Logfile of random's system information tool 1.09 (written by random/random)
Run by Andy at 2014-03-04 15:48:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (7%) free of 220 GB
Total RAM: 2047 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:48:28, on 4. 3. 2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Andy\Dokumenty\Preberanie\RSIT.exe
C:\Program Files\trend micro\Andy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: YOTubuerAAdsRemmOv - {799DCFF1-F163-8F5D-F88F-1B786704DA56} - (no file)
O2 - BHO: (no name) - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Driver Detective] C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5848114359
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.4 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TCTRL_GSP - Zemiinc - C:\TServices_GSP\TControlSvr.exe
O23 - Service: TLOGIN_GSP - Zemiinc - C:\TServices_GSP\TLoginSvr.exe
O23 - Service: TMAP_GSP - Zemiinc - C:\TServices_GSP\TMapSvr.exe
O23 - Service: TRELAY_GSP - Zemiinc - C:\TServices_GSP\TRelaySvr.exe
O23 - Service: TWORLD_GSP - Zemiinc - C:\TServices_GSP\TWorldSvr.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe
--
End of file - 10910 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\Driver Detective-RTMRules.job
C:\WINDOWS\tasks\Driver Detective-RTMScan.job
C:\WINDOWS\tasks\Driver Detective-RTMUpdater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RMSchedule.job
C:\WINDOWS\tasks\SmartPCFix Task.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Andy\Data aplikací\Mozilla\Firefox\Profiles\h744dkaz.default
prefs.js - "browser.startup.homepage" - "http://google.com/"
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"extension@Fast_Free_Converter.com"=C:\Program Files\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799DCFF1-F163-8F5D-F88F-1B786704DA56}]
YOTubuerAAdsRemmOv
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8232785C-5C98-4A6E-B7B4-911FFBED7582}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2014-02-14 450560]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2014-02-26 3814736]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"Steam"=C:\Program Files\Steam\steam.exe [2014-02-25 1821888]
"Driver Detective"=C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 3847064]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-10-02 20472992]
"AdobeBridge"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-02-14 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableCMD"=0
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Andy\Data aplikací\uTorrent\uTorrent.exe"="C:\Documents and Settings\Andy\Data aplikací\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\2K Games\Borderlands Game of the Year Edition\Binaries\Borderlands.exe"="C:\Program Files\2K Games\Borderlands Game of the Year Edition\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\xampp\MercuryMail\mercury.exe"="C:\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.62"
"C:\xampp\FileZillaFTP\FileZillaServer.exe"="C:\xampp\FileZillaFTP\FileZillaServer.exe:*:Enabled:FileZilla Server"
"C:\Program Files\Java\jre7\bin\java.exe"="C:\Program Files\Java\jre7\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ubisoft\FarCry 3\bin\farcry3.exe"="C:\Program Files\Ubisoft\FarCry 3\bin\farcry3.exe:*:Enabled:FarCry 3 D3D9"
"C:\Program Files\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe"="C:\Program Files\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe:*:Enabled:FarCry 3 D3D11"
"C:\Program Files\Ubisoft\FarCry 3\bin\FC3Updater.exe"="C:\Program Files\Ubisoft\FarCry 3\bin\FC3Updater.exe:*:Enabled:FarCry 3 Updater"
"C:\Program Files\Ubisoft\FarCry 3\bin\FC3Editor.exe"="C:\Program Files\Ubisoft\FarCry 3\bin\FC3Editor.exe:*:Enabled:FarCry 3 IGE"
"C:\Program Files\EA Sports\NHL 09\nhl2009.exe"="C:\Program Files\EA Sports\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\KBot\KBot 7.32\KBotc.exe"="C:\Program Files\KBot\KBot 7.32\KBotc.exe:*:Enabled:KBot control center"
"C:\Program Files\KBot\KOpenStealth 2.01\KOpenStealth.exe"="C:\Program Files\KBot\KOpenStealth 2.01\KOpenStealth.exe:*:Enabled:KOpenStealth"
"C:\Program Files\Profibot\OpenStealth 2.01\OpenStealth.exe"="C:\Program Files\Profibot\OpenStealth 2.01\OpenStealth.exe:*:Enabled:OpenStealth"
"C:\Documents and Settings\Andy\Plocha\MerkavaBot.v0.20\MerkavaBot.exe"="C:\Documents and Settings\Andy\Plocha\MerkavaBot.v0.20\MerkavaBot.exe:*:Enabled:MerkavaBot"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Counter-Strike 1.6\csko.exe"="C:\Counter-Strike 1.6\csko.exe:*:Enabled:Half-Life Launcher"
"C:\Games\Panzar\start.exe"="C:\Games\Panzar\start.exe:*:Enabled:FBC Update Client"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Steam\SteamApps\common\Half-life\hl.exe"="C:\Program Files\Steam\SteamApps\common\Half-life\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe"="C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\Java\jdk1.7.0_40\bin\java.exe"="C:\Program Files\Java\jdk1.7.0_40\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Steam\SteamApps\common\Driver Fusion\DriverFusion.exe"="C:\Program Files\Steam\SteamApps\common\Driver Fusion\DriverFusion.exe:*:Enabled:Driver Fusion"
"C:\Program Files\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe"="C:\Program Files\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe:*:Enabled:Orcs Must Die! 2"
"C:\Program Files\Steam\SteamApps\common\Orcs Must Die 2\build\game\OrcsMustDie2.exe"="C:\Program Files\Steam\SteamApps\common\Orcs Must Die 2\build\game\OrcsMustDie2.exe:*:Enabled:Orcs Must Die 2"
"C:\Program Files\Steam\SteamApps\common\Magicka\Magicka.exe"="C:\Program Files\Steam\SteamApps\common\Magicka\Magicka.exe:*:Enabled:Magicka"
"C:\Program Files\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe"="C:\Program Files\Steam\SteamApps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe:*:Enabled:Sanctum 2"
"D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe"="D:\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe:*:Enabled:Garry's Mod"
"D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe"="D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe:*:Enabled:Counter-Strike: Global Offensive"
"C:\Program Files\Counter-Strike 1.6 Non-Steam\hl.exe"="C:\Program Files\Counter-Strike 1.6 Non-Steam\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Counter-Strike 1.6\hl.exe"="C:\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Andy\Plocha\TEdit(2)\TEdit.exe"="C:\Documents and Settings\Andy\Plocha\TEdit(2)\TEdit.exe:*:Enabled:TEdit.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
======List of files/folders created in the last 1 month======
2014-03-04 15:03:31 ----D---- C:\AdwCleaner
2014-03-03 17:28:26 ----A---- C:\WINDOWS\zip.exe
2014-03-03 17:28:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-03-03 17:28:26 ----A---- C:\WINDOWS\SWSC.exe
2014-03-03 17:28:26 ----A---- C:\WINDOWS\SWREG.exe
2014-03-03 17:28:26 ----A---- C:\WINDOWS\sed.exe
2014-03-03 17:28:26 ----A---- C:\WINDOWS\PEV.exe
2014-03-03 17:28:26 ----A---- C:\WINDOWS\NIRCMD.exe
2014-03-03 17:28:26 ----A---- C:\WINDOWS\MBR.exe
2014-03-03 17:28:26 ----A---- C:\WINDOWS\grep.exe
2014-03-03 17:28:18 ----SD---- C:\ComboFix
2014-03-03 17:27:16 ----D---- C:\Qoobox
2014-03-03 17:26:43 ----D---- C:\WINDOWS\erdnt
2014-03-03 17:00:01 ----D---- C:\rsit
2014-03-03 17:00:01 ----D---- C:\Program Files\trend micro
2014-02-28 16:27:26 ----D---- C:\Program Files\Valve
2014-02-28 12:28:50 ----D---- C:\Program Files\LogMeIn Hamachi
2014-02-27 23:59:03 ----D---- C:\Program Files\CCleaner
2014-02-13 03:43:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$
2014-02-06 17:32:31 ----D---- C:\Program Files\Lavalys
2014-02-06 17:22:15 ----D---- C:\Program Files\CPUID
2014-02-06 17:18:35 ----D---- C:\Program Files\GPU-Z
======List of files/folders modified in the last 1 month======
2014-03-04 15:48:15 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2014-03-04 15:27:12 ----D---- C:\Program Files\Steam
2014-03-04 15:25:31 ----D---- C:\WINDOWS\Temp
2014-03-04 15:25:18 ----D---- C:\WINDOWS\system32\inetsrv
2014-03-04 15:20:39 ----RD---- C:\Program Files
2014-03-04 15:13:47 ----D---- C:\Program Files\7-Zip
2014-03-04 15:10:34 ----D---- C:\WINDOWS
2014-03-04 15:09:18 ----D---- C:\WINDOWS\system32
2014-03-04 15:08:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-03-04 15:08:27 ----D---- C:\WINDOWS\system32\CatRoot2
2014-03-04 15:07:17 ----SD---- C:\WINDOWS\Tasks
2014-03-04 13:05:40 ----D---- C:\Program Files\Counter-Strike 1.6 Non-Steam
2014-03-04 12:48:16 ----D---- C:\WINDOWS\system32\dllcache
2014-03-04 12:47:35 ----HD---- C:\WINDOWS\inf
2014-03-03 23:58:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2014-03-03 23:45:03 ----SHD---- C:\System Volume Information
2014-03-03 23:45:03 ----D---- C:\WINDOWS\system32\Restore
2014-03-03 23:02:23 ----D---- C:\WINDOWS\system32\config
2014-03-03 17:27:18 ----D---- C:\WINDOWS\system32\drivers
2014-03-03 16:59:54 ----D---- C:\WINDOWS\Prefetch
2014-03-02 20:54:20 ----D---- C:\WINDOWS\system32\Cache
2014-03-01 05:03:49 ----D---- C:\Documents and Settings\Andy\Data aplikací\uTorrent
2014-02-28 18:18:36 ----D---- C:\Counter-Strike 1.6
2014-02-28 13:45:17 ----D---- C:\Documents and Settings\Andy\Data aplikací\Skype
2014-02-28 12:29:05 ----SHD---- C:\WINDOWS\Installer
2014-02-28 02:35:33 ----D---- C:\Documents and Settings\Andy\Data aplikací\DAEMON Tools Lite
2014-02-28 02:35:22 ----D---- C:\Documents and Settings\Andy\Data aplikací\TS3Client
2014-02-28 02:33:43 ----D---- C:\WINDOWS\Logs
2014-02-28 02:33:43 ----D---- C:\WINDOWS\Debug
2014-02-28 02:33:42 ----D---- C:\WINDOWS\Minidump
2014-02-27 21:37:52 ----HD---- C:\Program Files\InstallShield Installation Information
2014-02-27 19:37:47 ----D---- C:\Documents and Settings\Andy\Data aplikací\vlc
2014-02-27 15:41:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\dccc64aa7a063801
2014-02-25 01:08:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2014-02-25 01:06:43 ----D---- C:\Program Files\DivX
2014-02-21 19:14:57 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-15 20:45:41 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-02-15 11:25:59 ----D---- C:\Program Files\Mozilla Firefox
2014-02-13 16:20:26 ----D---- C:\Program Files\Opera
2014-02-13 13:24:22 ----RSD---- C:\WINDOWS\assembly
2014-02-13 13:24:22 ----D---- C:\WINDOWS\Microsoft.NET
2014-02-13 03:35:08 ----D---- C:\WINDOWS\WinSxS
2014-02-13 03:32:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-13 03:27:40 ----D---- C:\WINDOWS\system32\MRT
2014-02-13 03:21:23 ----A---- C:\WINDOWS\system32\MRT.exe
2014-02-13 03:08:53 ----D---- C:\Program Files\Internet Explorer
2014-02-13 03:08:31 ----D---- C:\WINDOWS\ie8updates
2014-02-13 00:41:47 ----D---- C:\WINDOWS\system32\DirectX
2014-02-08 23:14:20 ----A---- C:\WINDOWS\NeroDigital.ini
2014-02-06 04:38:36 ----A---- C:\WINDOWS\system32\wininet.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\occache.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\mstime.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\mshtmled.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\licmgr10.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\jsproxy.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\url.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-02-06 00:08:33 ----N---- C:\WINDOWS\system32\iepeers.dll
2014-02-06 00:08:33 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\corpol.dll
2014-02-05 23:24:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-06-27 175176]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2009-02-14 100736]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-02-14 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-05-09 21576]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-06-27 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-06-27 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-04-14 242240]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-02-14 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-08-25 14208]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CEDRIVER60;CEDRIVER60; \??\C:\Program Files\Cheat Engine 6.2\dbk32.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 GPU-Z;GPU-Z; \??\C:\DOCUME~1\Andy\LOCALS~1\Temp\GPU-Z.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-02-14 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-02-14 82944]
S4 RsFx0103;RsFx0103 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
S4 RsFx0150;RsFx0150 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.4;Apache2.4; C:\xampp\apache\bin\httpd.exe [2012-08-18 22016]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2014-02-26 1678672]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-12-18 182696]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-02-26 375056]
R2 MSSQL$P4STORY;SQL Server (P4STORY); C:\Program Files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\sqlservr.exe [2011-04-24 42872672]
R2 MSSQL$PSTORY;SQL Server (PSTORY); C:\Program Files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\sqlservr.exe [2011-04-24 42872672]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793048]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-05-26 76888]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-04-03 97632]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-14 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S2 XAMPP;XAMPP Service; C:\xampp\service.exe [2012-04-16 60928]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 257928]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-14 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-15 118896]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2013-12-11 569768]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TCTRL_GSP;TCTRL_GSP; C:\TServices_GSP\TControlSvr.exe [2012-11-22 221184]
S3 TLOGIN_GSP;TLOGIN_GSP; C:\TServices_GSP\TLoginSvr.exe [2012-11-22 159744]
S3 TMAP_GSP;TMAP_GSP; C:\TServices_GSP\TMapSvr.exe [2012-11-22 1142784]
S3 TRELAY_GSP;TRELAY_GSP; C:\TServices_GSP\TRelaySvr.exe [2012-11-22 159744]
S3 TWORLD_GSP;TWORLD_GSP; C:\TServices_GSP\TWorldSvr.exe [2012-11-22 602112]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$P4STORY;SQL Server Agent (P4STORY); C:\Program Files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 367456]
S4 SQLAgent$PSTORY;SQL Server Agent (PSTORY); C:\Program Files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\SQLAGENT.EXE [2011-04-24 367456]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-04-03 267616]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu
Zdravím, pouštět si na vlastní pěst ComboFix Ti poradil kdo 
Tohle fixni v HJT :
O2 - BHO: YOTubuerAAdsRemmOv - {799DCFF1-F163-8F5D-F88F-1B786704DA56} - (no file)
O2 - BHO: (no name) - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Driver Detective] C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\Andy.exe
Fix znamená že spustíš HJT
jako admin
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
NBService
NMIndexingService
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Tohle fixni v HJT :
O2 - BHO: YOTubuerAAdsRemmOv - {799DCFF1-F163-8F5D-F88F-1B786704DA56} - (no file)
O2 - BHO: (no name) - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Driver Detective] C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\Andy.exe
Fix znamená že spustíš HJT
jako adminv okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
NBService
NMIndexingService
dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\tasks\At*.job /s
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\Program Files\Pando Networks
:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"=-
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Re: Prosím o kontrolu
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET23.tmp moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Program Files\Pando Networks\Media Booster\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\Pando Networks\Media Booster folder moved successfully.
C:\Program Files\Pando Networks folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Pando Networks\Media Booster\PMB.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\C:\Program Files\Pando Networks\Media Booster\PMB.exe deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Andy
->Temp folder emptied: 117313447 bytes
->Temporary Internet Files folder emptied: 731357 bytes
->FireFox cache emptied: 230331424 bytes
->Google Chrome cache emptied: 25645275 bytes
->Flash cache emptied: 9844 bytes
User: ASPNET
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Guest
User: HelpAssistant
User: IUSR_PC-30FAE4FA0947
User: IWAM_PC-30FAE4FA0947
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 284877 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34800 bytes
User: Skola
->Temp folder emptied: 983882 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 492 bytes
User: SUPPORT_388945a0
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44717164 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 927163398 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 285,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 03042014_202416
Files moved on Reboot...
C:\Documents and Settings\Andy\Local Settings\Temp\~DF2DF3.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET23.tmp moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Program Files\Pando Networks\Media Booster\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\Pando Networks\Media Booster folder moved successfully.
C:\Program Files\Pando Networks folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Pando Networks\Media Booster\PMB.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\C:\Program Files\Pando Networks\Media Booster\PMB.exe deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Andy
->Temp folder emptied: 117313447 bytes
->Temporary Internet Files folder emptied: 731357 bytes
->FireFox cache emptied: 230331424 bytes
->Google Chrome cache emptied: 25645275 bytes
->Flash cache emptied: 9844 bytes
User: ASPNET
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Guest
User: HelpAssistant
User: IUSR_PC-30FAE4FA0947
User: IWAM_PC-30FAE4FA0947
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 284877 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34800 bytes
User: Skola
->Temp folder emptied: 983882 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 492 bytes
User: SUPPORT_388945a0
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44717164 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 927163398 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 285,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 03042014_202416
Files moved on Reboot...
C:\Documents and Settings\Andy\Local Settings\Temp\~DF2DF3.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Re: Prosím o kontrolu
Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!Roli píše:Zdravím, pouštět si na vlastní pěst ComboFix Ti poradil kdo
tímto po sobě uklidí.
Stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.
Re: Prosím o kontrolu
nikdoRoli píše:Roli píše:Zdravím, pouštět si na vlastní pěst ComboFix Ti poradil kdo
# AdwCleaner v3.020 - Report created 05/03/2014 at 19:51:01
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Andy - PC-30FAE4FA0947
# Running from : C:\Documents and Settings\Andy\Plocha\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\DOCUME~1\Andy\LOCALS~1\Temp\OpenCandy
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v27.0.1 (sk)
[ File : C:\Documents and Settings\Andy\Data aplikací\Mozilla\Firefox\Profiles\h744dkaz.default\prefs.js ]
-\\ Google Chrome v32.0.1700.102
[ File : C:\Documents and Settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [37372 octets] - [04/03/2014 15:03:33]
AdwCleaner[R1].txt - [37433 octets] - [04/03/2014 15:04:46]
AdwCleaner[R2].txt - [1079 octets] - [05/03/2014 19:51:01]
AdwCleaner[S0].txt - [35464 octets] - [04/03/2014 15:05:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1200 octets] ##########
Re: Prosím o kontrolu
Roli píše:Zdravím, pouštět si na vlastní pěst ComboFix Ti poradil kdo
Dobrá tak se na něj vrhnem společně.Andy píše:nikdo
Starou verzi odinstaluj takto, Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Znovu stáhni a ulož na plochu novou verzi ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Prosím o kontrolu
ComboFix 14-03-05.01 - Andy . 03. 2014 21:17:41.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1286 [GMT 1:00]
Running from: c:\documents and settings\Andy\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdfnieppndfdhcgbmhfdlgdjegclkomk_0.localstorage-journal
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdfnieppndfdhcgbmhfdlgdjegclkomk_0.localstorage
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehgeocdpjcohhoejhhgbliglinfhdhoa_0.localstorage-journal
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehgeocdpjcohhoejhhgbliglinfhdhoa_0.localstorage
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\51cb7a8f27c845ba.fb
c:\windows\system32\Cache\54c8ed2eae53a76b.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\6491de1d5aae237d.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6bf515d8ff6893c3.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\78d0cec35d5950ae.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\99f714e2fa4c59eb.fb
c:\windows\system32\Cache\b7ff588ff4aa51c4.fb
c:\windows\system32\Cache\c0ad9b5ead0565e4.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d2991d602fa19e05.fb
c:\windows\system32\Cache\d40fff809744dc85.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d6c958092136277b.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\ff5dedbb9636c96e.fb
.
.
((((((((((((((((((((((((( Files Created from 2014-02-06 to 2014-03-06 )))))))))))))))))))))))))))))))
.
.
2014-03-05 17:24 . 2014-03-05 17:24 -------- d-----w- c:\documents and settings\Andy\Local Settings\Data aplikací\Skype
2014-03-05 17:23 . 2014-03-05 17:23 -------- d-----w- c:\program files\Common Files\Skype
2014-03-05 17:10 . 2014-03-05 17:10 -------- d-----w- c:\program files\ASIO4ALL v2
2014-03-05 17:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2014-03-05 17:10 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\system32\vorbis.acm
2014-03-05 17:09 . 2014-03-05 17:44 -------- d-----w- c:\program files\VstPlugins
2014-03-05 17:09 . 2014-03-05 17:09 -------- d-----w- c:\program files\Outsim
2014-03-05 17:07 . 2014-03-05 17:10 -------- d-----w- c:\program files\Image-Line
2014-03-04 14:03 . 2014-03-05 18:51 -------- d-----w- C:\AdwCleaner
2014-03-03 16:00 . 2014-03-04 19:18 -------- d-----w- c:\program files\trend micro
2014-02-28 15:27 . 2014-02-28 15:29 -------- d-----w- c:\program files\Valve
2014-02-28 15:27 . 2014-02-28 15:27 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-02-28 15:27 . 2014-02-28 15:27 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2014-02-28 15:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-02-28 15:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-02-28 15:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-02-28 15:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-02-28 15:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-02-28 11:28 . 2014-02-28 11:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-02-27 22:59 . 2014-02-27 22:59 -------- d-----w- c:\program files\CCleaner
2014-02-13 12:46 . 2014-02-13 12:46 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2014-02-06 16:32 . 2014-02-06 16:32 -------- d-----w- c:\program files\Lavalys
2014-02-06 16:22 . 2014-02-06 16:22 -------- d-----w- c:\program files\CPUID
2014-02-06 16:18 . 2014-02-06 16:18 -------- d-----w- c:\program files\GPU-Z
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-02 19:54 . 2013-04-14 07:56 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-21 18:14 . 2013-04-11 15:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 18:14 . 2013-04-11 15:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 03:38 . 2008-12-20 22:03 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:08 . 2009-02-14 18:45 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:08 . 2009-02-14 18:44 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 23:08 . 2008-12-20 22:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 22:24 . 2009-02-14 18:44 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2008-04-14 06:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 20:10 . 2014-01-28 13:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 19:46 . 2014-01-28 13:05 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Steam"="c:\program files\Steam\steam.exe" [2014-02-25 1821888]
"7490a"="c:\program files\Qcnxqovfdbldr\jeqblec.exe" [2007-04-13 2449408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"7490a"="c:\program files\Qcnxqovfdbldr\jeqblec.exe" [2007-04-13 2449408]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-26 3814736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Andy\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\2K Games\\Borderlands Game of the Year Edition\\Binaries\\Borderlands.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\xampp\\FileZillaFTP\\FileZillaServer.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\farcry3.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\farcry3_d3d11.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\FC3Updater.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\FC3Editor.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\KBot\\KBot 7.32\\KBotc.exe"=
"c:\\Program Files\\KBot\\KOpenStealth 2.01\\KOpenStealth.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Counter-Strike 1.6\\csko.exe"=
"c:\\Games\\Panzar\\start.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-life\\hl.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\Java\\jdk1.7.0_40\\bin\\java.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Driver Fusion\\DriverFusion.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Orcs Must Die 2\\build\\release\\OrcsMustDie2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Orcs Must Die 2\\build\\game\\OrcsMustDie2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Magicka\\Magicka.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sanctum2\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\GarrysMod\\hl2.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Non-Steam\\hl.exe"=
"c:\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58022:TCP"= 58022:TCP:Pando Media Booster
"58022:UDP"= 58022:UDP:Pando Media Booster
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [11. 4. 2013 16:28 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [11. 4. 2013 16:28 175176]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [13. 5. 2013 18:35 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11. 4. 2013 16:28 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11. 4. 2013 16:28 369584]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [14. 4. 2013 8:56 42784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14. 4. 2013 22:54 242240]
R2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe [28. 4. 2013 20:49 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11. 4. 2013 16:28 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11. 4. 2013 16:28 66336]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [26. 2. 2014 19:57 1678672]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [26. 2. 2014 9:50 375056]
R2 MSSQL$P4STORY;SQL Server (P4STORY);c:\program files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\sqlservr.exe [24. 4. 2011 0:33 42872672]
R2 MSSQL$PSTORY;SQL Server (PSTORY);c:\program files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\sqlservr.exe [24. 4. 2011 0:33 42872672]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10. 7. 2013 18:33 793048]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9. 10. 2013 10:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23. 10. 2013 8:15 172192]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [28. 4. 2013 20:48 60928]
S3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.2\dbk32.sys [13. 4. 2013 23:04 74112]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Andy\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Andy\LOCALS~1\Temp\GPU-Z.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19. 2. 2010 13:37 517096]
S3 TCTRL_GSP;TCTRL_GSP;c:\tservices_gsp\TControlSvr.exe [18. 5. 2013 20:07 221184]
S3 TLOGIN_GSP;TLOGIN_GSP;c:\tservices_gsp\TLoginSvr.exe [18. 5. 2013 20:07 159744]
S3 TMAP_GSP;TMAP_GSP;c:\tservices_gsp\TMapSvr.exe [18. 5. 2013 20:07 1142784]
S3 TRELAY_GSP;TRELAY_GSP;c:\tservices_gsp\TRelaySvr.exe [18. 5. 2013 20:07 159744]
S3 TWORLD_GSP;TWORLD_GSP;c:\tservices_gsp\TWorldSvr.exe [18. 5. 2013 20:07 602112]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3. 4. 2010 10:56 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30. 3. 2009 2:09 239336]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [3. 4. 2010 10:02 240608]
S4 SQLAgent$P4STORY;SQL Server Agent (P4STORY);c:\program files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\SQLAGENT.EXE [24. 4. 2011 0:33 367456]
S4 SQLAgent$PSTORY;SQL Server Agent (PSTORY);c:\program files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\SQLAGENT.EXE [24. 4. 2011 0:33 367456]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30. 3. 2009 2:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 18:30 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 18:14]
.
2014-03-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-11 08:58]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMRules.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMScan.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMUpdater.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2014-03-06 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2013-07-10 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 127.0.0.1:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 88.83.231.2
FF - ProfilePath - c:\documents and settings\Andy\Data aplikací\Mozilla\Firefox\Profiles\h744dkaz.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{fe885e3d} - c:\progra~1\GS-Enabler\Assistant.dll
AddRemove-Free Mahjong Games - c:\documents and settings\Andy\Local Settings\Data aplikací\WebPlayer\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-06 21:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2014-03-06 21:25:56
ComboFix-quarantined-files.txt 2014-03-06 20:25
.
Pre-Run: Volných bajtů: 14 952 824 832
Post-Run: Volných bajtů: 14 911 586 304
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - A398C1DC4B8716D9EDC10EC86E1733E3
413FC2A0C716421B3158746D63736515
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1286 [GMT 1:00]
Running from: c:\documents and settings\Andy\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdfnieppndfdhcgbmhfdlgdjegclkomk_0.localstorage-journal
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdfnieppndfdhcgbmhfdlgdjegclkomk_0.localstorage
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehgeocdpjcohhoejhhgbliglinfhdhoa_0.localstorage-journal
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehgeocdpjcohhoejhhgbliglinfhdhoa_0.localstorage
c:\documents and settings\Andy\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\51cb7a8f27c845ba.fb
c:\windows\system32\Cache\54c8ed2eae53a76b.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\6491de1d5aae237d.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6bf515d8ff6893c3.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\78d0cec35d5950ae.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\99f714e2fa4c59eb.fb
c:\windows\system32\Cache\b7ff588ff4aa51c4.fb
c:\windows\system32\Cache\c0ad9b5ead0565e4.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d2991d602fa19e05.fb
c:\windows\system32\Cache\d40fff809744dc85.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d6c958092136277b.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\ff5dedbb9636c96e.fb
.
.
((((((((((((((((((((((((( Files Created from 2014-02-06 to 2014-03-06 )))))))))))))))))))))))))))))))
.
.
2014-03-05 17:24 . 2014-03-05 17:24 -------- d-----w- c:\documents and settings\Andy\Local Settings\Data aplikací\Skype
2014-03-05 17:23 . 2014-03-05 17:23 -------- d-----w- c:\program files\Common Files\Skype
2014-03-05 17:10 . 2014-03-05 17:10 -------- d-----w- c:\program files\ASIO4ALL v2
2014-03-05 17:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2014-03-05 17:10 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\system32\vorbis.acm
2014-03-05 17:09 . 2014-03-05 17:44 -------- d-----w- c:\program files\VstPlugins
2014-03-05 17:09 . 2014-03-05 17:09 -------- d-----w- c:\program files\Outsim
2014-03-05 17:07 . 2014-03-05 17:10 -------- d-----w- c:\program files\Image-Line
2014-03-04 14:03 . 2014-03-05 18:51 -------- d-----w- C:\AdwCleaner
2014-03-03 16:00 . 2014-03-04 19:18 -------- d-----w- c:\program files\trend micro
2014-02-28 15:27 . 2014-02-28 15:29 -------- d-----w- c:\program files\Valve
2014-02-28 15:27 . 2014-02-28 15:27 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-02-28 15:27 . 2014-02-28 15:27 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2014-02-28 15:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-02-28 15:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-02-28 15:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-02-28 15:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-02-28 15:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-02-28 11:28 . 2014-02-28 11:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-02-27 22:59 . 2014-02-27 22:59 -------- d-----w- c:\program files\CCleaner
2014-02-13 12:46 . 2014-02-13 12:46 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2014-02-06 16:32 . 2014-02-06 16:32 -------- d-----w- c:\program files\Lavalys
2014-02-06 16:22 . 2014-02-06 16:22 -------- d-----w- c:\program files\CPUID
2014-02-06 16:18 . 2014-02-06 16:18 -------- d-----w- c:\program files\GPU-Z
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-02 19:54 . 2013-04-14 07:56 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-21 18:14 . 2013-04-11 15:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 18:14 . 2013-04-11 15:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 03:38 . 2008-12-20 22:03 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:08 . 2009-02-14 18:45 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:08 . 2009-02-14 18:44 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 23:08 . 2008-12-20 22:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 22:24 . 2009-02-14 18:44 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2008-04-14 06:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 20:10 . 2014-01-28 13:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 19:46 . 2014-01-28 13:05 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Steam"="c:\program files\Steam\steam.exe" [2014-02-25 1821888]
"7490a"="c:\program files\Qcnxqovfdbldr\jeqblec.exe" [2007-04-13 2449408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"7490a"="c:\program files\Qcnxqovfdbldr\jeqblec.exe" [2007-04-13 2449408]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-26 3814736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Andy\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\2K Games\\Borderlands Game of the Year Edition\\Binaries\\Borderlands.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\xampp\\FileZillaFTP\\FileZillaServer.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\farcry3.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\farcry3_d3d11.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\FC3Updater.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\FC3Editor.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\KBot\\KBot 7.32\\KBotc.exe"=
"c:\\Program Files\\KBot\\KOpenStealth 2.01\\KOpenStealth.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Counter-Strike 1.6\\csko.exe"=
"c:\\Games\\Panzar\\start.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-life\\hl.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\Java\\jdk1.7.0_40\\bin\\java.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Driver Fusion\\DriverFusion.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Orcs Must Die 2\\build\\release\\OrcsMustDie2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Orcs Must Die 2\\build\\game\\OrcsMustDie2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Magicka\\Magicka.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sanctum2\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\GarrysMod\\hl2.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Non-Steam\\hl.exe"=
"c:\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58022:TCP"= 58022:TCP:Pando Media Booster
"58022:UDP"= 58022:UDP:Pando Media Booster
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [11. 4. 2013 16:28 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [11. 4. 2013 16:28 175176]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [13. 5. 2013 18:35 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11. 4. 2013 16:28 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11. 4. 2013 16:28 369584]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [14. 4. 2013 8:56 42784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14. 4. 2013 22:54 242240]
R2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe [28. 4. 2013 20:49 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11. 4. 2013 16:28 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11. 4. 2013 16:28 66336]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [26. 2. 2014 19:57 1678672]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [26. 2. 2014 9:50 375056]
R2 MSSQL$P4STORY;SQL Server (P4STORY);c:\program files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\sqlservr.exe [24. 4. 2011 0:33 42872672]
R2 MSSQL$PSTORY;SQL Server (PSTORY);c:\program files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\sqlservr.exe [24. 4. 2011 0:33 42872672]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10. 7. 2013 18:33 793048]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9. 10. 2013 10:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23. 10. 2013 8:15 172192]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [28. 4. 2013 20:48 60928]
S3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.2\dbk32.sys [13. 4. 2013 23:04 74112]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Andy\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Andy\LOCALS~1\Temp\GPU-Z.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19. 2. 2010 13:37 517096]
S3 TCTRL_GSP;TCTRL_GSP;c:\tservices_gsp\TControlSvr.exe [18. 5. 2013 20:07 221184]
S3 TLOGIN_GSP;TLOGIN_GSP;c:\tservices_gsp\TLoginSvr.exe [18. 5. 2013 20:07 159744]
S3 TMAP_GSP;TMAP_GSP;c:\tservices_gsp\TMapSvr.exe [18. 5. 2013 20:07 1142784]
S3 TRELAY_GSP;TRELAY_GSP;c:\tservices_gsp\TRelaySvr.exe [18. 5. 2013 20:07 159744]
S3 TWORLD_GSP;TWORLD_GSP;c:\tservices_gsp\TWorldSvr.exe [18. 5. 2013 20:07 602112]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3. 4. 2010 10:56 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30. 3. 2009 2:09 239336]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [3. 4. 2010 10:02 240608]
S4 SQLAgent$P4STORY;SQL Server Agent (P4STORY);c:\program files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\SQLAGENT.EXE [24. 4. 2011 0:33 367456]
S4 SQLAgent$PSTORY;SQL Server Agent (PSTORY);c:\program files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\SQLAGENT.EXE [24. 4. 2011 0:33 367456]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30. 3. 2009 2:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 18:30 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 18:14]
.
2014-03-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-11 08:58]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMRules.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMScan.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMUpdater.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2014-03-06 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2013-07-10 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 127.0.0.1:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 88.83.231.2
FF - ProfilePath - c:\documents and settings\Andy\Data aplikací\Mozilla\Firefox\Profiles\h744dkaz.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{fe885e3d} - c:\progra~1\GS-Enabler\Assistant.dll
AddRemove-Free Mahjong Games - c:\documents and settings\Andy\Local Settings\Data aplikací\WebPlayer\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-06 21:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2014-03-06 21:25:56
ComboFix-quarantined-files.txt 2014-03-06 20:25
.
Pre-Run: Volných bajtů: 14 952 824 832
Post-Run: Volných bajtů: 14 911 586 304
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - A398C1DC4B8716D9EDC10EC86E1733E3
413FC2A0C716421B3158746D63736515
Re: Prosím o kontrolu
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
Folder::
c:\program files\Qcnxqovfdbldr
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7490a"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7490a"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58022:TCP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58022:UDP"=-
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Prosím o kontrolu
ComboFix 14-03-05.01 - Andy . 03. 2014 18:25:59.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1118 [GMT 1:00]
Running from: c:\documents and settings\Andy\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Andy\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Qcnxqovfdbldr
c:\program files\Qcnxqovfdbldr\help.chm
c:\program files\Qcnxqovfdbldr\jeqblec.exe
c:\program files\Qcnxqovfdbldr\Log\Text\aiotxt.dat
c:\program files\Qcnxqovfdbldr\Log\Text\aioweb.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01102014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01112014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01122014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01132014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01142014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01152014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01162014.dat
c:\program files\Qcnxqovfdbldr\unins000.dat
c:\program files\Qcnxqovfdbldr\unins000.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-07 to 2014-03-07 )))))))))))))))))))))))))))))))
.
.
2014-03-07 12:06 . 2014-03-07 12:06 -------- d-----w- c:\windows\system32\xircom
2014-03-07 12:06 . 2014-03-07 12:06 -------- d-----w- c:\windows\system32\wbem\snmp
2014-03-07 12:06 . 2014-03-07 12:06 -------- d-----w- c:\program files\microsoft frontpage
2014-03-06 21:41 . 2014-03-06 21:41 -------- d-sh--w- c:\documents and settings\Andy\IECompatCache
2014-03-05 17:24 . 2014-03-05 17:24 -------- d-----w- c:\documents and settings\Andy\Local Settings\Data aplikací\Skype
2014-03-05 17:23 . 2014-03-05 17:23 -------- d-----w- c:\program files\Common Files\Skype
2014-03-05 17:10 . 2014-03-05 17:10 -------- d-----w- c:\program files\ASIO4ALL v2
2014-03-05 17:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2014-03-05 17:10 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\system32\vorbis.acm
2014-03-05 17:09 . 2014-03-05 17:44 -------- d-----w- c:\program files\VstPlugins
2014-03-05 17:09 . 2014-03-05 17:09 -------- d-----w- c:\program files\Outsim
2014-03-05 17:07 . 2014-03-05 17:10 -------- d-----w- c:\program files\Image-Line
2014-03-04 14:03 . 2014-03-05 18:51 -------- d-----w- C:\AdwCleaner
2014-03-03 16:00 . 2014-03-04 19:18 -------- d-----w- c:\program files\trend micro
2014-02-28 15:27 . 2014-02-28 15:29 -------- d-----w- c:\program files\Valve
2014-02-28 15:27 . 2014-02-28 15:27 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-02-28 15:27 . 2014-02-28 15:27 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2014-02-28 15:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-02-28 15:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-02-28 15:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-02-28 15:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-02-28 15:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-02-28 11:28 . 2014-02-28 11:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-02-27 22:59 . 2014-02-27 22:59 -------- d-----w- c:\program files\CCleaner
2014-02-13 12:46 . 2014-02-13 12:46 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2014-02-06 16:32 . 2014-02-06 16:32 -------- d-----w- c:\program files\Lavalys
2014-02-06 16:22 . 2014-02-06 16:22 -------- d-----w- c:\program files\CPUID
2014-02-06 16:18 . 2014-02-06 16:18 -------- d-----w- c:\program files\GPU-Z
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-02 19:54 . 2013-04-14 07:56 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-21 18:14 . 2013-04-11 15:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 18:14 . 2013-04-11 15:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 03:38 . 2008-12-20 22:03 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:08 . 2009-02-14 18:45 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:08 . 2009-02-14 18:44 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 23:08 . 2008-12-20 22:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 22:24 . 2009-02-14 18:44 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2008-04-14 06:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 20:10 . 2014-01-28 13:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 19:46 . 2014-01-28 13:05 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Steam"="c:\program files\Steam\steam.exe" [2014-02-25 1821888]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-26 3814736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Andy\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\2K Games\\Borderlands Game of the Year Edition\\Binaries\\Borderlands.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\xampp\\FileZillaFTP\\FileZillaServer.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\farcry3.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\farcry3_d3d11.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\FC3Updater.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\FC3Editor.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\KBot\\KBot 7.32\\KBotc.exe"=
"c:\\Program Files\\KBot\\KOpenStealth 2.01\\KOpenStealth.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Counter-Strike 1.6\\csko.exe"=
"c:\\Games\\Panzar\\start.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-life\\hl.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\Java\\jdk1.7.0_40\\bin\\java.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Driver Fusion\\DriverFusion.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Orcs Must Die 2\\build\\release\\OrcsMustDie2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Orcs Must Die 2\\build\\game\\OrcsMustDie2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Magicka\\Magicka.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sanctum2\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\GarrysMod\\hl2.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Non-Steam\\hl.exe"=
"c:\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [11. 4. 2013 16:28 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [11. 4. 2013 16:28 175176]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [13. 5. 2013 18:35 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11. 4. 2013 16:28 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11. 4. 2013 16:28 369584]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [14. 4. 2013 8:56 42784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14. 4. 2013 22:54 242240]
R2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe [28. 4. 2013 20:49 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11. 4. 2013 16:28 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11. 4. 2013 16:28 66336]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [26. 2. 2014 19:57 1678672]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [26. 2. 2014 9:50 375056]
R2 MSSQL$P4STORY;SQL Server (P4STORY);c:\program files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\sqlservr.exe [24. 4. 2011 0:33 42872672]
R2 MSSQL$PSTORY;SQL Server (PSTORY);c:\program files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\sqlservr.exe [24. 4. 2011 0:33 42872672]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10. 7. 2013 18:33 793048]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9. 10. 2013 10:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23. 10. 2013 8:15 172192]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [28. 4. 2013 20:48 60928]
S3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.2\dbk32.sys [13. 4. 2013 23:04 74112]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Andy\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Andy\LOCALS~1\Temp\GPU-Z.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19. 2. 2010 13:37 517096]
S3 TCTRL_GSP;TCTRL_GSP;c:\tservices_gsp\TControlSvr.exe [18. 5. 2013 20:07 221184]
S3 TLOGIN_GSP;TLOGIN_GSP;c:\tservices_gsp\TLoginSvr.exe [18. 5. 2013 20:07 159744]
S3 TMAP_GSP;TMAP_GSP;c:\tservices_gsp\TMapSvr.exe [18. 5. 2013 20:07 1142784]
S3 TRELAY_GSP;TRELAY_GSP;c:\tservices_gsp\TRelaySvr.exe [18. 5. 2013 20:07 159744]
S3 TWORLD_GSP;TWORLD_GSP;c:\tservices_gsp\TWorldSvr.exe [18. 5. 2013 20:07 602112]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3. 4. 2010 10:56 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30. 3. 2009 2:09 239336]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [3. 4. 2010 10:02 240608]
S4 SQLAgent$P4STORY;SQL Server Agent (P4STORY);c:\program files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\SQLAGENT.EXE [24. 4. 2011 0:33 367456]
S4 SQLAgent$PSTORY;SQL Server Agent (PSTORY);c:\program files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\SQLAGENT.EXE [24. 4. 2011 0:33 367456]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30. 3. 2009 2:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 18:30 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 18:14]
.
2014-03-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-11 08:58]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMRules.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMScan.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMUpdater.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2014-03-06 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2013-07-10 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 127.0.0.1:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 88.83.231.2
FF - ProfilePath - c:\documents and settings\Andy\Data aplikací\Mozilla\Firefox\Profiles\h744dkaz.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PcjC9fsev_is1 - c:\program files\Qcnxqovfdbldr\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-07 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2014-03-07 18:36:55
ComboFix-quarantined-files.txt 2014-03-07 17:36
ComboFix2.txt 2014-03-06 20:25
.
Pre-Run: Volných bajtů: 14 706 458 624
Post-Run: Volných bajtů: 14 699 782 144
.
- - End Of File - - 2A58ED219F34A5FA407D3AE6765A9581
413FC2A0C716421B3158746D63736515
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1118 [GMT 1:00]
Running from: c:\documents and settings\Andy\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Andy\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Qcnxqovfdbldr
c:\program files\Qcnxqovfdbldr\help.chm
c:\program files\Qcnxqovfdbldr\jeqblec.exe
c:\program files\Qcnxqovfdbldr\Log\Text\aiotxt.dat
c:\program files\Qcnxqovfdbldr\Log\Text\aioweb.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01102014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01112014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01122014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01132014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01142014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01152014.dat
c:\program files\Qcnxqovfdbldr\Log\Visual\01162014.dat
c:\program files\Qcnxqovfdbldr\unins000.dat
c:\program files\Qcnxqovfdbldr\unins000.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-07 to 2014-03-07 )))))))))))))))))))))))))))))))
.
.
2014-03-07 12:06 . 2014-03-07 12:06 -------- d-----w- c:\windows\system32\xircom
2014-03-07 12:06 . 2014-03-07 12:06 -------- d-----w- c:\windows\system32\wbem\snmp
2014-03-07 12:06 . 2014-03-07 12:06 -------- d-----w- c:\program files\microsoft frontpage
2014-03-06 21:41 . 2014-03-06 21:41 -------- d-sh--w- c:\documents and settings\Andy\IECompatCache
2014-03-05 17:24 . 2014-03-05 17:24 -------- d-----w- c:\documents and settings\Andy\Local Settings\Data aplikací\Skype
2014-03-05 17:23 . 2014-03-05 17:23 -------- d-----w- c:\program files\Common Files\Skype
2014-03-05 17:10 . 2014-03-05 17:10 -------- d-----w- c:\program files\ASIO4ALL v2
2014-03-05 17:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2014-03-05 17:10 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\system32\vorbis.acm
2014-03-05 17:09 . 2014-03-05 17:44 -------- d-----w- c:\program files\VstPlugins
2014-03-05 17:09 . 2014-03-05 17:09 -------- d-----w- c:\program files\Outsim
2014-03-05 17:07 . 2014-03-05 17:10 -------- d-----w- c:\program files\Image-Line
2014-03-04 14:03 . 2014-03-05 18:51 -------- d-----w- C:\AdwCleaner
2014-03-03 16:00 . 2014-03-04 19:18 -------- d-----w- c:\program files\trend micro
2014-02-28 15:27 . 2014-02-28 15:29 -------- d-----w- c:\program files\Valve
2014-02-28 15:27 . 2014-02-28 15:27 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-02-28 15:27 . 2014-02-28 15:27 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2014-02-28 15:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-02-28 15:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-02-28 15:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-02-28 15:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-02-28 15:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-02-28 11:28 . 2014-02-28 11:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-02-27 22:59 . 2014-02-27 22:59 -------- d-----w- c:\program files\CCleaner
2014-02-13 12:46 . 2014-02-13 12:46 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2014-02-06 16:32 . 2014-02-06 16:32 -------- d-----w- c:\program files\Lavalys
2014-02-06 16:22 . 2014-02-06 16:22 -------- d-----w- c:\program files\CPUID
2014-02-06 16:18 . 2014-02-06 16:18 -------- d-----w- c:\program files\GPU-Z
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-02 19:54 . 2013-04-14 07:56 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-21 18:14 . 2013-04-11 15:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 18:14 . 2013-04-11 15:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 03:38 . 2008-12-20 22:03 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:08 . 2009-02-14 18:45 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:08 . 2009-02-14 18:44 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 23:08 . 2008-12-20 22:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 22:24 . 2009-02-14 18:44 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2008-04-14 06:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 20:10 . 2014-01-28 13:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 19:46 . 2014-01-28 13:05 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Steam"="c:\program files\Steam\steam.exe" [2014-02-25 1821888]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-26 3814736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Andy\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\2K Games\\Borderlands Game of the Year Edition\\Binaries\\Borderlands.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\xampp\\FileZillaFTP\\FileZillaServer.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\farcry3.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\farcry3_d3d11.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\FC3Updater.exe"=
"c:\\Program Files\\Ubisoft\\FarCry 3\\bin\\FC3Editor.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\KBot\\KBot 7.32\\KBotc.exe"=
"c:\\Program Files\\KBot\\KOpenStealth 2.01\\KOpenStealth.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Counter-Strike 1.6\\csko.exe"=
"c:\\Games\\Panzar\\start.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Half-life\\hl.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\Java\\jdk1.7.0_40\\bin\\java.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Driver Fusion\\DriverFusion.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Orcs Must Die 2\\build\\release\\OrcsMustDie2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Orcs Must Die 2\\build\\game\\OrcsMustDie2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Magicka\\Magicka.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sanctum2\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\GarrysMod\\hl2.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Non-Steam\\hl.exe"=
"c:\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [11. 4. 2013 16:28 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [11. 4. 2013 16:28 175176]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [13. 5. 2013 18:35 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11. 4. 2013 16:28 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11. 4. 2013 16:28 369584]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [14. 4. 2013 8:56 42784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14. 4. 2013 22:54 242240]
R2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe [28. 4. 2013 20:49 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11. 4. 2013 16:28 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11. 4. 2013 16:28 66336]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [26. 2. 2014 19:57 1678672]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [26. 2. 2014 9:50 375056]
R2 MSSQL$P4STORY;SQL Server (P4STORY);c:\program files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\sqlservr.exe [24. 4. 2011 0:33 42872672]
R2 MSSQL$PSTORY;SQL Server (PSTORY);c:\program files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\sqlservr.exe [24. 4. 2011 0:33 42872672]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10. 7. 2013 18:33 793048]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9. 10. 2013 10:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23. 10. 2013 8:15 172192]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [28. 4. 2013 20:48 60928]
S3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.2\dbk32.sys [13. 4. 2013 23:04 74112]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Andy\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Andy\LOCALS~1\Temp\GPU-Z.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19. 2. 2010 13:37 517096]
S3 TCTRL_GSP;TCTRL_GSP;c:\tservices_gsp\TControlSvr.exe [18. 5. 2013 20:07 221184]
S3 TLOGIN_GSP;TLOGIN_GSP;c:\tservices_gsp\TLoginSvr.exe [18. 5. 2013 20:07 159744]
S3 TMAP_GSP;TMAP_GSP;c:\tservices_gsp\TMapSvr.exe [18. 5. 2013 20:07 1142784]
S3 TRELAY_GSP;TRELAY_GSP;c:\tservices_gsp\TRelaySvr.exe [18. 5. 2013 20:07 159744]
S3 TWORLD_GSP;TWORLD_GSP;c:\tservices_gsp\TWorldSvr.exe [18. 5. 2013 20:07 602112]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3. 4. 2010 10:56 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30. 3. 2009 2:09 239336]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [3. 4. 2010 10:02 240608]
S4 SQLAgent$P4STORY;SQL Server Agent (P4STORY);c:\program files\Microsoft SQL Server\MSSQL10_50.P4STORY\MSSQL\Binn\SQLAGENT.EXE [24. 4. 2011 0:33 367456]
S4 SQLAgent$PSTORY;SQL Server Agent (PSTORY);c:\program files\Microsoft SQL Server\MSSQL10_50.PSTORY\MSSQL\Binn\SQLAGENT.EXE [24. 4. 2011 0:33 367456]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30. 3. 2009 2:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 18:30 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 18:14]
.
2014-03-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-11 08:58]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMRules.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMScan.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2013-05-23 c:\windows\Tasks\Driver Detective-RTMUpdater.job
- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-05-01 12:36]
.
2014-03-06 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2013-07-10 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 127.0.0.1:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 88.83.231.2
FF - ProfilePath - c:\documents and settings\Andy\Data aplikací\Mozilla\Firefox\Profiles\h744dkaz.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PcjC9fsev_is1 - c:\program files\Qcnxqovfdbldr\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-07 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2014-03-07 18:36:55
ComboFix-quarantined-files.txt 2014-03-07 17:36
ComboFix2.txt 2014-03-06 20:25
.
Pre-Run: Volných bajtů: 14 706 458 624
Post-Run: Volných bajtů: 14 699 782 144
.
- - End Of File - - 2A58ED219F34A5FA407D3AE6765A9581
413FC2A0C716421B3158746D63736515
Re: Prosím o kontrolu
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Re: Prosím o kontrolu
Tak stav PC- rozhodne sa to zlepšilo, síce nemôžem povedať , že je nejak extra rýchly ale to je tým, že to nieje zrovna najnovší stroj 
Zaujímavou vecou je, že sa mi rýchlosť internetu zväčšila 3násobne, doteraz som mával maximálne 10 Mbps(a to tak raz za pol roka ) a ping niekedy až 300, teraz odrazu mi to pravidelne meria medzi 20 - 30 Mbps a ping 20 -50 . Je možné , že sa kvôli tomu prečisteniu internet tak zrýchlil?
A Ďakujem za za kontrolu.
Zaujímavou vecou je, že sa mi rýchlosť internetu zväčšila 3násobne, doteraz som mával maximálne 10 Mbps(a to tak raz za pol roka ) a ping niekedy až 300, teraz odrazu mi to pravidelne meria medzi 20 - 30 Mbps a ping 20 -50 . Je možné , že sa kvôli tomu prečisteniu internet tak zrýchlil? A Ďakujem za za kontrolu.
Re: Prosím o kontrolu
To určitě, protože jsi tam měl pár neřádů které jsme smázli.Andy píše:Je možné , že sa kvôli tomu prečisteniu internet tak zrýchlil?
Není zač aAndy píše:A Ďakujem za za kontrolu.
Přispějete na provoz fóra?