Sekání PC

[Adámek]

Dobrý den,
Mám problém se svým PC (AMD Athlon(tm)64 Processor; Graf.ATI Radeon HD 4600 Series; Windows XP Professional SP3; RAM 2GB )
, zapínání i celý chod systému i jakýchkoliv aplikací je velice pomalé, dokonce systém (nebo i aplikace) na několik sekund někdy i minut zamrzne a vůbec.
Zvláště u her. Hraji hru které má asi 10 let a nikdy nebyl problém až od včera kdy mi začala sekat a to v pravidelných intervalech.
Mám v PC 2 disky oba dva zdefragmentované na 0%fragmentace.To stejné je i s internetem, který se často "kousne" a neodpovídá (používám Operu a Google Chrome) a když zrovna jede tak velice nízkou rychlostí (stahování začne na 2MB a skončí třeba na 500KB)(Internet 17MB/2MB)
Už jsem zkoušel tunu programů a rad ale nic nepomohlo.

[Rudy]

Zdravím!
Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

[Adámek]

Zdravím
Používám 32 bitový OP.
Zde dokládám log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by Rodina (administrator) on DOMOV-8DAF924D0 on 22-12-2013 09:24:39
Running from C:\Documents and Settings\Rodina\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
() C:\Program Files\Opera\18.0.1284.68\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.68\opera.exe
(forum.viry.cz) C:\Documents and Settings\Rodina\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Documents and Settings\Rodina\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Documents and Settings\Rodina\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Administrator\...\Run: [Advanced SystemCare 6] - "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\Default User\...\RunOnce: [_nltide_2] - regsvr32 /s /n /i:U shell32
Startup: C:\Documents and Settings\Rodina\Nabídka Start\Programy\Po spuštění\_uninst_70881074.lnk
ShortcutTarget: _uninst_70881074.lnk -> C:\Documents and Settings\Rodina\Local Settings\temp\_uninst_70881074.bat ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1372776027
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1372776027
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... 84883&ts=0
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... 84883&ts=0
SearchScopes: HKCU - DefaultScope {299811E6-3684-48B5-9B4C-67D5B57011E2} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - 65881E8FF08F4F02B0BC133DC5091A24 URL = http://search.softonic.com/INF00176/tb_ ... bd6c&r=171
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... 11D8C7BD6C
SearchScopes: HKCU - {299811E6-3684-48B5-9B4C-67D5B57011E2} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_ ... 84883&ts=0
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={A16 ... 2013-09-22 09:22:10&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 4376918968
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - No CLSID Value -
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Rodina\Data aplikací\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: FT Downloader - C:\Documents and Settings\Rodina\Data aplikací\Mozilla\Firefox\profiles\extensions\ftd@ftd.com.xpi
FF Extension: Torntv 3 - C:\Documents and Settings\Rodina\Data aplikací\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/?clid=13415
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=i ... 1372776027"
CHR DefaultSearchKeyword: delta-homes
CHR DefaultSearchProvider: delta-homes
CHR DefaultSearchURL: http://search.delta-homes.com/web/?utm_ ... earchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (James White) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0
CHR Extension: (YouTube) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Ads Removal) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR Extension: (Domain Error Assistant) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: (SweetIM for Facebook) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0
CHR Extension: (Slick Savings) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1
CHR Extension: (SweetPacks Chrome Extension) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0
CHR Extension: (Gmail) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [614416 2013-06-11] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S4 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
S4 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [x]
S4 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [x]
S4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R2 acedrv11; C:\WINDOWS\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH)
R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [43008 2006-07-01] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2013-09-07] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-12-15] (Disc Soft Ltd)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [23512 2009-09-01] (Turtle Entertainment GmbH)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [932744 2013-11-29] (<Turtle Entertainment>)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 FETNDISB; C:\Windows\System32\DRIVERS\fetnd5b.sys [42496 2004-07-23] (VIA Technologies, Inc. )
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-10-31] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-10-31] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-10-31] (HP)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2013-09-07] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-12-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NTSIM; C:\WINDOWS\system32\ntsim.sys [7040 2003-07-18] (VIA Networking Technologies, Inc. )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2013-12-21] (Duplex Secure Ltd.)
R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2013-10-14] (VIA Technologies, Inc.)
R0 viadsk; C:\Windows\System32\DRIVERS\viadsk.sys [56576 2003-06-19] (VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [13976 2013-12-21] (VIA Technologies, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [23192 2010-02-11] (VIA Technologies, Inc.)
U3 al2ocsg9; C:\Windows\System32\Drivers\al2ocsg9.sys [0 ] (VIA Technologies, Inc.)
S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x]
S3 GGSAFERDriver; No ImagePath
S4 IntelIde; No ImagePath
S3 LGBusEnum; system32\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt; system32\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid; system32\drivers\LGVirHid.sys [x]
U5 P3; C:\Windows\System32\Drivers\P3.sys [46592 2012-05-22] (Microsoft Corporation)
S3 S3chipid; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S2 StarOpen; No ImagePath
S3 vtany; No ImagePath
S3 WinRing0_1_2_0; No ImagePath
S3 xhunter1; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-22 09:24 - 2013-12-22 09:24 - 00018956 _____ C:\Documents and Settings\Rodina\Plocha\FRST.txt
2013-12-22 09:24 - 2013-12-22 09:24 - 00000000 ____D C:\FRST
2013-12-22 09:23 - 2013-12-22 09:23 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Rodina\Plocha\FRSTLauncher.exe
2013-12-22 09:22 - 2013-12-22 09:22 - 01325858 _____ (Farbar) C:\Documents and Settings\Rodina\Plocha\FRST.exe
2013-12-22 09:21 - 2013-12-22 09:21 - 00112107 _____ (forum.viry.cz) C:\Documents and Settings\Rodina\Plocha\VerzeOS.exe
2013-12-21 18:53 - 2013-12-21 22:43 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2013-12-21 18:28 - 2013-12-21 18:52 - 00065536 _____ C:\WINDOWS\system32\config\Doctor W.evt
2013-12-21 18:28 - 2013-12-21 18:28 - 00000000 ____D C:\Documents and Settings\Rodina\Doctor Web
2013-12-21 18:28 - 2013-12-21 18:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Doctor Web
2013-12-21 18:21 - 2013-12-21 18:21 - 00320120 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
2013-12-21 17:40 - 2013-12-21 17:49 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-12-21 17:40 - 2013-12-21 17:40 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\Malwarebytes
2013-12-21 17:39 - 2013-12-21 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-12-21 17:07 - 2013-12-21 17:09 - 130459016 _____ C:\Documents and Settings\Rodina\Plocha\setup_11.0.1.1245.x01_2013_12_21_19_35.exe
2013-12-21 16:47 - 2013-12-21 16:47 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-21 16:47 - 2013-12-21 16:47 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-21 16:47 - 2013-12-21 16:47 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-21 16:47 - 2013-12-21 16:47 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-21 16:47 - 2013-12-21 16:47 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-21 16:40 - 2013-12-21 16:40 - 00000000 _RSHD C:\cmdcons
2013-12-21 16:40 - 2013-12-21 11:16 - 00000211 _____ C:\Boot.bak
2013-12-21 16:40 - 2004-08-03 23:00 - 00261312 __RSH C:\cmldr
2013-12-21 16:39 - 2013-12-21 16:56 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-21 16:39 - 2013-12-21 16:39 - 00000000 ____D C:\Documents and Settings\All Users\Oblíbené položky
2013-12-21 16:32 - 2013-12-21 16:33 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2013-12-21 12:55 - 2013-12-21 12:55 - 00000212 _____ C:\Documents and Settings\Rodina\Plocha\Counter-Strike.url
2013-12-21 11:58 - 2013-12-22 09:13 - 00000000 ____D C:\Program Files\Steam
2013-12-21 11:05 - 2013-12-22 08:12 - 00054895 ____N C:\WINDOWS\WindowsUpdate.log
2013-12-21 10:58 - 2013-12-21 10:59 - 00000000 ____D C:\WINDOWS\Tasks\TaskDisabled
2013-12-21 09:34 - 2013-12-22 08:10 - 00000274 _____ C:\WINDOWS\Tasks\Driver Booster Update.job
2013-12-21 09:34 - 2013-12-21 09:34 - 00000833 _____ C:\Documents and Settings\All Users\Plocha\Driver Booster.lnk
2013-12-21 09:34 - 2013-12-21 09:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Driver Booster
2013-12-20 20:38 - 2013-12-20 20:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-20 20:38 - 2013-12-20 20:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-20 20:27 - 2013-12-20 20:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-20 20:25 - 2013-12-22 08:10 - 00000315 ____N C:\WINDOWS\wiadebug.log
2013-12-20 20:25 - 2013-12-22 08:10 - 00000050 ____N C:\WINDOWS\wiaservc.log
2013-12-20 20:25 - 2013-12-20 20:25 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-20 17:42 - 2013-12-22 08:10 - 00000270 _____ C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job
2013-12-20 17:42 - 2013-12-21 15:26 - 00000866 _____ C:\Documents and Settings\All Users\Plocha\IObit Uninstaller.lnk
2013-12-20 17:42 - 2013-12-20 18:07 - 00001850 _____ C:\Documents and Settings\All Users\Plocha\Advanced SystemCare 7.lnk
2013-12-20 17:42 - 2013-12-20 17:42 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Advanced SystemCare 7
2013-12-20 17:37 - 2013-12-20 17:37 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2013-12-20 16:10 - 2013-12-20 16:10 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\IObit
2013-12-20 15:39 - 2013-12-20 15:48 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ProductData
2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-20 14:00 - 2013-12-20 20:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-20 12:20 - 2013-12-20 12:20 - 00000000 ____D C:\Documents and Settings\NetworkService\Data aplikací\IObit
2013-12-20 12:10 - 2013-12-20 20:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-16 15:35 - 2013-12-22 08:13 - 00000282 _____ C:\WINDOWS\Tasks\SmartDefrag_Startup.job
2013-12-16 15:35 - 2013-12-22 08:10 - 00000280 _____ C:\WINDOWS\Tasks\SmartDefragUpdate.job
2013-12-16 15:35 - 2013-05-22 18:49 - 00029528 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2013-12-15 15:44 - 2013-12-16 15:29 - 00000000 ____D C:\Documents and Settings\Rodina\Dokumenty\Euro Truck Simulator
2013-12-15 15:43 - 2013-12-16 15:30 - 00000000 ____D C:\Program Files\Games By GG releases
2013-12-15 10:27 - 2013-12-15 10:27 - 00000000 ____D C:\Program Files\Seznam.cz
2013-12-15 10:26 - 2013-12-15 18:01 - 00243128 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2013-12-15 10:26 - 2013-12-15 10:26 - 00001613 _____ C:\Documents and Settings\All Users\Plocha\DAEMON Tools Lite.lnk
2013-12-15 10:26 - 2013-12-15 10:26 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-12-15 10:26 - 2013-12-15 10:26 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\DAEMON Tools Lite
2013-12-14 09:06 - 2013-12-21 12:55 - 00000000 ____D C:\Documents and Settings\Rodina\Nabídka Start\Programy\Steam
2013-12-06 15:51 - 2013-12-06 15:51 - 00000839 _____ C:\Documents and Settings\All Users\Plocha\aTube Catcher.lnk
2013-12-06 15:51 - 2013-12-06 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\aTube Catcher
2013-12-06 15:12 - 2013-12-06 15:13 - 00000597 _____ C:\Documents and Settings\Rodina\Plocha\Zástupce - Anticheat.lnk
2013-12-01 11:05 - 2013-12-01 11:09 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\Systweak
2013-11-30 15:33 - 2013-11-30 15:33 - 00000000 ____D C:\Documents and Settings\Rodina\Dokumenty\Lucius
2013-11-23 09:39 - 2013-11-23 09:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-23 09:39 - 2013-11-23 09:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-23 09:38 - 2013-11-23 09:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-23 09:38 - 2013-10-09 14:13 - 00287744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gdi32.dll
2013-11-23 09:37 - 2013-11-23 09:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-23 09:37 - 2013-10-07 12:00 - 00606208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\crypt32.dll
2013-11-23 09:36 - 2013-10-12 16:57 - 00279552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\oakley.dll
2013-11-23 08:51 - 2013-12-22 09:07 - 42102784 _____ C:\WINDOWS\system32\config\software.iobit
2013-11-23 08:51 - 2013-12-22 09:07 - 00299008 _____ C:\WINDOWS\system32\config\default.iobit
2013-11-23 08:51 - 2013-12-22 09:07 - 00061440 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-11-23 08:51 - 2013-12-22 09:07 - 00028672 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-11-22 16:41 - 2013-12-21 11:58 - 00000638 _____ C:\Documents and Settings\All Users\Plocha\Steam.lnk
2013-11-22 16:41 - 2013-11-22 16:41 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Steam

==================== One Month Modified Files and Folders =======

2013-12-22 09:24 - 2013-12-22 09:24 - 00018956 _____ C:\Documents and Settings\Rodina\Plocha\FRST.txt
2013-12-22 09:24 - 2013-12-22 09:24 - 00000000 ____D C:\FRST
2013-12-22 09:24 - 2012-12-01 15:46 - 00000000 ____D C:\Documents and Settings\Rodina\Plocha
2013-12-22 09:23 - 2013-12-22 09:23 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Rodina\Plocha\FRSTLauncher.exe
2013-12-22 09:23 - 2012-12-01 15:46 - 00000000 ___HD C:\Documents and Settings\Rodina\Local Settings\Data aplikací
2013-12-22 09:22 - 2013-12-22 09:22 - 01325858 _____ (Farbar) C:\Documents and Settings\Rodina\Plocha\FRST.exe
2013-12-22 09:21 - 2013-12-22 09:21 - 00112107 _____ (forum.viry.cz) C:\Documents and Settings\Rodina\Plocha\VerzeOS.exe
2013-12-22 09:13 - 2013-12-21 11:58 - 00000000 ____D C:\Program Files\Steam
2013-12-22 09:11 - 2012-12-26 19:55 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Televize - SychrovNET
2013-12-22 09:07 - 2013-11-23 08:51 - 42102784 _____ C:\WINDOWS\system32\config\software.iobit
2013-12-22 09:07 - 2013-11-23 08:51 - 00299008 _____ C:\WINDOWS\system32\config\default.iobit
2013-12-22 09:07 - 2013-11-23 08:51 - 00061440 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-12-22 09:07 - 2013-11-23 08:51 - 00028672 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-12-22 09:07 - 2012-12-01 15:46 - 00000000 ____D C:\Documents and Settings\Rodina
2013-12-22 09:07 - 2012-12-01 14:01 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-12-22 09:07 - 2012-12-01 13:57 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-22 09:03 - 2013-07-27 11:55 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\TS3Client
2013-12-22 08:16 - 2012-12-01 14:41 - 01224928 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-22 08:15 - 2013-02-23 16:00 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\Seznam.cz
2013-12-22 08:13 - 2013-12-16 15:35 - 00000282 _____ C:\WINDOWS\Tasks\SmartDefrag_Startup.job
2013-12-22 08:12 - 2013-12-21 11:05 - 00054895 ____N C:\WINDOWS\WindowsUpdate.log
2013-12-22 08:12 - 2013-09-20 16:59 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-22 08:12 - 2001-10-25 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-22 08:10 - 2013-12-21 09:34 - 00000274 _____ C:\WINDOWS\Tasks\Driver Booster Update.job
2013-12-22 08:10 - 2013-12-20 20:25 - 00000315 ____N C:\WINDOWS\wiadebug.log
2013-12-22 08:10 - 2013-12-20 20:25 - 00000050 ____N C:\WINDOWS\wiaservc.log
2013-12-22 08:10 - 2013-12-20 17:42 - 00000270 _____ C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job
2013-12-22 08:10 - 2013-12-16 15:35 - 00000280 _____ C:\WINDOWS\Tasks\SmartDefragUpdate.job
2013-12-22 08:10 - 2012-12-01 14:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-21 22:43 - 2013-12-21 18:53 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2013-12-21 22:43 - 2013-05-31 17:55 - 00032568 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2013-12-21 22:43 - 2012-12-01 15:46 - 00000178 ___SH C:\Documents and Settings\Rodina\ntuser.ini
2013-12-21 20:20 - 2012-12-01 15:46 - 00000000 ___RD C:\Documents and Settings\Rodina\Nabídka Start\Programy\Po spuštění
2013-12-21 20:19 - 2012-12-01 16:33 - 00150904 _____ C:\Documents and Settings\Rodina\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2013-12-21 20:01 - 2013-11-19 16:51 - 00000000 ____D C:\Documents and Settings\Rodina\Local Settings\Data aplikací\ESL Wire Game Client
2013-12-21 18:53 - 2012-12-01 14:40 - 00457248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-21 18:52 - 2013-12-21 18:28 - 00065536 _____ C:\WINDOWS\system32\config\Doctor W.evt
2013-12-21 18:28 - 2013-12-21 18:28 - 00000000 ____D C:\Documents and Settings\Rodina\Doctor Web
2013-12-21 18:28 - 2013-12-21 18:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Doctor Web
2013-12-21 18:28 - 2012-12-01 14:40 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-12-21 18:21 - 2013-12-21 18:21 - 00320120 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
2013-12-21 18:17 - 2012-12-01 14:41 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-12-21 18:17 - 2012-12-01 14:41 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-12-21 17:49 - 2013-12-21 17:40 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-12-21 17:40 - 2013-12-21 17:40 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\Malwarebytes
2013-12-21 17:40 - 2012-12-01 15:46 - 00000000 __RHD C:\Documents and Settings\Rodina\Data aplikací
2013-12-21 17:40 - 2012-12-01 13:50 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-21 17:39 - 2013-12-21 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-12-21 17:28 - 2001-10-25 14:00 - 00000689 _____ C:\WINDOWS\win.ini
2013-12-21 17:09 - 2013-12-21 17:07 - 130459016 _____ C:\Documents and Settings\Rodina\Plocha\setup_11.0.1.1245.x01_2013_12_21_19_35.exe
2013-12-21 16:56 - 2013-12-21 16:39 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-21 16:49 - 2001-10-25 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-21 16:48 - 2012-12-01 17:52 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-12-21 16:48 - 2012-12-01 14:40 - 00061440 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-12-21 16:48 - 2012-12-01 14:40 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak
2013-12-21 16:48 - 2012-12-01 14:39 - 42102784 _____ C:\WINDOWS\system32\config\software.bak
2013-12-21 16:48 - 2012-12-01 14:39 - 05242880 _____ C:\WINDOWS\system32\config\system.bak
2013-12-21 16:48 - 2012-12-01 14:39 - 00299008 _____ C:\WINDOWS\system32\config\default.bak
2013-12-21 16:47 - 2013-12-21 16:47 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-21 16:47 - 2013-12-21 16:47 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-21 16:47 - 2013-12-21 16:47 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-21 16:47 - 2013-12-21 16:47 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-21 16:47 - 2013-12-21 16:47 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-21 16:40 - 2013-12-21 16:40 - 00000000 _RSHD C:\cmdcons
2013-12-21 16:40 - 2012-12-01 14:39 - 00000327 __RSH C:\boot.ini
2013-12-21 16:39 - 2013-12-21 16:39 - 00000000 ____D C:\Documents and Settings\All Users\Oblíbené položky
2013-12-21 16:33 - 2013-12-21 16:32 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2013-12-21 16:33 - 2012-12-01 15:46 - 00000000 ___RD C:\Documents and Settings\Rodina\Nabídka Start\Programy
2013-12-21 15:53 - 2012-12-01 16:40 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\uTorrent
2013-12-21 15:36 - 2012-12-11 18:18 - 00000000 ____D C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Adobe
2013-12-21 15:36 - 2012-12-01 16:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-21 15:36 - 2012-12-01 16:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-21 15:36 - 2012-12-01 16:37 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-21 15:26 - 2013-12-20 17:42 - 00000866 _____ C:\Documents and Settings\All Users\Plocha\IObit Uninstaller.lnk
2013-12-21 15:26 - 2012-12-01 16:21 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\IObit
2013-12-21 14:42 - 2012-12-01 14:01 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-21 14:42 - 2012-12-01 13:49 - 00000000 ____D C:\WINDOWS\Registration
2013-12-21 13:30 - 2013-08-28 09:10 - 00000797 _____ C:\Documents and Settings\Rodina\Plocha\FILMY!!!!.txt
2013-12-21 12:55 - 2013-12-21 12:55 - 00000212 _____ C:\Documents and Settings\Rodina\Plocha\Counter-Strike.url
2013-12-21 12:55 - 2013-12-14 09:06 - 00000000 ____D C:\Documents and Settings\Rodina\Nabídka Start\Programy\Steam
2013-12-21 11:58 - 2013-11-22 16:41 - 00000638 _____ C:\Documents and Settings\All Users\Plocha\Steam.lnk
2013-12-21 11:16 - 2013-12-21 16:40 - 00000211 _____ C:\Boot.bak
2013-12-21 10:59 - 2013-12-21 10:58 - 00000000 ____D C:\WINDOWS\Tasks\TaskDisabled
2013-12-21 09:46 - 2012-12-01 15:46 - 00000749 _____ C:\Documents and Settings\Rodina\Nabídka Start\Programy\Internet Explorer.lnk
2013-12-21 09:45 - 2012-12-01 16:35 - 00001837 _____ C:\Documents and Settings\Rodina\Plocha\Google Chrome.lnk
2013-12-21 09:37 - 2012-12-01 16:23 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-12-21 09:36 - 2009-05-05 09:58 - 00013976 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\videX32.sys
2013-12-21 09:34 - 2013-12-21 09:34 - 00000833 _____ C:\Documents and Settings\All Users\Plocha\Driver Booster.lnk
2013-12-21 09:34 - 2013-12-21 09:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Driver Booster
2013-12-21 09:34 - 2012-12-01 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\IObit
2013-12-21 09:33 - 2012-12-01 15:24 - 00000000 ____D C:\Program Files\IObit
2013-12-20 20:41 - 2012-12-01 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-12-20 20:39 - 2012-12-01 18:27 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-20 20:38 - 2013-12-20 20:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-20 20:38 - 2013-12-20 20:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-20 20:36 - 2013-08-03 07:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-20 20:28 - 2012-12-01 18:23 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-20 20:27 - 2013-12-20 20:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-20 20:27 - 2013-12-20 14:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-20 20:27 - 2013-12-20 12:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-20 20:25 - 2013-12-20 20:25 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-20 18:07 - 2013-12-20 17:42 - 00001850 _____ C:\Documents and Settings\All Users\Plocha\Advanced SystemCare 7.lnk
2013-12-20 17:42 - 2013-12-20 17:42 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Advanced SystemCare 7
2013-12-20 17:42 - 2012-12-01 15:46 - 00000000 ___HD C:\Documents and Settings\Rodina\Šablony
2013-12-20 17:37 - 2013-12-20 17:37 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2013-12-20 17:37 - 2012-12-01 15:46 - 00000000 ___RD C:\Documents and Settings\Rodina\Nabídka Start
2013-12-20 16:47 - 2012-12-01 16:34 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 16:47 - 2012-12-01 16:34 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 16:46 - 2012-12-01 17:02 - 00013464 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2013-12-20 16:10 - 2013-12-20 16:10 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\IObit
2013-12-20 16:10 - 2012-12-01 14:01 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2013-12-20 16:01 - 2013-07-03 12:59 - 00000000 ____D C:\Program Files\Common Files\Spigot
2013-12-20 15:48 - 2013-12-20 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ProductData
2013-12-20 15:39 - 2013-12-20 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-20 15:39 - 2012-12-01 14:41 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start
2013-12-20 12:20 - 2013-12-20 12:20 - 00000000 ____D C:\Documents and Settings\NetworkService\Data aplikací\IObit
2013-12-20 12:20 - 2012-12-01 13:57 - 00000000 ____D C:\Documents and Settings\NetworkService\Data aplikací
2013-12-16 21:11 - 2013-01-14 21:42 - 00000000 ____D C:\Documents and Settings\Rodina\Plocha\Bára
2013-12-16 15:35 - 2012-12-22 09:05 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\DAEMON Tools Lite
2013-12-16 15:30 - 2013-12-15 15:43 - 00000000 ____D C:\Program Files\Games By GG releases
2013-12-16 15:29 - 2013-12-15 15:44 - 00000000 ____D C:\Documents and Settings\Rodina\Dokumenty\Euro Truck Simulator
2013-12-16 14:16 - 2012-12-02 13:45 - 00000000 ____D C:\Program Files\Opera
2013-12-15 18:01 - 2013-12-15 10:26 - 00243128 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2013-12-15 15:44 - 2012-12-01 15:46 - 00000000 ___RD C:\Documents and Settings\Rodina\Dokumenty
2013-12-15 10:27 - 2013-12-15 10:27 - 00000000 ____D C:\Program Files\Seznam.cz
2013-12-15 10:26 - 2013-12-15 10:26 - 00001613 _____ C:\Documents and Settings\All Users\Plocha\DAEMON Tools Lite.lnk
2013-12-15 10:26 - 2013-12-15 10:26 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-12-15 10:26 - 2013-12-15 10:26 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\DAEMON Tools Lite
2013-12-14 11:52 - 2013-02-03 09:17 - 00000000 ____D C:\Program Files\Codemasters
2013-12-14 11:52 - 2012-12-01 17:41 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-14 11:51 - 2013-02-03 10:04 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Codemasters
2013-12-14 11:49 - 2012-12-22 20:13 - 00000000 ____D C:\Documents and Settings\Rodina\Dokumenty\Euro Truck Simulator 2
2013-12-14 09:13 - 2012-12-08 14:36 - 00084992 _____ C:\Documents and Settings\Rodina\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-13 14:47 - 2013-01-26 07:14 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-11 16:38 - 2013-11-19 16:51 - 00000649 _____ C:\Documents and Settings\All Users\Plocha\ESL Wire.lnk
2013-12-11 16:38 - 2013-11-19 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\ESL Wire
2013-12-11 16:38 - 2012-12-02 11:12 - 00000000 ____D C:\Program Files\EslWire
2013-12-08 16:53 - 2012-12-24 11:34 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\vlc
2013-12-08 15:49 - 2012-12-01 14:01 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2013-12-06 15:51 - 2013-12-06 15:51 - 00000839 _____ C:\Documents and Settings\All Users\Plocha\aTube Catcher.lnk
2013-12-06 15:51 - 2013-12-06 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\aTube Catcher
2013-12-06 15:13 - 2013-12-06 15:12 - 00000597 _____ C:\Documents and Settings\Rodina\Plocha\Zástupce - Anticheat.lnk
2013-12-06 15:13 - 2013-06-01 09:15 - 00000000 ____D C:\Shifters Anticheat
2013-12-04 16:56 - 2013-10-17 17:27 - 00002563 _____ C:\Documents and Settings\Rodina\Plocha\Microsoft Office Word 2007.lnk
2013-12-01 14:53 - 2012-12-01 13:48 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty\Filmy
2013-12-01 11:09 - 2013-12-01 11:05 - 00000000 ____D C:\Documents and Settings\Rodina\Data aplikací\Systweak
2013-11-30 15:33 - 2013-11-30 15:33 - 00000000 ____D C:\Documents and Settings\Rodina\Dokumenty\Lucius
2013-11-29 15:45 - 2013-11-19 16:52 - 00932744 _____ (<Turtle Entertainment>) C:\WINDOWS\system32\Drivers\ESLWireACD.sys
2013-11-26 20:17 - 2012-12-01 16:34 - 00000000 ____D C:\Program Files\Google
2013-11-23 09:39 - 2013-11-23 09:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-23 09:39 - 2013-11-23 09:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-23 09:38 - 2013-11-23 09:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-23 09:37 - 2013-11-23 09:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-22 16:41 - 2013-11-22 16:41 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Steam

Files to move or delete:
====================
regsvr32 /s /n /i:U shell32
C:\Documents and Settings\Rodina\GLU32.DLL
C:\Documents and Settings\Rodina\OPENGL32.DLL


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-04-14 09:52] - [2008-04-14 09:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2008-04-14 09:52] - [2008-04-14 09:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2008-04-14 09:52] - [2008-04-14 09:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2012-05-22 18:10] - [2012-05-22 18:10] - 0111104 ____A (Microsoft Corporation) 3d107d45ccfdb266e91d84b52cd7f430

C:\Windows\System32\User32.dll
[2008-04-14 09:52] - [2008-04-14 09:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2008-04-14 09:52] - [2008-04-14 09:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 08:42] - [2008-04-14 08:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1





===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:156.25 GB) (Free:120.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:292.97 GB) (Free:147.36 GB) NTFS

Available physical RAM: 1203.82 MB
Total physical RAM: 2046.73 MB
Percentage of memory in use: 41%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 466 GB) (Disk ID: 60D7F282)
Partition 1: (Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Driver Booster Update.job => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Documents and Settings\Rodina\Plocha:D.rar

==================== Security Center ==================

AV: AVG AntiVirus 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Rodina\Plocha" je 13473 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121
C:\Program Files\AVAST Software\Avast\setup\emupdate\6b525958-15d4-411d-9891-9bf3708fc1bd.exe /check [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire
"C:\Program Files\EslWire\wire.exe" --tray [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MzRAMBooster
C:\Program Files\Mz Ultimate Tools\Mz RAM Booster\MzRAMBooster.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shifters
C:\Shifters Anticheat\protokol.exe shifters:// [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"C:\Program Files\Steam\steam.exe" -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rodina^Nabdka Start^Programy^Po sputn^Vezy obrazovky a sputn aplikace OneNote 2007.lnk
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE /tsr [x]


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
IMFservice REG_DWORD 0x2
PCSUService REG_DWORD 0x2
FontCache3.0.0.0 REG_DWORD 0x3
SkypeUpdate REG_DWORD 0x2
ose REG_DWORD 0x3
JavaQuickStarterService REG_DWORD 0x2
idsvc REG_DWORD 0x3
Hamachi2Svc REG_DWORD 0x2
gusvc REG_DWORD 0x3
gupdatem REG_DWORD 0x3
gupdate REG_DWORD 0x2
Ati HotKey Poller REG_DWORD 0x3
AdvancedSystemCareService6 REG_DWORD 0x2
AdobeFlashPlayerUpdateSvc REG_DWORD 0x3
WebCake Desktop Updater REG_DWORD 0x2
Skype C2C Service REG_DWORD 0x3
BBUpdate REG_DWORD 0x3
BBSvc REG_DWORD 0x2
Application Updater REG_DWORD 0x3

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\WINDOWS\\system32\\msiexec.exe"="C:\\WINDOWS\\system32\\msiexec.exe:*:Enabled:UpdateManagerSetup"
"D:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\lancraft.exe"="D:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\lancraft.exe:*:Enabled:lancraft"
"D:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\Warcraft III.exe"="D:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\All Users\\Data aplikac\\Battle.net\\Agent\\Agent.1675\\Agent.exe"="C:\\Documents and Settings\\All Users\\Data aplikac\\Battle.net\\Agent\\Agent.1675\\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\\Documents and Settings\\All Users\\Data aplikac\\Battle.net\\Agent\\Agent.2045\\Agent.exe"="C:\\Documents and Settings\\All Users\\Data aplikac\\Battle.net\\Agent\\Agent.2045\\Agent.exe:*:Enabled:Battle.net Update Agent"
"D:\\Adam\\COD 2\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Adam\\COD 2\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"="C:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"="C:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\EslWire\\wire.exe"="C:\\Program Files\\EslWire\\wire.exe:*:Enabled:ESL Wire Client"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"59062:TCP"="59062:TCP:*:Enabled:Pando Media Booster"
"59062:UDP"="59062:UDP:*:Enabled:Pando Media Booster"
"1723:TCP"="1723:TCP:*:Enabled:@xpsp2res.dll,-22015"
"1701:UDP"="1701:UDP:*:Enabled:@xpsp2res.dll,-22016"
"500:UDP"="500:UDP:*:Enabled:@xpsp2res.dll,-22017"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP"="5985:TCP:*:Disabled:Vzdlen sprva systmu Windows "
"59062:TCP"="59062:TCP:*:Enabled:Pando Media Booster"
"59062:UDP"="59062:UDP:*:Enabled:Pando Media Booster"
"1723:TCP"="1723:TCP:*:Enabled:@xpsp2res.dll,-22015"
"1701:UDP"="1701:UDP:*:Enabled:@xpsp2res.dll,-22016"
"500:UDP"="500:UDP:*:Enabled:@xpsp2res.dll,-22017"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\Default User\...\RunOnce: [_nltide_2] - regsvr32 /s /n /i:U shell32
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1372776027
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1372776027
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... 84883&ts=0
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... 84883&ts=0
SearchScopes: HKCU - 65881E8FF08F4F02B0BC133DC5091A24 URL = http://search.softonic.com/INF00176/tb_ ... bd6c&r=171
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... 11D8C7BD6C
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_ ... 84883&ts=0
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={A16 ... 2013-09-22 09:22:10&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
Handler: viprotocol - No CLSID Value -
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=i ... 1372776027"
CHR DefaultSearchKeyword: delta-homes
CHR DefaultSearchProvider: delta-homes
CHR DefaultSearchURL: http://search.delta-homes.com/web/?utm_ ... default&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (SweetIM for Facebook) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0
CHR Extension: (Slick Savings) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx
S4 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Documents and Settings\Rodina\Plocha:D.rar
End

Uložte na plochu jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.

[Adámek]

Hotovo.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-12-2013 02
Ran by Rodina at 2013-12-22 11:41:57 Run:1
Running from C:\Documents and Settings\Rodina\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\Default User\...\RunOnce: [_nltide_2] - regsvr32 /s /n /i:U shell32
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1372776027
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1372776027
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... 84883&ts=0
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... 84883&ts=0
SearchScopes: HKCU - 65881E8FF08F4F02B0BC133DC5091A24 URL = http://search.softonic.com/INF00176/tb_ ... bd6c&r=171
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... 11D8C7BD6C
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_ ... 84883&ts=0
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={A16 ... 2013-09-22 09:22:10&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
Handler: viprotocol - No CLSID Value -
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=i ... 1372776027"
CHR DefaultSearchKeyword: delta-homes
CHR DefaultSearchProvider: delta-homes
CHR DefaultSearchURL: http://search.delta-homes.com/web/?utm_ ... default&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (SweetIM for Facebook) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0
CHR Extension: (Slick Savings) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx
S4 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Documents and Settings\Rodina\Plocha:D.rar
End
*****************

HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\65881E8FF08F4F02B0BC133DC5091A24 => Key deleted successfully.
HKCR\Wow6432Node\CLSID\65881E8FF08F4F02B0BC133DC5091A24 => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\PROTOCOLS\Handler\Handler: viprotocol - No CLSID Value - => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=i ... 1372776027" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: delta-homes ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: delta-homes ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.delta-homes.com/web/?utm_ ... default&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn directory not found.
C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk directory not found.
C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key not found.
"C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key not found.
"C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn => Key not found.
C:\Documents and Settings\Rodina\Local Settings\Data aplikací\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key not found.
"C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx" => File/Directory not found.
Skype C2C Service => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Documents and Settings\Rodina\Plocha => ":D.rar" ADS removed successfully.

==== End of Fixlog ====

[Rudy]

Smazáno. Nastala nějaká změna?

[Adámek]

Zatím nepociťuji žádné změny.

[Adámek]

Nějaké jiné nápady?

[Rudy]

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[Adámek]

Pardon měl jsem pár věcí na vyřízení už jsem tu.
Tady je log z ComboFix:

ComboFix 13-12-20.01 - Rodina 22.12.2013 14:45:19.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1235 [GMT 1:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG AntiVirus 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-22 do 2013-12-22 )))))))))))))))))))))))))))))))
.
.
2013-12-22 10:38 . 2013-12-22 10:39 29696 ----a-w- c:\documents and settings\Rodina\Local Settings\Data aplikací\MSGBOX.EXE
2013-12-22 09:26 . 2013-12-22 09:55 -------- d-----w- C:\AdwCleaner
2013-12-22 08:24 . 2013-12-22 08:24 -------- d-----w- C:\FRST
2013-12-21 17:28 . 2013-12-21 17:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Doctor Web
2013-12-21 17:28 . 2013-12-21 17:28 -------- d-----w- c:\documents and settings\Rodina\Doctor Web
2013-12-21 17:21 . 2013-12-21 17:21 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-12-21 16:40 . 2013-12-21 16:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-21 16:40 . 2013-12-21 16:40 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\Malwarebytes
2013-12-21 16:39 . 2013-12-21 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-12-21 15:39 . 2013-12-21 15:39 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2013-12-21 13:42 . 2013-12-21 13:42 -------- d-----w- c:\windows\system32\wbem\Repository
2013-12-21 10:58 . 2013-12-22 13:43 -------- d-----w- c:\program files\Steam
2013-12-20 15:10 . 2013-12-20 15:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\IObit
2013-12-20 14:39 . 2013-12-20 14:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2013-12-20 14:39 . 2013-12-20 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-20 11:20 . 2013-12-20 11:20 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\IObit
2013-12-20 11:14 . 2013-12-20 11:14 -------- d-----w- c:\documents and settings\Rodina\LocalLow
2013-12-16 14:35 . 2013-05-22 17:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-12-15 14:43 . 2013-12-16 14:30 -------- d-----w- c:\program files\Games By GG releases
2013-12-15 09:27 . 2013-12-15 09:27 -------- d-----w- c:\program files\Seznam.cz
2013-12-15 09:26 . 2013-12-15 17:01 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-15 09:26 . 2013-12-15 09:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-11-23 08:38 . 2013-10-09 13:13 287744 -c----w- c:\windows\system32\dllcache\gdi32.dll
2013-11-23 08:37 . 2013-10-07 11:00 606208 -c----w- c:\windows\system32\dllcache\crypt32.dll
2013-11-23 08:36 . 2013-10-12 15:57 279552 -c----w- c:\windows\system32\dllcache\oakley.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-21 14:36 . 2012-12-01 15:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-21 14:36 . 2012-12-01 15:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-21 08:36 . 2009-05-05 08:58 13976 ----a-w- c:\windows\system32\drivers\videX32.sys
2013-12-20 15:46 . 2012-12-01 16:02 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-11-29 14:45 . 2013-11-19 15:52 932744 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2013-11-13 03:00 . 2012-02-29 16:08 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2012-05-22 17:12 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 06:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:51 . 2012-05-22 17:16 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:45 . 2012-05-22 17:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:45 . 2012-05-22 17:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:45 . 2012-05-22 17:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:45 . 2012-05-22 17:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 00:45 . 2012-05-22 17:17 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2008-04-14 08:51 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-14 15:57 . 2013-10-14 15:57 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2013-10-12 17:17 . 2013-10-12 07:07 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-10-12 17:17 . 2013-10-12 07:07 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-10-12 15:57 . 2012-05-22 17:11 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2012-05-22 17:10 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 05:50 . 2013-10-20 11:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 05:29 . 2013-10-20 11:24 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 11:00 . 2008-04-14 08:51 606208 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-21 14:26 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10921475-03CE-4E04-90CE-E2E7EF20C814}"= "c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll" [2013-12-21 752448]
.
[HKEY_CLASSES_ROOT\clsid\{10921475-03ce-4e04-90ce-e2e7ef20c814}]
[HKEY_CLASSES_ROOT\UninstallExplorer32.ExplorerBtn]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"cz.seznam.software.autoupdate"="c:\documents and settings\Rodina\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\Rodina\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"Steam"="c:\program files\Steam\steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
2013-11-23 18:22 180184 ----a-w- c:\program files\AVAST Software\Avast\Setup\emupdate\6b525958-15d4-411d-9891-9bf3708fc1bd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 08:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-10-28 08:29 3675352 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2013-12-09 10:38 2641920 ----a-w- c:\program files\EslWire\wire.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MzRAMBooster]
2011-02-10 21:37 295936 ----a-w- c:\program files\Mz Ultimate Tools\Mz RAM Booster\MzRAMBooster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shifters]
2013-12-06 14:04 9728 ----a-w- c:\shifters anticheat\protokol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-02 11:12 20474016 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-05-27 11:34 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-12-11 19:40 1823656 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IMFservice"=2 (0x2)
"PCSUService"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Ati HotKey Poller"=3 (0x3)
"AdvancedSystemCareService6"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WebCake Desktop Updater"=2 (0x2)
"Skype C2C Service"=3 (0x3)
"BBUpdate"=3 (0x3)
"BBSvc"=2 (0x2)
"Application Updater"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"d:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\lancraft.exe"=
"d:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.1675\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.2045\\Agent.exe"=
"d:\\Adam\\COD 2\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"59062:TCP"= 59062:TCP:Pando Media Booster
"59062:UDP"= 59062:UDP:Pando Media Booster
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [20.9.2013 16:59 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [20.9.2013 16:59 177864]
R0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [19.11.2013 16:52 932744]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9.11.2013 13:12 14776]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 viadsk;viadsk;c:\windows\system32\drivers\viadsk.sys [19.6.2003 18:00 56576]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [15.3.2013 14:17 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.9.2013 16:59 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.9.2013 17:00 369584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.12.2013 10:26 243128]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.9.2013 17:00 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [20.9.2013 16:59 66336]
R2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [19.11.2013 16:51 614416]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [23.9.2013 16:52 5071712]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [23.9.2013 16:39 23512]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys --> c:\windows\system32\drivers\LGBusEnum.sys [?]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys --> c:\windows\system32\DRIVERS\LGSHidFilt.Sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys --> c:\windows\system32\drivers\LGVirHid.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21.12.2013 17:40 40776]
S3 S3chipid;S3chipid; [x]
S3 vtany;vtany; [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S3 xhunter1;xhunter1; [x]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [?]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 09:11 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 14:36]
.
2013-12-22 c:\windows\Tasks\ASC7_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 7\Monitor.exe [2013-12-20 15:10]
.
2013-12-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-09-20 07:47]
.
2013-12-22 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-12-21 10:01]
.
2013-05-11 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2013-07-09 13:21]
.
2013-12-22 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-09 17:49]
.
2013-12-22 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-11-09 17:23]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\_uninst_70881074.lnk - c:\documents and settings\Rodina\Local Settings\temp\_uninst_70881074.bat
c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\_uninst_70881074.lnk - c:\documents and settings\Rodina\Local Settings\temp\_uninst_70881074.bat
c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\_uninst_70881074.lnk - c:\documents and settings\Rodina\Local Settings\temp\_uninst_70881074.bat
c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\_uninst_70881074.lnk - c:\documents and settings\Rodina\Local Settings\temp\_uninst_70881074.bat
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 14:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-688789844-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:99,2e,ba,f5,c7,30,8d,47,42,7c,4d,52,d7,45,8b,32,8d,72,6f,a1,7a,
36,57,09,dd,8d,71,70,e3,78,97,6c,2b,8e,a5,78,c8,32,33,3c,53,59,db,30,67,13,\
"rkeysecu"=hex:53,69,49,f1,0c,b1,53,6d,0d,90,52,df,af,09,09,8b
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2160)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-12-22 14:52:35
ComboFix-quarantined-files.txt 2013-12-22 13:52
.
Před spuštěním: Volných bajtů: 128 374 198 272
Po spuštění: Volných bajtů: 128 837 033 984
.
- - End Of File - - C2B6E0865EDD5E75F671E464DE44B89F
413FC2A0C716421B3158746D63736515

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"=-

Drivers::
vtany
xhunter1

Regnull::
[HKEY_USERS\S-1-5-21-1343024091-688789844-682003330-1003\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Adámek]

omboFix 13-12-21.01 - Rodina 22.12.2013 19:02:22.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1397 [GMT 1:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rodina\Plocha\CFScript.txt.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-22 do 2013-12-22 )))))))))))))))))))))))))))))))
.
.
2013-12-22 18:09 . 2013-12-22 18:09 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-12-22 18:09 . 2013-12-22 18:09 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-12-22 18:09 . 2013-12-22 18:09 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-12-22 18:09 . 2013-12-22 18:09 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-12-22 18:09 . 2013-12-22 18:09 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-12-22 18:09 . 2013-12-22 18:09 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-12-22 17:29 . 2009-11-24 01:37 14856 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2013-12-22 17:29 . 2009-11-24 01:37 19720 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2013-12-22 17:29 . 2012-10-02 22:26 42040 ----a-w- c:\windows\system32\drivers\LGSHidFilt.Sys
2013-12-22 17:29 . 2012-10-02 22:26 1583896 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2013-12-22 17:28 . 2013-12-22 17:58 -------- d-----w- c:\windows\LastGood.Tmp
2013-12-22 17:28 . 2013-12-22 17:29 -------- d-----w- c:\program files\Logitech Gaming Software
2013-12-22 15:45 . 2013-12-22 15:45 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\AVG2014
2013-12-22 15:44 . 2013-12-22 15:44 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\AVG2014
2013-12-22 15:33 . 2013-12-22 15:44 -------- d-----w- c:\documents and settings\Rodina\Local Settings\Data aplikací\Avg2014
2013-12-22 10:38 . 2013-12-22 10:39 29696 ----a-w- c:\documents and settings\Rodina\Local Settings\Data aplikací\MSGBOX.EXE
2013-12-22 09:26 . 2013-12-22 09:55 -------- d-----w- C:\AdwCleaner
2013-12-22 08:24 . 2013-12-22 08:24 -------- d-----w- C:\FRST
2013-12-21 17:28 . 2013-12-21 17:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Doctor Web
2013-12-21 17:28 . 2013-12-21 17:28 -------- d-----w- c:\documents and settings\Rodina\Doctor Web
2013-12-21 17:21 . 2013-12-21 17:21 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-12-21 16:40 . 2013-12-21 16:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-21 16:40 . 2013-12-21 16:40 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\Malwarebytes
2013-12-21 16:39 . 2013-12-21 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-12-21 15:39 . 2013-12-21 15:39 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2013-12-21 13:42 . 2013-12-21 13:42 -------- d-----w- c:\windows\system32\wbem\Repository
2013-12-21 10:58 . 2013-12-22 18:09 -------- d-----w- c:\program files\Steam
2013-12-20 15:10 . 2013-12-20 15:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\IObit
2013-12-20 14:39 . 2013-12-20 14:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2013-12-20 14:39 . 2013-12-20 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-20 11:20 . 2013-12-20 11:20 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\IObit
2013-12-20 11:14 . 2013-12-20 11:14 -------- d-----w- c:\documents and settings\Rodina\LocalLow
2013-12-16 14:35 . 2013-05-22 17:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-12-15 14:43 . 2013-12-16 14:30 -------- d-----w- c:\program files\Games By GG releases
2013-12-15 09:27 . 2013-12-15 09:27 -------- d-----w- c:\program files\Seznam.cz
2013-12-15 09:26 . 2013-12-15 17:01 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-15 09:26 . 2013-12-15 09:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-11-23 08:38 . 2013-10-09 13:13 287744 -c----w- c:\windows\system32\dllcache\gdi32.dll
2013-11-23 08:37 . 2013-10-07 11:00 606208 -c----w- c:\windows\system32\dllcache\crypt32.dll
2013-11-23 08:36 . 2013-10-12 15:57 279552 -c----w- c:\windows\system32\dllcache\oakley.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-22 17:31 . 2012-12-01 16:43 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-12-21 14:36 . 2012-12-01 15:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-21 14:36 . 2012-12-01 15:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-21 08:36 . 2009-05-05 08:58 13976 ----a-w- c:\windows\system32\drivers\videX32.sys
2013-12-20 15:46 . 2012-12-01 16:02 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-11-29 14:45 . 2013-11-19 15:52 932744 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2013-11-13 03:00 . 2012-02-29 16:08 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2012-05-22 17:12 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 06:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:51 . 2012-05-22 17:16 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:45 . 2012-05-22 17:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:45 . 2012-05-22 17:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:45 . 2012-05-22 17:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:45 . 2012-05-22 17:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 00:45 . 2012-05-22 17:17 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2008-04-14 08:51 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-14 15:57 . 2013-10-14 15:57 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2013-10-12 17:17 . 2013-10-12 07:07 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-10-12 17:17 . 2013-10-12 07:07 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-10-12 15:57 . 2012-05-22 17:11 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2012-05-22 17:10 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 05:50 . 2013-10-20 11:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 05:29 . 2013-10-20 11:24 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 11:00 . 2008-04-14 08:51 606208 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"cz.seznam.software.autoupdate"="c:\documents and settings\Rodina\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\Rodina\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"Steam"="c:\program files\Steam\steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 5479224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 08:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-10-28 08:29 3675352 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2013-12-09 10:38 2641920 ----a-w- c:\program files\EslWire\wire.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MzRAMBooster]
2011-02-10 21:37 295936 ----a-w- c:\program files\Mz Ultimate Tools\Mz RAM Booster\MzRAMBooster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shifters]
2013-12-06 14:04 9728 ----a-w- c:\shifters anticheat\protokol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-02 11:12 20474016 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-05-27 11:34 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-12-11 19:40 1823656 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IMFservice"=2 (0x2)
"PCSUService"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Ati HotKey Poller"=3 (0x3)
"AdvancedSystemCareService6"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WebCake Desktop Updater"=2 (0x2)
"Skype C2C Service"=3 (0x3)
"BBUpdate"=3 (0x3)
"BBSvc"=2 (0x2)
"Application Updater"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"d:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\lancraft.exe"=
"d:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.1675\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.2045\\Agent.exe"=
"d:\\Adam\\COD 2\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"59062:TCP"= 59062:TCP:Pando Media Booster
"59062:UDP"= 59062:UDP:Pando Media Booster
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [19.11.2013 16:52 932744]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9.11.2013 13:12 14776]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 viadsk;viadsk;c:\windows\system32\drivers\viadsk.sys [19.6.2003 18:00 56576]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [15.3.2013 14:17 21576]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.12.2013 10:26 243128]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [19.11.2013 16:51 614416]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [23.9.2013 16:52 5071712]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [22.12.2013 18:29 19720]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\drivers\LGSHidFilt.Sys [22.12.2013 18:29 42040]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [22.12.2013 18:29 14856]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [23.9.2013 16:39 23512]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21.12.2013 17:40 40776]
S3 S3chipid;S3chipid; [x]
S3 vtany;vtany; [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S3 xhunter1;xhunter1; [x]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [?]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 09:11 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 14:36]
.
2013-12-22 c:\windows\Tasks\ASC7_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 7\Monitor.exe [2013-12-20 15:10]
.
2013-12-22 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-12-21 10:01]
.
2013-05-11 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2013-07-09 13:21]
.
2013-12-22 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-09 17:49]
.
2013-12-22 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-11-09 17:23]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-20131121 - c:\program files\AVAST Software\Avast\setup\emupdate\6b525958-15d4-411d-9891-9bf3708fc1bd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 19:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Opera\18.0.1284.68\opera.exe
c:\program files\Opera\18.0.1284.68\opera_crashreporter.exe
c:\program files\Opera\18.0.1284.68\opera.exe
c:\program files\Opera\18.0.1284.68\opera.exe
c:\program files\Opera\18.0.1284.68\opera.exe
c:\program files\Opera\18.0.1284.68\opera.exe
c:\program files\Opera\18.0.1284.68\opera.exe
.
**************************************************************************
.
Celkový čas: 2013-12-22 19:12:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-22 18:12
ComboFix2.txt 2013-12-22 13:52
.
Před spuštěním: Volných bajtů: 127 834 083 328
Po spuštění: Volných bajtů: 127 849 746 432
.
- - End Of File - - 684B08C1D3F6438CA6124EE13ABCDB7B
413FC2A0C716421B3158746D63736515

[Rudy]

CF nemazal, skript byl chybně uložen. Musíte ho uložit jako CFScript.txt , nikoli jako CFScript.txt.txt.
.
.

[Adámek]

Aha, tak tady to je.

ComboFix 13-12-21.01 - Rodina 23.12.2013 8:47.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1435 [GMT 1:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rodina\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-23 do 2013-12-23 )))))))))))))))))))))))))))))))
.
.
2013-12-23 07:55 . 2013-12-23 07:55 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-12-23 07:55 . 2013-12-23 07:55 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-12-23 07:55 . 2013-12-23 07:55 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-12-23 07:55 . 2013-12-23 07:55 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-12-23 07:55 . 2013-12-23 07:55 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-12-23 07:55 . 2013-12-23 07:55 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-12-23 07:55 . 2013-12-23 07:55 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-12-23 07:55 . 2013-12-23 07:55 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-12-23 07:55 . 2013-12-23 07:55 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-12-23 07:55 . 2013-12-23 07:55 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-12-23 07:55 . 2013-12-23 07:55 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-12-23 07:55 . 2013-12-23 07:55 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-12-23 07:54 . 2013-12-23 07:54 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-12-23 07:54 . 2013-12-23 07:54 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-12-23 07:54 . 2013-12-23 07:54 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-12-23 07:54 . 2013-12-23 07:54 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-12-23 07:54 . 2013-12-23 07:54 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-12-23 07:40 . 2013-12-23 07:40 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\AVAST Software
2013-12-23 07:40 . 2013-12-23 07:40 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-23 07:40 . 2013-12-23 07:40 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-23 07:40 . 2013-12-23 07:40 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-23 07:40 . 2013-12-23 07:40 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-23 07:40 . 2013-12-23 07:40 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-23 07:40 . 2013-12-23 07:40 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-23 07:40 . 2013-12-23 07:40 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-12-23 07:40 . 2013-12-23 07:40 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-23 07:40 . 2013-12-23 07:40 43152 ----a-w- c:\windows\avastSS.scr
2013-12-22 17:29 . 2009-11-24 01:37 14856 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2013-12-22 17:29 . 2009-11-24 01:37 19720 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys
2013-12-22 17:29 . 2012-10-02 22:26 42040 ----a-w- c:\windows\system32\drivers\LGSHidFilt.Sys
2013-12-22 17:29 . 2012-10-02 22:26 1583896 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2013-12-22 17:28 . 2013-12-22 17:29 -------- d-----w- c:\program files\Logitech Gaming Software
2013-12-22 15:45 . 2013-12-22 15:45 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\AVG2014
2013-12-22 15:44 . 2013-12-22 15:44 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\AVG2014
2013-12-22 15:33 . 2013-12-22 15:44 -------- d-----w- c:\documents and settings\Rodina\Local Settings\Data aplikací\Avg2014
2013-12-22 10:38 . 2013-12-22 10:39 29696 ----a-w- c:\documents and settings\Rodina\Local Settings\Data aplikací\MSGBOX.EXE
2013-12-22 09:26 . 2013-12-22 09:55 -------- d-----w- C:\AdwCleaner
2013-12-22 08:24 . 2013-12-22 08:24 -------- d-----w- C:\FRST
2013-12-21 17:28 . 2013-12-21 17:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Doctor Web
2013-12-21 17:28 . 2013-12-21 17:28 -------- d-----w- c:\documents and settings\Rodina\Doctor Web
2013-12-21 17:21 . 2013-12-21 17:21 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-12-21 16:40 . 2013-12-21 16:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-21 16:40 . 2013-12-21 16:40 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\Malwarebytes
2013-12-21 16:39 . 2013-12-21 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-12-21 15:39 . 2013-12-21 15:39 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2013-12-21 13:42 . 2013-12-21 13:42 -------- d-----w- c:\windows\system32\wbem\Repository
2013-12-21 10:58 . 2013-12-23 07:54 -------- d-----w- c:\program files\Steam
2013-12-20 15:10 . 2013-12-20 15:10 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\IObit
2013-12-20 14:39 . 2013-12-20 14:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2013-12-20 14:39 . 2013-12-20 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-20 11:20 . 2013-12-20 11:20 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\IObit
2013-12-20 11:14 . 2013-12-20 11:14 -------- d-----w- c:\documents and settings\Rodina\LocalLow
2013-12-16 14:35 . 2013-05-22 17:49 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-12-15 14:43 . 2013-12-16 14:30 -------- d-----w- c:\program files\Games By GG releases
2013-12-15 09:27 . 2013-12-15 09:27 -------- d-----w- c:\program files\Seznam.cz
2013-12-15 09:26 . 2013-12-15 17:01 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-15 09:26 . 2013-12-15 09:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-11-23 08:38 . 2013-10-09 13:13 287744 -c----w- c:\windows\system32\dllcache\gdi32.dll
2013-11-23 08:37 . 2013-10-07 11:00 606208 -c----w- c:\windows\system32\dllcache\crypt32.dll
2013-11-23 08:36 . 2013-10-12 15:57 279552 -c----w- c:\windows\system32\dllcache\oakley.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-23 07:40 . 2013-01-05 10:02 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-22 17:31 . 2012-12-01 16:43 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-12-21 14:36 . 2012-12-01 15:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-21 14:36 . 2012-12-01 15:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-21 08:36 . 2009-05-05 08:58 13976 ----a-w- c:\windows\system32\drivers\videX32.sys
2013-12-20 15:46 . 2012-12-01 16:02 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-11-29 14:45 . 2013-11-19 15:52 932744 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2013-11-13 03:00 . 2012-02-29 16:08 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2012-05-22 17:12 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 06:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:51 . 2012-05-22 17:16 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:45 . 2012-05-22 17:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:45 . 2012-05-22 17:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:45 . 2012-05-22 17:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:45 . 2012-05-22 17:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 00:45 . 2012-05-22 17:17 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2008-04-14 08:51 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-14 15:57 . 2013-10-14 15:57 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2013-10-12 17:17 . 2013-10-12 07:07 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-10-12 17:17 . 2013-10-12 07:07 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-10-12 15:57 . 2012-05-22 17:11 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2012-05-22 17:10 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 05:50 . 2013-10-20 11:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 05:29 . 2013-10-20 11:24 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 11:00 . 2008-04-14 08:51 606208 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-23 07:40 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"cz.seznam.software.autoupdate"="c:\documents and settings\Rodina\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\Rodina\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"Steam"="c:\program files\Steam\steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 5479224]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-23 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rodina^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 08:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-10-28 08:29 3675352 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2013-12-09 10:38 2641920 ----a-w- c:\program files\EslWire\wire.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MzRAMBooster]
2011-02-10 21:37 295936 ----a-w- c:\program files\Mz Ultimate Tools\Mz RAM Booster\MzRAMBooster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shifters]
2013-12-06 14:04 9728 ----a-w- c:\shifters anticheat\protokol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-02 11:12 20474016 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-05-27 11:34 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-12-11 19:40 1823656 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IMFservice"=2 (0x2)
"PCSUService"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Ati HotKey Poller"=3 (0x3)
"AdvancedSystemCareService6"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WebCake Desktop Updater"=2 (0x2)
"Skype C2C Service"=3 (0x3)
"BBUpdate"=3 (0x3)
"BBSvc"=2 (0x2)
"Application Updater"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"d:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\lancraft.exe"=
"d:\\Adam\\W3\\Warcraft 3 + Frozen Throne CZ Full Patched 1.26\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.1675\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.2045\\Agent.exe"=
"d:\\Adam\\COD 2\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-Life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"59062:TCP"= 59062:TCP:Pando Media Booster
"59062:UDP"= 59062:UDP:Pando Media Booster
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [23.12.2013 8:40 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [23.12.2013 8:40 178304]
R0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [19.11.2013 16:52 932744]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9.11.2013 13:12 14776]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 viadsk;viadsk;c:\windows\system32\drivers\viadsk.sys [19.6.2003 18:00 56576]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [15.3.2013 14:17 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.12.2013 8:40 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.12.2013 8:40 403440]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.12.2013 10:26 243128]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.12.2013 8:40 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23.12.2013 8:40 70384]
R2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [19.11.2013 16:51 614416]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [23.9.2013 16:52 5071712]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [22.12.2013 18:29 19720]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\drivers\LGSHidFilt.Sys [22.12.2013 18:29 42040]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [22.12.2013 18:29 14856]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [23.9.2013 16:39 23512]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21.12.2013 17:40 40776]
S3 S3chipid;S3chipid; [x]
S3 vtany;vtany; [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S3 xhunter1;xhunter1; [x]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [?]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 09:11 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 14:36]
.
2013-12-23 c:\windows\Tasks\ASC7_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 7\Monitor.exe [2013-12-20 15:10]
.
2013-12-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-23 07:40]
.
2013-12-23 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-12-21 10:01]
.
2013-05-11 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2013-07-09 13:21]
.
2013-12-23 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-09 17:49]
.
2013-12-23 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-11-09 17:23]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-23 08:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2013-12-23 08:57:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-23 07:57
ComboFix2.txt 2013-12-22 18:12
ComboFix3.txt 2013-12-22 13:52
.
Před spuštěním: Volných bajtů: 127 363 334 144
Po spuštění: Volných bajtů: 127 434 297 344
.
- - End Of File - - 23DA629AD560DB3CD1A2742F0E9EB12A
413FC2A0C716421B3158746D63736515

[Rudy]

Jak to vypadá nyní?