)
[Inline] EAT @explorer.exe (ChangeServiceConfig2A) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BC370)
[Inline] EAT @explorer.exe (ChangeServiceConfig2W) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BC5C0)
[Inline] EAT @explorer.exe (ChangeServiceConfigA) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BBB20)
[Inline] EAT @explorer.exe (ChangeServiceConfigW) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BBF90)
[Inline] EAT @explorer.exe (CreateServiceA) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BACD0)
[Inline] EAT @explorer.exe (CreateServiceW) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BB1A0)
[Inline] EAT @explorer.exe (DeleteService) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BB8B0)
[Inline] EAT @explorer.exe (SetServiceObjectSecurity) : sechost.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5BE980)
[Inline] EAT @explorer.exe (SetWinEventHook) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C1400)
[Inline] EAT @explorer.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C16D0)
[Inline] EAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C18A0)
[Inline] EAT @explorer.exe (UnhookWinEvent) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C15A0)
[Inline] EAT @explorer.exe (UnhookWindowsHookEx) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x6E5C1A70)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - WDC WD6400BEVT-22A0RT0 ATA Device +++++
--- User ---
[MBR] 130122215e45e3433208c86090274d44
[BSP] f1d58c58e1c531a5a760f45364b53aa9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 598085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_10022013_081137.txt >>
RKreport[0]_S_10012013_155852.txt;RKreport[0]_S_10012013_161007.txt
Nahoru
LadyLacoste
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 23 zář 2013 15:54

Re: Preventivní kontrola

#21 Příspěvek od LadyLacoste »

RogueKiller V8.7.0 [Sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : vendy [Práva správce]
Mód : Oprava HOSTS -- Datum : 10/02/2013 08:12:46
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_10022013_081246.txt >>
RKreport[0]_D_10022013_081137.txt;RKreport[0]_S_10012013_155852.txt;RKreport[0]_S_10012013_161007.txt
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#22 Příspěvek od Márty84 »

:!: Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) :!:

:!: Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

:arrow: Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
LadyLacoste
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 23 zář 2013 15:54

Re: Preventivní kontrola

#23 Příspěvek od LadyLacoste »

ComboFix 13-10-01.03 - vendy 02.10.2013 21:12:55.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2551.1872 [GMT 2:00]
Spuštěný z: c:\users\vendy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-02 do 2013-10-02 )))))))))))))))))))))))))))))))
.
.
2013-10-01 13:56 . 2013-10-01 13:56 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-10-01 06:39 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84670F28-12E1-482F-880B-4717666F23F1}\mpengine.dll
2013-09-24 16:32 . 2013-09-30 09:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-24 16:28 . 2013-09-24 16:28 -------- d-----w- c:\users\vendy\AppData\Roaming\Malwarebytes
2013-09-24 16:28 . 2013-09-24 16:28 -------- d-----w- c:\programdata\Malwarebytes
2013-09-23 18:40 . 2012-04-08 22:40 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2013-09-23 18:40 . 2013-09-23 18:40 -------- d-----w- c:\program files\Haali
2013-09-23 18:40 . 2013-09-29 17:33 -------- d-----w- c:\users\vendy\AppData\Roaming\PerformerSoft
2013-09-23 18:40 . 2013-09-23 18:40 -------- d-----w- c:\program files\ffdshow
2013-09-23 18:39 . 2013-09-29 17:33 -------- d-----w- c:\program files\Zula Games
2013-09-23 18:39 . 2013-09-23 18:39 -------- d-----w- c:\users\vendy\AppData\Local\Programs
2013-09-23 18:39 . 2013-09-23 18:39 -------- d-----w- c:\users\vendy\AppData\Roaming\zulagames
2013-09-23 18:05 . 2013-09-23 18:32 -------- d-----w- C:\AdwCleaner
2013-09-23 15:05 . 2013-08-30 07:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-23 15:05 . 2013-08-30 07:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-23 15:05 . 2013-08-30 07:48 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-23 15:05 . 2013-08-30 07:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-23 15:05 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-23 15:05 . 2013-08-30 07:48 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-23 15:05 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-23 15:05 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-23 15:05 . 2013-08-30 07:47 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-23 15:05 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-23 15:04 . 2013-09-23 15:04 -------- d-----w- c:\program files\AVAST Software
2013-09-23 15:04 . 2013-09-23 15:04 -------- d-----w- c:\programdata\AVAST Software
2013-09-23 14:37 . 2013-09-23 14:38 -------- d-----w- C:\rsit
2013-09-23 14:37 . 2013-09-23 14:38 -------- d-----w- c:\program files\trend micro
2013-09-23 14:19 . 2013-09-23 14:19 -------- d-----w- c:\program files\CCleaner
2013-09-23 13:57 . 2013-09-23 13:57 -------- d-----w- c:\users\vendy\AppData\Roaming\Radiocom
2013-09-23 13:57 . 2013-09-23 13:57 -------- d-----w- c:\users\vendy\RichMedia
2013-09-23 13:57 . 2013-09-23 13:57 -------- d-----w- c:\users\vendy\AppData\Local\Radiocom
2013-09-14 12:11 . 2013-09-14 12:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2013-09-14 12:11 . 2013-09-14 12:11 -------- d-----w- c:\users\vendy\AppData\Local\Adobe
2013-09-14 12:06 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2013-09-14 12:03 . 2013-09-14 12:03 -------- d-----w- C:\DirectX
2013-09-13 11:39 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2013-09-13 11:39 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2013-09-13 11:39 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-09-13 11:39 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-09-13 11:39 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-09-13 11:38 . 2013-09-23 14:29 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-09-13 11:38 . 2013-09-13 11:38 -------- d-----w- C:\Riot Games
2013-09-13 11:37 . 2013-09-23 18:31 -------- d-----w- c:\users\vendy\AppData\Local\PMB Files
2013-09-13 11:37 . 2013-09-23 18:31 -------- d-----w- c:\programdata\PMB Files
2013-09-13 11:37 . 2013-09-13 11:37 -------- d-----w- c:\program files\Pando Networks
2013-09-13 11:36 . 2013-09-23 14:30 -------- d-----w- c:\users\vendy\AppData\Roaming\Riot Games
2013-09-08 10:32 . 2013-10-01 12:30 -------- d-----w- c:\users\vendy\AppData\Roaming\BSplayer
2013-09-08 10:32 . 2013-09-08 10:32 -------- d-----w- c:\users\vendy\AppData\Roaming\BSplayer Pro
2013-09-08 10:32 . 2013-09-08 10:32 -------- d-----w- c:\program files\Webteh
2013-09-08 10:31 . 2013-09-23 13:57 -------- d-----w- c:\users\vendy\AppData\Local\Rich Media Player
2013-09-08 10:28 . 2013-09-08 10:28 -------- d--h--w- c:\programdata\Common Files
2013-09-05 17:14 . 2013-09-05 17:14 -------- d-----w- c:\programdata\NCH Software
2013-09-05 17:13 . 2013-09-05 17:14 -------- d-----w- c:\program files\NCH Software
2013-09-05 17:12 . 2013-09-05 17:14 -------- d-----w- c:\users\vendy\AppData\Roaming\NCH Software
2013-09-05 14:35 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2013-09-05 14:35 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2013-09-05 14:34 . 2013-09-05 14:34 -------- d-----w- c:\program files\Winamp Detect
2013-09-05 14:34 . 2013-09-05 14:34 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2013-09-05 14:34 . 2013-09-23 14:20 -------- d-----w- c:\users\vendy\AppData\Roaming\Winamp
2013-09-05 14:34 . 2013-09-05 14:35 -------- d-----w- c:\program files\Winamp
2013-09-05 14:21 . 2013-10-02 19:06 -------- d-----w- c:\users\vendy\AppData\Roaming\Skype
2013-09-05 14:21 . 2013-09-05 14:21 -------- d-----w- c:\program files\Common Files\Skype
2013-09-05 14:21 . 2013-09-30 19:47 -------- d-----r- c:\program files\Skype
2013-09-05 14:21 . 2013-09-05 14:21 -------- d-----w- c:\programdata\Skype
2013-09-05 14:18 . 2013-09-05 14:18 -------- d-----w- c:\users\vendy\SyncFolder
2013-09-05 14:09 . 2013-09-05 14:09 -------- d-----w- c:\users\vendy\AppData\Local\Application Data
2013-09-05 14:09 . 2013-09-05 14:09 -------- d-----w- c:\program files\7-Zip
2013-09-05 14:09 . 2013-09-29 17:33 -------- d-----w- c:\users\vendy\AppData\Local\AppsHat Mobile Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-27 13:01 . 2013-08-27 13:01 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-27 13:01 . 2013-08-27 13:01 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-08-27 13:01 . 2013-08-27 13:01 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-08-27 13:01 . 2013-08-27 13:01 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-08-27 13:01 . 2013-08-27 13:01 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-08-27 13:01 . 2013-08-27 13:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-08-27 13:01 . 2013-08-27 13:01 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-08-27 13:01 . 2013-08-27 13:01 361984 ----a-w- c:\windows\system32\html.iec
2013-08-27 13:01 . 2013-08-27 13:01 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-27 13:01 . 2013-08-27 13:01 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-08-27 13:01 . 2013-08-27 13:01 158720 ----a-w- c:\windows\system32\msls31.dll
2013-08-27 13:01 . 2013-08-27 13:01 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-08-27 13:01 . 2013-08-27 13:01 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-27 13:01 . 2013-08-27 13:01 138752 ----a-w- c:\windows\system32\wextract.exe
2013-08-27 13:01 . 2013-08-27 13:01 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-27 13:01 . 2013-08-27 13:01 12800 ----a-w- c:\windows\system32\mshta.exe
2013-08-27 13:01 . 2013-08-27 13:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-08-27 13:01 . 2013-08-27 13:01 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-08-27 13:00 . 2013-08-27 13:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-27 13:00 . 2013-08-27 13:00 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-08-27 13:00 . 2013-08-27 13:00 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 13:00 . 2013-08-27 13:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-27 13:00 . 2013-08-27 13:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-27 13:00 . 2013-08-27 13:00 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-08-27 13:00 . 2013-08-27 13:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-27 13:00 . 2013-08-27 13:00 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-08-27 13:00 . 2013-08-27 13:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-27 13:00 . 2013-08-27 13:00 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 13:00 . 2013-08-27 13:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-27 13:00 . 2013-08-27 13:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-27 13:00 . 2013-08-27 13:00 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-08-27 13:00 . 2013-08-27 13:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-27 13:00 . 2013-08-27 13:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 13:00 . 2013-08-27 13:00 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-08-27 13:00 . 2013-08-27 13:00 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 13:00 . 2013-08-27 13:00 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-08-27 13:00 . 2013-08-27 13:00 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 13:00 . 2013-08-27 13:00 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-08-27 13:00 . 2013-08-27 13:00 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 13:00 . 2013-08-27 13:00 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-08-27 13:00 . 2013-08-27 13:00 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 13:00 . 2013-08-27 13:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-27 12:57 . 2013-08-27 12:57 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-08-07 02:22 . 2013-08-27 12:30 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-27 12:49 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-27 12:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-27 12:53 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-27 12:53 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-27 12:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-27 12:51 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-27 12:49 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-27 12:51 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-27 12:51 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-27 12:51 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-27 12:49 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]
"BroadWave"="c:\program files\NCH Software\BroadWave\broadwave.exe" [2013-08-15 1242696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-09-30 40776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-27 1343400]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
S2 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [2013-06-12 2591304]
S2 BroadWaveService;BroadWave Audio Streaming Server;c:\program files\NCH Software\BroadWave\broadwave.exe [2013-08-15 1242696]
S2 EyelineService;Eyeline Video System;c:\program files\NCH Software\Eyeline\eyeline.exe [2013-06-13 1666096]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-03-21 275496]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2907901999-4287083979-4182929577-1000Core.job
- c:\users\vendy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30 11:17]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2907901999-4287083979-4182929577-1000UA.job
- c:\users\vendy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30 11:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 213.155.229.197
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-10-02 21:20:00
ComboFix-quarantined-files.txt 2013-10-02 19:20
.
Před spuštěním: Volných bajtů: 190 560 600 064
Po spuštění: Volných bajtů: 190 505 668 608
.
- - End Of File - - 37AC89B71547FEAAC5A4B1BBA52A8D40
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#24 Příspěvek od Márty84 »

:arrow: Dejte novy log z RSIT

+

:!: Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
LadyLacoste
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 23 zář 2013 15:54

Re: Preventivní kontrola

#25 Příspěvek od LadyLacoste »

Logfile of random's system information tool 1.09 (written by random/random)
Run by vendy at 2013-10-03 21:44:32
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 174 GB (55%) free of 315 GB
Total RAM: 2551 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:44:54, on 3.10.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NCH Software\BroadWave\broadwave.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\vendy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vendy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vendy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vendy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vendy\Downloads\RSIT.exe
C:\Program Files\trend micro\vendy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [BroadWave] "C:\Program Files\NCH Software\BroadWave\broadwave.exe" -logon
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadcam.exe
O23 - Service: BroadWave Audio Streaming Server (BroadWaveService) - Unknown owner - C:\Program Files\NCH Software\BroadWave\broadwave.exe
O23 - Service: Eyeline Video System (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 3536 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2907901999-4287083979-4182929577-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2907901999-4287083979-4182929577-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-09-16 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"=C:\Windows\\PLFSetL.exe [2007-07-05 94208]
"BroadWave"=C:\Program Files\NCH Software\BroadWave\broadwave.exe [2013-08-15 1242696]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-07-25 20684656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-10-02 21:20:00 ----A---- C:\ComboFix.txt
2013-10-02 21:19:29 ----SHD---- C:\$RECYCLE.BIN
2013-10-02 21:11:41 ----A---- C:\Windows\zip.exe
2013-10-02 21:11:41 ----A---- C:\Windows\SWSC.exe
2013-10-02 21:11:41 ----A---- C:\Windows\SWREG.exe
2013-10-02 21:11:41 ----A---- C:\Windows\sed.exe
2013-10-02 21:11:41 ----A---- C:\Windows\PEV.exe
2013-10-02 21:11:41 ----A---- C:\Windows\NIRCMD.exe
2013-10-02 21:11:41 ----A---- C:\Windows\MBR.exe
2013-10-02 21:11:41 ----A---- C:\Windows\grep.exe
2013-10-02 21:11:32 ----D---- C:\Qoobox
2013-10-02 21:11:21 ----D---- C:\Windows\erdnt
2013-10-01 15:56:53 ----A---- C:\Windows\system32\TrueSight.sys
2013-09-24 18:32:33 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2013-09-24 18:28:51 ----D---- C:\Users\vendy\AppData\Roaming\Malwarebytes
2013-09-24 18:28:41 ----D---- C:\ProgramData\Malwarebytes
2013-09-23 20:40:03 ----A---- C:\Windows\system32\ff_vfw.dll
2013-09-23 20:40:02 ----D---- C:\Program Files\Haali
2013-09-23 20:40:01 ----D---- C:\Users\vendy\AppData\Roaming\PerformerSoft
2013-09-23 20:40:01 ----D---- C:\Program Files\ffdshow
2013-09-23 20:39:59 ----D---- C:\Users\vendy\AppData\Roaming\Mozilla
2013-09-23 20:39:55 ----D---- C:\Program Files\Zula Games
2013-09-23 20:39:52 ----D---- C:\Users\vendy\AppData\Roaming\zulagames
2013-09-23 20:05:01 ----D---- C:\AdwCleaner
2013-09-23 17:05:51 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-09-23 17:05:51 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-09-23 17:05:48 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-09-23 17:05:47 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-09-23 17:05:46 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-09-23 17:05:46 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-09-23 17:05:44 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-09-23 17:05:37 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-09-23 17:05:35 ----A---- C:\Windows\system32\aswBoot.exe
2013-09-23 17:05:12 ----A---- C:\Windows\avastSS.scr
2013-09-23 17:04:55 ----D---- C:\Program Files\AVAST Software
2013-09-23 17:04:18 ----D---- C:\ProgramData\AVAST Software
2013-09-23 16:37:37 ----D---- C:\rsit
2013-09-23 16:37:37 ----D---- C:\Program Files\trend micro
2013-09-23 16:19:43 ----D---- C:\Program Files\CCleaner
2013-09-23 15:57:11 ----D---- C:\Users\vendy\AppData\Roaming\Radiocom
2013-09-14 14:11:58 ----D---- C:\ProgramData\Adobe
2013-09-14 14:11:56 ----D---- C:\Program Files\Adobe
2013-09-14 14:11:55 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-09-14 14:11:48 ----D---- C:\Users\vendy\AppData\Roaming\Macromedia
2013-09-14 14:07:20 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-09-14 14:07:20 ----A---- C:\Windows\system32\xactengine3_5.dll
2013-09-14 14:07:20 ----A---- C:\Windows\system32\d3dcsx_42.dll
2013-09-14 14:07:20 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2013-09-14 14:07:19 ----A---- C:\Windows\system32\d3dx11_42.dll
2013-09-14 14:07:19 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-09-14 14:07:18 ----A---- C:\Windows\system32\D3DX9_41.dll
2013-09-14 14:07:18 ----A---- C:\Windows\system32\d3dx10_41.dll
2013-09-14 14:07:18 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2013-09-14 14:07:17 ----A---- C:\Windows\system32\XAudio2_4.dll
2013-09-14 14:07:17 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-09-14 14:07:15 ----A---- C:\Windows\system32\xactengine3_4.dll
2013-09-14 14:07:15 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2013-09-14 14:07:15 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-09-14 14:07:15 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-09-14 14:07:14 ----A---- C:\Windows\system32\XAudio2_3.dll
2013-09-14 14:07:14 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2013-09-14 14:07:14 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-09-14 14:07:13 ----A---- C:\Windows\system32\xactengine3_3.dll
2013-09-14 14:07:13 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2013-09-14 14:07:11 ----A---- C:\Windows\system32\xactengine3_2.dll
2013-09-14 14:07:09 ----A---- C:\Windows\system32\XAudio2_1.dll
2013-09-14 14:07:09 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2013-09-14 14:07:09 ----A---- C:\Windows\system32\xactengine3_1.dll
2013-09-14 14:07:09 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2013-09-14 14:07:09 ----A---- C:\Windows\system32\D3DX9_38.dll
2013-09-14 14:07:09 ----A---- C:\Windows\system32\d3dx10_38.dll
2013-09-14 14:07:09 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2013-09-14 14:07:08 ----A---- C:\Windows\system32\XAudio2_0.dll
2013-09-14 14:07:07 ----A---- C:\Windows\system32\xactengine3_0.dll
2013-09-14 14:07:07 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2013-09-14 14:07:06 ----A---- C:\Windows\system32\D3DX9_37.dll
2013-09-14 14:07:06 ----A---- C:\Windows\system32\d3dx10_37.dll
2013-09-14 14:07:06 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2013-09-14 14:07:05 ----A---- C:\Windows\system32\xactengine2_10.dll
2013-09-14 14:07:03 ----A---- C:\Windows\system32\d3dx9_36.dll
2013-09-14 14:07:03 ----A---- C:\Windows\system32\d3dx10_36.dll
2013-09-14 14:07:03 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2013-09-14 14:07:01 ----A---- C:\Windows\system32\xactengine2_9.dll
2013-09-14 14:07:01 ----A---- C:\Windows\system32\d3dx9_35.dll
2013-09-14 14:07:01 ----A---- C:\Windows\system32\d3dx10_35.dll
2013-09-14 14:07:01 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2013-09-14 14:07:00 ----A---- C:\Windows\system32\xactengine2_8.dll
2013-09-14 14:07:00 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2013-09-14 14:07:00 ----A---- C:\Windows\system32\d3dx9_34.dll
2013-09-14 14:07:00 ----A---- C:\Windows\system32\d3dx10_34.dll
2013-09-14 14:07:00 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2013-09-14 14:06:59 ----A---- C:\Windows\system32\xinput1_3.dll
2013-09-14 14:06:58 ----A---- C:\Windows\system32\xactengine2_7.dll
2013-09-14 14:06:58 ----A---- C:\Windows\system32\d3dx9_33.dll
2013-09-14 14:06:58 ----A---- C:\Windows\system32\d3dx10_33.dll
2013-09-14 14:06:58 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2013-09-14 14:06:57 ----A---- C:\Windows\system32\xactengine2_6.dll
2013-09-14 14:06:56 ----A---- C:\Windows\system32\xactengine2_5.dll
2013-09-14 14:06:56 ----A---- C:\Windows\system32\d3dx9_32.dll
2013-09-14 14:06:56 ----A---- C:\Windows\system32\d3dx10.dll
2013-09-14 14:06:55 ----A---- C:\Windows\system32\xactengine2_4.dll
2013-09-14 14:06:55 ----A---- C:\Windows\system32\x3daudio1_1.dll
2013-09-14 14:06:54 ----A---- C:\Windows\system32\xinput1_2.dll
2013-09-14 14:06:54 ----A---- C:\Windows\system32\xactengine2_3.dll
2013-09-14 14:06:53 ----A---- C:\Windows\system32\xinput1_1.dll
2013-09-14 14:06:53 ----A---- C:\Windows\system32\xactengine2_2.dll
2013-09-14 14:06:53 ----A---- C:\Windows\system32\xactengine2_1.dll
2013-09-14 14:06:44 ----A---- C:\Windows\system32\xactengine2_0.dll
2013-09-14 14:06:44 ----A---- C:\Windows\system32\x3daudio1_0.dll
2013-09-14 14:06:44 ----A---- C:\Windows\system32\d3dx9_30.dll
2013-09-14 14:06:44 ----A---- C:\Windows\system32\d3dx9_29.dll
2013-09-14 14:06:43 ----A---- C:\Windows\system32\d3dx9_28.dll
2013-09-14 14:06:43 ----A---- C:\Windows\system32\d3dx9_27.dll
2013-09-14 14:06:43 ----A---- C:\Windows\system32\d3dx9_26.dll
2013-09-14 14:06:43 ----A---- C:\Windows\system32\d3dx9_25.dll
2013-09-14 14:06:42 ----A---- C:\Windows\system32\d3dx9_24.dll
2013-09-14 14:03:39 ----D---- C:\DirectX
2013-09-14 11:59:11 ----A---- C:\Windows\system32\jscript.dll
2013-09-14 11:59:10 ----A---- C:\Windows\system32\jsproxy.dll
2013-09-14 11:59:10 ----A---- C:\Windows\system32\jscript9.dll
2013-09-14 11:59:09 ----A---- C:\Windows\system32\ieui.dll
2013-09-14 11:59:09 ----A---- C:\Windows\system32\iesetup.dll
2013-09-14 11:59:08 ----A---- C:\Windows\system32\urlmon.dll
2013-09-14 11:59:08 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-14 11:59:08 ----A---- C:\Windows\system32\msfeeds.dll
2013-09-14 11:59:08 ----A---- C:\Windows\system32\iesysprep.dll
2013-09-14 11:59:08 ----A---- C:\Windows\system32\iernonce.dll
2013-09-14 11:59:08 ----A---- C:\Windows\system32\ie4uinit.exe
2013-09-14 11:59:07 ----A---- C:\Windows\system32\iertutil.dll
2013-09-14 11:59:05 ----A---- C:\Windows\system32\wininet.dll
2013-09-14 11:59:04 ----A---- C:\Windows\system32\ieframe.dll
2013-09-14 11:59:02 ----A---- C:\Windows\system32\mshtml.dll
2013-09-13 13:39:32 ----A---- C:\Windows\system32\XAudio2_2.dll
2013-09-13 13:39:32 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2013-09-13 13:39:31 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-09-13 13:39:31 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-09-13 13:39:31 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2013-09-13 13:38:56 ----SHD---- C:\Windows\system32\AI_RecycleBin
2013-09-13 13:38:53 ----D---- C:\Riot Games
2013-09-13 13:37:06 ----D---- C:\ProgramData\PMB Files
2013-09-13 13:37:02 ----D---- C:\Program Files\Pando Networks
2013-09-13 13:36:35 ----D---- C:\Users\vendy\AppData\Roaming\Riot Games
2013-09-13 12:11:23 ----A---- C:\Windows\system32\shell32.dll
2013-09-13 12:11:23 ----A---- C:\Windows\system32\shdocvw.dll
2013-09-13 12:11:21 ----A---- C:\Windows\system32\drivers\ataport.sys
2013-09-13 12:11:20 ----A---- C:\Windows\system32\win32k.sys
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 12:11:19 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 12:11:19 ----A---- C:\Windows\system32\winsrv.dll
2013-09-13 12:11:19 ----A---- C:\Windows\system32\KernelBase.dll
2013-09-13 12:11:19 ----A---- C:\Windows\system32\kernel32.dll
2013-09-13 12:11:19 ----A---- C:\Windows\system32\conhost.exe
2013-09-08 12:32:20 ----D---- C:\Users\vendy\AppData\Roaming\BSplayer Pro
2013-09-08 12:32:20 ----D---- C:\Users\vendy\AppData\Roaming\BSplayer
2013-09-08 12:32:20 ----D---- C:\Program Files\Webteh
2013-09-08 12:32:02 ----D---- C:\Program Files\Mozilla Firefox
2013-09-08 12:28:50 ----HD---- C:\ProgramData\Common Files
2013-09-05 19:14:07 ----D---- C:\ProgramData\NCH Software
2013-09-05 19:13:39 ----D---- C:\Program Files\NCH Software
2013-09-05 19:12:31 ----D---- C:\Users\vendy\AppData\Roaming\NCH Software
2013-09-05 16:35:04 ----A---- C:\Windows\system32\D3DX9_42.dll
2013-09-05 16:35:03 ----A---- C:\Windows\system32\d3dx9_31.dll
2013-09-05 16:34:33 ----D---- C:\Program Files\Winamp Detect
2013-09-05 16:34:25 ----D---- C:\Program Files\Common Files\PX Storage Engine
2013-09-05 16:34:21 ----D---- C:\Users\vendy\AppData\Roaming\Winamp
2013-09-05 16:34:21 ----D---- C:\Program Files\Winamp
2013-09-05 16:21:13 ----D---- C:\Users\vendy\AppData\Roaming\Skype
2013-09-05 16:21:04 ----D---- C:\Program Files\Common Files\Skype
2013-09-05 16:21:03 ----RD---- C:\Program Files\Skype
2013-09-05 16:21:00 ----D---- C:\ProgramData\Skype
2013-09-05 16:14:52 ----D---- C:\Windows\SUYIN NB Cam
2013-09-05 16:14:51 ----D---- C:\Windows\system32\x64
2013-09-05 16:14:51 ----D---- C:\Windows\system32\drivers\x64
2013-09-05 16:14:51 ----D---- C:\Program Files\Common Files\snp2uvc
2013-09-05 16:14:51 ----A---- C:\Windows\system32\vsnp2uvc.dll
2013-09-05 16:14:51 ----A---- C:\Windows\system32\snp2uvc.sys
2013-09-05 16:14:51 ----A---- C:\Windows\system32\sncduvc.sys
2013-09-05 16:14:51 ----A---- C:\Windows\system32\rsnp2uvc.dll
2013-09-05 16:14:51 ----A---- C:\Windows\system32\PLFSetL.exe
2013-09-05 16:14:51 ----A---- C:\Windows\system32\PidList.ini
2013-09-05 16:14:51 ----A---- C:\Windows\system32\drivers\snp2uvc.sys
2013-09-05 16:14:51 ----A---- C:\Windows\system32\drivers\sncduvc.sys
2013-09-05 16:14:51 ----A---- C:\Windows\system32\csnp2uvc.dll
2013-09-05 16:14:51 ----A---- C:\Windows\PLFSetL.exe
2013-09-05 16:14:50 ----HD---- C:\Program Files\InstallShield Installation Information
2013-09-05 16:14:12 ----D---- C:\Users\vendy\AppData\Roaming\InstallShield
2013-09-05 16:09:17 ----D---- C:\Program Files\7-Zip

======List of files/folders modified in the last 1 month======

2013-10-03 21:44:49 ----D---- C:\Windows\Temp
2013-10-03 21:44:43 ----D---- C:\Windows\Prefetch
2013-10-03 13:09:09 ----D---- C:\Windows\system32\config
2013-10-02 21:17:48 ----D---- C:\Windows
2013-10-02 21:17:48 ----A---- C:\Windows\system.ini
2013-10-02 21:15:23 ----D---- C:\Windows\system32\drivers
2013-10-02 21:15:23 ----D---- C:\Windows\System32
2013-10-02 21:15:23 ----D---- C:\Windows\AppPatch
2013-10-02 21:15:22 ----D---- C:\Program Files\Common Files
2013-10-02 21:11:54 ----SHD---- C:\System Volume Information
2013-10-02 20:35:44 ----SD---- C:\ProgramData\Microsoft
2013-10-02 19:47:43 ----D---- C:\Users\vendy\AppData\Roaming\uTorrent
2013-10-01 15:53:19 ----RD---- C:\Program Files
2013-09-30 21:47:17 ----SHD---- C:\Windows\Installer
2013-09-29 19:34:56 ----D---- C:\Windows\CSC
2013-09-29 19:33:35 ----D---- C:\Windows\Tasks
2013-09-29 19:33:35 ----D---- C:\Windows\system32\Tasks
2013-09-29 19:33:35 ----D---- C:\ProgramData
2013-09-24 19:46:23 ----D---- C:\Windows\inf
2013-09-24 19:46:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-09-23 20:34:43 ----D---- C:\Windows\system32\catroot2
2013-09-23 16:29:42 ----D---- C:\Windows\Logs
2013-09-23 16:20:24 ----D---- C:\Windows\Panther
2013-09-23 16:20:23 ----D---- C:\Windows\debug
2013-09-14 15:03:46 ----D---- C:\Windows\rescache
2013-09-14 14:21:32 ----D---- C:\Windows\Microsoft.NET
2013-09-14 14:21:20 ----RSD---- C:\Windows\assembly
2013-09-14 14:15:14 ----D---- C:\Windows\winsxs
2013-09-14 14:13:22 ----D---- C:\Program Files\Internet Explorer
2013-09-14 14:13:21 ----D---- C:\Windows\system32\cs-CZ
2013-09-14 14:13:20 ----D---- C:\Windows\system32\DriverStore
2013-09-14 14:11:58 ----D---- C:\Users\vendy\AppData\Roaming\Adobe
2013-09-14 11:59:39 ----D---- C:\Windows\system32\catroot
2013-09-14 11:58:22 ----D---- C:\Windows\system32\MRT
2013-09-14 11:56:06 ----A---- C:\Windows\system32\MRT.exe
2013-09-08 12:31:25 ----D---- C:\Program Files\Common Files\microsoft shared
2013-09-05 16:25:52 ----D---- C:\Program Files\Google
2013-09-05 16:14:51 ----D---- C:\Windows\twain_32
2013-09-05 16:13:07 ----HD---- C:\Windows\system32\GroupPolicy
2013-09-05 16:12:13 ----D---- C:\Windows\Resources

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-08-30 49376]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-08-30 177864]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-08-30 61680]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-08-30 770344]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-08-30 369584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-08-30 56080]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-08-30 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2011-07-01 4266560]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2010-03-21 275496]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 catchme;catchme; \??\C:\Users\vendy\AppData\Local\Temp\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2013-09-30 40776]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TrueSight;TrueSight; \??\C:\Windows\system32\TrueSight.sys [2013-10-01 26624]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 BroadCamService;BroadCam Video Streaming Server; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2013-06-12 2591304]
R2 BroadWaveService;BroadWave Audio Streaming Server; C:\Program Files\NCH Software\BroadWave\broadwave.exe [2013-08-15 1242696]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EyelineService;Eyeline Video System; C:\Program Files\NCH Software\Eyeline\eyeline.exe [2013-06-13 1666096]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-27 1343400]

-----------------EOF-----------------
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#26 Příspěvek od Márty84 »

Fajn, jeste to OTL a budem mazat :)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
LadyLacoste
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 23 zář 2013 15:54

Re: Preventivní kontrola

#27 Příspěvek od LadyLacoste »

Dobry den, ten OTS mam klasicky naistalovany a v prubehu skenu se mi to pri skype sekne, skousela jsem to uz 3 krat a vzdycky to udela to stejne. Nevim tedkom jak se to presne jmenovalo, ale nechtelo to zapsat cmd.bat na plochu.
Nahoru
LadyLacoste
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 23 zář 2013 15:54

Re: Preventivní kontrola

#28 Příspěvek od LadyLacoste »

Cannot create file C:\User\vendy\Desktop\cmd.bat.
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#29 Příspěvek od Márty84 »

Obcas se to stane, ze OTL tuhle chybku vyhodi :roll:

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
LadyLacoste
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 23 zář 2013 15:54

Re: Preventivní kontrola

#30 Příspěvek od LadyLacoste »

OTL logfile created on: 5.10.2013 20:08:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vendy\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,49 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 61,61% Memory free
4,98 Gb Paging File | 4,07 Gb Available in Paging File | 81,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 307,78 Gb Total Space | 178,18 Gb Free Space | 57,89% Space Free | Partition Type: NTFS
Drive D: | 276,29 Gb Total Space | 253,48 Gb Free Space | 91,75% Space Free | Partition Type: NTFS

Computer Name: VENDY-PC | User Name: vendy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.10.03 21:46:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vendy\Desktop\OTL.exe
PRC - [2013.09.16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013.09.05 19:14:35 | 000,110,592 | ---- | M] () -- C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
PRC - [2013.08.30 09:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.08.30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.08.27 15:01:27 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.08.15 18:09:26 | 001,242,696 | ---- | M] (NCH Software) -- C:\Program Files\NCH Software\BroadWave\broadwave.exe
PRC - [2013.08.02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013.06.13 11:30:56 | 001,666,096 | ---- | M] (NCH Software) -- C:\Program Files\NCH Software\Eyeline\eyeline.exe
PRC - [2013.06.12 15:43:26 | 002,591,304 | ---- | M] (NCH Software) -- C:\Program Files\NCH Software\BroadCam\broadcam.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.09.17 05:21:27 | 000,410,576 | ---- | M] () -- C:\Users\vendy\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013.09.17 05:21:25 | 004,053,456 | ---- | M] () -- C:\Users\vendy\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013.09.17 05:20:31 | 001,604,560 | ---- | M] () -- C:\Users\vendy\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV - [2013.09.16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.08.30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.08.27 15:05:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013.08.15 18:09:26 | 001,242,696 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Software\BroadWave\broadwave.exe -- (BroadWaveService)
SRV - [2013.07.25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.06.13 11:30:56 | 001,666,096 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2013.06.12 15:43:26 | 002,591,304 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\vendy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.10.01 15:56:53 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\TrueSight.sys -- (TrueSight)
DRV - [2013.09.30 11:52:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.08.30 09:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.08.30 09:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.08.30 09:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.08.30 09:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.08.30 09:48:12 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.08.30 09:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.08.30 09:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.08.30 09:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.03.21 02:59:04 | 000,275,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2010.02.27 06:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009.09.17 19:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\..\SearchScopes\{4E0DD318-8A21-454B-BA2A-6AEB5B4531A7}: "URL" = http://search.conduit.com/ResultsExt.as ... 07526&UM=1
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcer ... ORM=IE10SR
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\..\SearchScopes\{7BE5C093-659B-4CEE-B185-4467D804CC75}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\..\SearchScopes\{F83D0A33-BF6D-466D-86BD-54B432B4CF91}: "URL" = http://www.mysearchresults.com/search?c ... earchTerms}
IE - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@richmediaplayer.com/nppluginrichmediaplayer: C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vendy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vendy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:\Users\vendy\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013.09.08 12:32:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\vendy\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.09.23 20:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\vendy\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013.09.23 20:40:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\vendy\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.09.23 20:40:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\zulagames@ZulaGames.com: C:\Users\vendy\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013.09.23 20:40:00 | 000,000,000 | ---D | M]

[2013.09.23 20:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vendy\AppData\Roaming\Mozilla\Extensions
[2013.09.23 20:40:00 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\vendy\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
[2013.09.23 20:40:00 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\vendy\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com
[2013.03.12 10:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://google.cz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vendy\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\vendy\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vendy\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: Google Update (Enabled) = C:\Users\vendy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Koji NISHIDA = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf\2_0\
CHR - Extension: Dokumenty Google = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf\1.0.0.3\
CHR - Extension: Download Video = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.3.1_0\
CHR - Extension: Zula Games = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn\1.0.0.5\
CHR - Extension: Zula Games = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn\1.0.0.5_0\
CHR - Extension: Skype Click to Call = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Skype Click to Call = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\vendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.10.02 08:12:46 | 000,000,741 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BroadWave] C:\Program Files\NCH Software\BroadWave\broadwave.exe (NCH Software)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2907901999-4287083979-4182929577-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.155.229.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C7AB4C2-8783-4E4A-8834-3F22EA774795}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24AF8E6-2658-4096-B146-0CEFC9FC841A}: DhcpNameServer = 213.155.229.197
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013.10.03 21:46:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vendy\Desktop\OTL.exe
[2013.10.02 21:19:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.10.02 21:11:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.10.02 21:11:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.10.02 21:11:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.10.02 21:11:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.10.02 21:11:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.10.02 21:06:33 | 005,132,885 | R--- | C] (Swearware) -- C:\Users\vendy\Desktop\ComboFix.exe
[2013.10.01 15:54:41 | 000,000,000 | ---D | C] -- C:\Users\vendy\Desktop\RK_Quarantine
[2013.09.24 18:32:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.09.24 18:28:51 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Roaming\Malwarebytes
[2013.09.24 18:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.09.23 20:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013.09.23 20:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.09.23 20:40:02 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.09.23 20:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2013.09.23 20:40:01 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Roaming\PerformerSoft
[2013.09.23 20:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2013.09.23 20:39:59 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Roaming\Mozilla
[2013.09.23 20:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
[2013.09.23 20:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Zula Games
[2013.09.23 20:39:54 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Local\Programs
[2013.09.23 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Roaming\zulagames
[2013.09.23 20:05:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.09.23 17:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.09.23 17:05:51 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.09.23 17:05:51 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.09.23 17:05:48 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.09.23 17:05:47 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.09.23 17:05:46 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.09.23 17:05:37 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.09.23 17:05:35 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.09.23 17:05:12 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.09.23 17:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.09.23 17:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.09.23 16:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.09.23 16:37:37 | 000,000,000 | ---D | C] -- C:\rsit
[2013.09.23 16:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013.09.23 16:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.09.23 16:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.09.23 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Roaming\Radiocom
[2013.09.23 15:57:07 | 000,000,000 | ---D | C] -- C:\Users\vendy\RichMedia
[2013.09.23 15:57:07 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Local\Radiocom
[2013.09.14 14:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.09.14 14:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.09.14 14:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013.09.14 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Roaming\Macromedia
[2013.09.14 14:11:47 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Local\Adobe
[2013.09.14 14:07:20 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2013.09.14 14:07:20 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2013.09.14 14:07:20 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2013.09.14 14:07:20 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2013.09.14 14:07:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2013.09.14 14:07:19 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2013.09.14 14:07:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2013.09.14 14:07:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2013.09.14 14:07:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2013.09.14 14:07:17 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2013.09.14 14:07:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2013.09.14 14:07:15 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2013.09.14 14:07:15 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2013.09.14 14:07:15 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2013.09.14 14:07:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2013.09.14 14:07:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2013.09.14 14:07:14 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2013.09.14 14:07:14 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2013.09.14 14:07:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2013.09.14 14:07:13 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2013.09.14 14:07:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2013.09.14 14:07:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2013.09.14 14:07:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2013.09.14 14:07:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2013.09.14 14:07:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2013.09.14 14:07:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2013.09.14 14:07:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2013.09.14 14:07:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2013.09.14 14:07:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2013.09.14 14:07:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2013.09.14 14:07:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2013.09.14 14:07:06 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2013.09.14 14:07:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2013.09.14 14:07:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2013.09.14 14:07:05 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2013.09.14 14:07:03 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2013.09.14 14:07:03 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2013.09.14 14:07:03 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2013.09.14 14:07:01 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2013.09.14 14:07:01 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2013.09.14 14:07:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2013.09.14 14:07:01 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2013.09.14 14:07:00 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2013.09.14 14:07:00 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2013.09.14 14:07:00 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2013.09.14 14:07:00 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2013.09.14 14:07:00 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2013.09.14 14:06:59 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2013.09.14 14:06:58 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2013.09.14 14:06:58 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2013.09.14 14:06:58 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2013.09.14 14:06:58 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2013.09.14 14:06:57 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2013.09.14 14:06:56 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2013.09.14 14:06:56 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2013.09.14 14:06:56 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2013.09.14 14:06:55 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2013.09.14 14:06:55 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2013.09.14 14:06:54 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2013.09.14 14:06:54 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2013.09.14 14:06:53 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2013.09.14 14:06:53 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2013.09.14 14:06:53 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2013.09.14 14:06:44 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013.09.14 14:06:44 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2013.09.14 14:06:44 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2013.09.14 14:06:44 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2013.09.14 14:06:43 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2013.09.14 14:06:43 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2013.09.14 14:06:43 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2013.09.14 14:06:43 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2013.09.14 14:06:42 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2013.09.14 14:03:39 | 000,000,000 | ---D | C] -- C:\DirectX
[2013.09.14 11:59:12 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.09.14 11:59:10 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.09.14 11:59:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.09.14 11:59:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.09.14 11:59:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.09.14 11:59:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.09.14 11:59:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.09.14 11:59:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.09.14 11:59:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.09.14 11:59:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.09.13 13:39:32 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2013.09.13 13:39:32 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2013.09.13 13:39:31 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013.09.13 13:39:31 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013.09.13 13:39:31 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013.09.13 13:38:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013.09.13 13:38:53 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.09.13 13:37:08 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Local\PMB Files
[2013.09.13 13:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.09.13 13:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2013.09.13 13:36:35 | 000,000,000 | ---D | C] -- C:\Users\vendy\AppData\Roaming\Riot Games
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“