Addition:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
Ran by PC at 2015-02-28 11:27:22
Running from C:\Documents and Settings\PC\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1275210071-861567501-842925246-1003\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Slovak (HKLM\...\{AC76BA86-7AD7-1051-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Counter-Strike 1.6 Non-Steam v42b (HKLM\...\Counter-Strike 1.6 Non-Steam v42b Full Client_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
EAX Unified (HKLM\...\EAX Unified) (Version: - )
GameRanger (HKU\S-1-5-21-1275210071-861567501-842925246-1003\...\GameRanger) (Version: - GameRanger Technologies)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Spoločnosť Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Gothic II - Modification Development Kit (HKLM\...\G2MDK) (Version: 2.6 - Piranha Bytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 sk) (HKLM\...\Mozilla Firefox 35.0.1 (x86 sk)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Platform (Version: 1.6 - VIA Technologies, Inc.) Hidden
Praetorians (HKLM\...\{AAC8AF92-DAEC-45D2-B77D-36699E3751A9}) (Version: - Pyro Studios)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.34 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SimCity 3000 (HKLM\...\SimCity 3000) (Version: - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.6 - VIA Technologies, Inc.)
VIA/S3G Display Driver 6.14.10.0380 (HKLM\...\VIA/S3G UniChrome Family Win2K/XP/Server2003 Display) (Version: - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
21-02-2015 18:30:57 avast! antivirus system restore point
22-02-2015 11:48:48 Revo Uninstaller's restore point - Avast Free Antivirus
22-02-2015 12:24:01 Revo Uninstaller's restore point - Avast Free Antivirus
22-02-2015 12:25:10 Revo Uninstaller's restore point - Avast Free Antivirus
22-02-2015 12:25:36 Revo Uninstaller's restore point - Avast Free Antivirus
22-02-2015 12:27:11 Revo Uninstaller's restore point - Avast Free Antivirus
22-02-2015 12:30:04 Revo Uninstaller's restore point - Avast Free Antivirus
22-02-2015 12:30:58 avast! antivirus system restore point
22-02-2015 12:41:47 Revo Uninstaller's restore point - Avast Free Antivirus
22-02-2015 12:43:38 avast! antivirus system restore point
25-02-2015 15:33:03 ComboFix created restore point
28-02-2015 11:10:14 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-18 12:00 - 2015-02-25 15:43 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-01-27 16:04 - 2015-01-27 16:05 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1275210071-861567501-842925246-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Pozadie plochy.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1275210071-861567501-842925246-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1275210071-861567501-842925246-1589 - Limited - Enabled)
Guest (S-1-5-21-1275210071-861567501-842925246-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1275210071-861567501-842925246-1000 - Limited - Disabled)
PC (S-1-5-21-1275210071-861567501-842925246-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\PC
SUPPORT_388945a0 (S-1-5-21-1275210071-861567501-842925246-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/21/2015 03:08:32 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <
http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Toto sieťové pripojenie neexistuje.
Error: (02/21/2015 03:08:32 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <
http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Nie je možné rozoznať názov servera alebo adresu
Error: (02/08/2015 03:23:17 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <
http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Operácia sa vrátila, pretože uplynul časový limit.
Error: (01/29/2015 08:46:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Zlyhanie aplikácie plugin-container.exe, verzia 35.0.1.5500, zlyhanie modulu mozalloc.dll, verzia 35.0.1.5500, adresa zlyhania 0x00001425.
Spracováva sa udalosť viažuca sa konkrétne médium pre [plugin-container.exe!ws!]
Error: (01/08/2015 06:38:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia Gothic2.exe, verzia 2.6.0.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error: (01/01/2015 04:01:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Zlyhanie aplikácie hl.exe, verzia 1.1.0.8, zlyhanie modulu unknown, verzia 0.0.0.0, adresa zlyhania 0x00000000.
Spracováva sa udalosť viažuca sa konkrétne médium pre [hl.exe!ws!]
Error: (12/31/2014 06:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Zlyhanie aplikácie hl.exe, verzia 1.1.0.8, zlyhanie modulu unknown, verzia 0.0.0.0, adresa zlyhania 0x00000000.
Spracováva sa udalosť viažuca sa konkrétne médium pre [hl.exe!ws!]
Error: (12/31/2014 10:18:44 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <
http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Operácia sa vrátila, pretože uplynul časový limit.
Error: (12/30/2014 11:57:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Zlyhanie aplikácie cracktro.exe, verzia 0.0.0.0, zlyhanie modulu unknown, verzia 0.0.0.0, adresa zlyhania 0x00000000.
Spracováva sa udalosť viažuca sa konkrétne médium pre [cracktro.exe!ws!]
Error: (12/29/2014 02:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Zlyhanie aplikácie cracktro.exe, verzia 0.0.0.0, zlyhanie modulu unknown, verzia 0.0.0.0, adresa zlyhania 0x00000000.
Spracováva sa udalosť viažuca sa konkrétne médium pre [cracktro.exe!ws!]
System errors:
=============
Error: (02/25/2015 03:34:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát.
Error: (02/25/2015 03:34:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Application Layer Gateway Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát.
Error: (02/21/2015 07:04:47 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: Certifikát prijatý zo vzdialeného servera sa neoveril správne. Kód
chyby je 0x80092013. Žiadosť o vytvorenie pripojenia SSL zlyhala. Priložené údaje
obsahujú certifikát servera.
Error: (02/21/2015 06:45:15 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1
Error: (02/21/2015 03:11:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Server DCOM zistil chybu %%1084 pri pokuse spustiť službu EventSystem s argumentmi
potrebnú na spustenie servera:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (02/21/2015 03:09:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
AFD
aswRdr
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
Error: (02/21/2015 03:09:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby IPSEC driver, od ktorej závisí služba IPSEC Services, zlyhalo kvôli nasledujúcej chybe:
%%31
Error: (02/21/2015 03:09:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby AFD, od ktorej závisí služba TCP/IP NetBIOS Helper, zlyhalo kvôli nasledujúcej chybe:
%%31
Error: (02/21/2015 03:09:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby TCP/IP Protocol Driver, od ktorej závisí služba DNS Client, zlyhalo kvôli nasledujúcej chybe:
%%31
Error: (02/21/2015 03:09:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby NetBios over Tcpip, od ktorej závisí služba DHCP Client, zlyhalo kvôli nasledujúcej chybe:
%%31
Microsoft Office Sessions:
=========================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by PC (administrator) on PC-FEC689E48AF7 on 28-02-2015 11:23:59
Running from C:\Documents and Settings\PC\Desktop
Loaded Profiles: PC (Available profiles: PC & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Angličtina (USA)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
(VIA Technologies) C:\Program Files\VIA\RAID\raid_tool.exe
(S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe
(S3 Graphics Co., Ltd.) C:\WINDOWS\system32\VTTrayp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RaidTool] => C:\Program Files\VIA\RAID\raid_tool.exe [589824 2004-10-11] (VIA Technologies)
HKLM\...\Run: [VTTimer] => C:\WINDOWS\system32\VTTimer.exe [53248 2006-09-22] (S3 Graphics, Inc.)
HKLM\...\Run: [VTTrayp] => C:\WINDOWS\system32\VTtrayp.exe [200704 2007-08-28] (S3 Graphics Co., Ltd.)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1275210071-861567501-842925246-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1275210071-861567501-842925246-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.fargus.com/
HKU\S-1-5-21-1275210071-861567501-842925246-1003\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKU\S-1-5-21-1275210071-861567501-842925246-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1275210071-861567501-842925246-1003 -> {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\707t82jd.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=48&cc=&mi=b07356860000000000000019db5e7710
CHR StartupUrls: Default -> "hxxp://
www.google.sk/"
CHR DefaultSearchKeyword: Default -> softonic
CHR DefaultSearchURL: Default ->
http://search.softonic.com/INF00176/tb_ ... 19db5e7710
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.91\pdf.dll No File
CHR Plugin: (Delta Toolbar) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\DeltaChromeToolbar.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-06]
CHR Extension: (Google Drive) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-02]
CHR Extension: (YouTube) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-06]
CHR Extension: (Google Search) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-06]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Gmail) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2013-11-30] (Disc Soft Ltd)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [25280 2013-10-14] (LogMeIn, Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [324096 2013-11-30] (Duplex Secure Ltd.)
R2 SVKP; C:\WINDOWS\system32\SVKP.sys [2368 2013-05-08] (AntiCracking) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project)
R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [283008 2007-09-28] (Copyright (C) VIA/S3 Graphics Co, Ltd.)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [60672 2004-07-07] (VIA Technologies inc,.ltd)
U3 att9j8g7; C:\WINDOWS\system32\Drivers\att9j8g7.sys [0 ] (VIA Technologies inc,.ltd) <==== ATTENTION (zero size file/folder)
S3 AIDA64Driver; \??\E:\AIDA64\kerneld.x32 [X]
R3 catchme; \??\C:\DOCUME~1\PC\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-28 11:23 - 2015-02-28 11:23 - 00000000 ____D () C:\Documents and Settings\PC\Desktop\FRST-OlderVersion
2015-02-28 11:21 - 2015-02-28 11:24 - 00000000 ____D () C:\Documents and Settings\PC\Local Settings\temp
2015-02-28 11:21 - 2015-02-28 11:21 - 00006686 _____ () C:\ComboFix.txt
2015-02-28 11:21 - 2015-02-28 11:21 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-02-28 11:21 - 2015-02-28 11:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-02-28 11:21 - 2015-02-28 11:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-02-28 10:47 - 2015-02-28 10:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini022815-01.dmp
2015-02-25 15:41 - 2015-02-25 15:41 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-02-25 15:41 - 2015-02-25 15:41 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-02-25 15:41 - 2015-02-25 15:41 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-02-25 15:41 - 2015-02-25 15:41 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-02-25 15:41 - 2015-02-25 15:41 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-02-21 19:26 - 2015-02-21 19:26 - 00000000 _RSHD () C:\cmdcons
2015-02-21 19:26 - 2015-02-21 15:09 - 00000211 _____ () C:\Boot.bak
2015-02-21 19:26 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-02-21 19:13 - 2015-02-28 11:21 - 00000000 ____D () C:\Qoobox
2015-02-21 19:13 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-02-21 19:13 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-02-21 19:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-02-21 19:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-02-21 19:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-02-21 19:13 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-02-21 19:13 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-02-21 19:13 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-02-21 19:13 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-02-21 19:12 - 2015-02-25 15:41 - 00000000 ____D () C:\WINDOWS\erdnt
2015-02-21 19:11 - 2015-02-21 19:11 - 05611903 ____R (Swearware) C:\Documents and Settings\PC\Desktop\ComboFix.exe
2015-02-21 18:29 - 2015-02-22 12:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-02-21 15:08 - 2015-02-21 15:08 - 00071520 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-21 15:00 - 2015-02-21 15:00 - 05006864 _____ (AVAST Software) C:\Documents and Settings\PC\Desktop\avast_free_antivirus_setup_online.exe
2015-02-21 14:06 - 2015-02-21 14:06 - 00001748 _____ () C:\Documents and Settings\PC\Desktop\Gothic 2 České módy.lnk
2015-02-21 10:13 - 2015-02-21 10:13 - 00000000 ____D () C:\Documents and Settings\PC\Application Data\Malwarebytes
2015-02-21 10:13 - 2015-02-21 10:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-02-20 18:07 - 2015-02-20 18:17 - 00000000 ____D () C:\AdwCleaner
2015-02-20 18:03 - 2015-02-20 18:04 - 02126848 _____ () C:\Documents and Settings\PC\Desktop\adwcleaner_4.111.exe
2015-02-20 17:55 - 2015-02-26 17:57 - 00000000 ____D () C:\Documents and Settings\PC\Desktop\Gothic 2 Gold
2015-02-19 19:35 - 2015-02-19 19:36 - 00016762 _____ () C:\Documents and Settings\PC\Desktop\Addition.txt
2015-02-19 19:31 - 2015-02-28 11:24 - 00009853 _____ () C:\Documents and Settings\PC\Desktop\FRST.txt
2015-02-19 19:25 - 2015-02-28 11:24 - 00000000 ____D () C:\FRST
2015-02-19 19:24 - 2015-02-28 11:23 - 01127424 _____ (Farbar) C:\Documents and Settings\PC\Desktop\FRST.exe
2015-02-19 14:54 - 2015-02-19 14:57 - 05040384 _____ (AVAST Software) C:\Documents and Settings\PC\Desktop\avastclear.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-28 11:21 - 2013-03-05 23:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-28 11:21 - 2013-03-05 23:05 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-28 11:19 - 2001-08-18 12:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-02-28 11:10 - 2013-03-05 23:08 - 00032494 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-28 10:59 - 2013-03-06 19:13 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 10:49 - 2013-03-05 22:59 - 02033491 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-28 10:48 - 2013-03-06 19:13 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 10:48 - 2013-03-05 14:45 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-28 10:48 - 2013-03-05 14:45 - 00000051 _____ () C:\WINDOWS\wiaservc.log
2015-02-28 10:48 - 2001-08-18 12:00 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-28 10:47 - 2013-05-08 10:33 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-26 19:11 - 2013-03-05 23:09 - 00000178 ___SH () C:\Documents and Settings\PC\ntuser.ini
2015-02-26 18:21 - 2013-03-07 04:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-25 15:42 - 2013-03-05 14:41 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-02-25 15:42 - 2013-03-05 14:41 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-02-25 15:42 - 2013-03-05 14:40 - 22806528 _____ () C:\WINDOWS\system32\config\software.bak
2015-02-25 15:42 - 2013-03-05 14:40 - 04980736 _____ () C:\WINDOWS\system32\config\system.bak
2015-02-25 15:42 - 2013-03-05 14:40 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2015-02-25 15:40 - 2013-11-02 16:40 - 00000000 ____D () C:\Documents and Settings\PC\Local Settings\Application Data\temp
2015-02-24 19:44 - 2013-03-06 19:56 - 00098816 _____ () C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-24 18:49 - 2013-03-06 22:05 - 00000000 ___RD () C:\Documents and Settings\PC\My Documents\Preberanie
2015-02-24 18:48 - 2013-03-06 20:03 - 00000000 ___RD () C:\Documents and Settings\PC\My Documents\Boris
2015-02-24 17:47 - 2013-03-06 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-02-23 16:40 - 2013-03-07 14:16 - 00000000 ____D () C:\Documents and Settings\PC\Application Data\Skype
2015-02-23 16:39 - 2014-12-02 19:00 - 00002273 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-02-22 14:49 - 2013-05-03 13:10 - 00129705 _____ () C:\Documents.RPT
2015-02-21 19:39 - 2013-03-05 23:09 - 00000000 ____D () C:\Documents and Settings\PC
2015-02-21 19:26 - 2013-03-05 14:40 - 00000327 __RSH () C:\boot.ini
2015-02-21 15:11 - 2013-04-08 15:11 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-20 17:41 - 2014-07-31 10:30 - 00000000 ____D () C:\Documents and Settings\PC\Desktop\Gothic I
2015-02-20 17:41 - 2013-03-06 17:46 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-20 15:14 - 2013-03-06 19:15 - 00001825 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-19 15:01 - 2013-03-06 22:08 - 00000000 ___RD () C:\Documents and Settings\PC\My Documents\Filmy
2015-02-18 17:08 - 2013-08-28 14:58 - 00000000 ____D () C:\Program Files\Steam
2015-02-18 17:08 - 2013-03-16 13:52 - 00000000 ____D () C:\Documents and Settings\PC\Application Data\uTorrent
2015-02-16 17:00 - 2014-06-01 07:24 - 00000000 ____D () C:\Documents and Settings\PC\Application Data\Dropbox
2015-02-14 14:25 - 2014-01-18 17:35 - 00000000 ____D () C:\Documents and Settings\PC\Desktop\Call of Duty United Offensive
2015-02-09 19:56 - 2014-09-29 17:09 - 00000000 ____D () C:\Program Files\Valve
2015-02-09 16:51 - 2013-10-08 17:34 - 00000000 ____D () C:\Documents and Settings\PC\Desktop\Warcraft III
2015-02-05 17:21 - 2013-03-07 04:11 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 17:21 - 2013-03-07 04:11 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-29 15:19 - 2014-12-07 19:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2013-03-06 19:56 - 2015-02-24 19:44 - 0098816 _____ () C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-25 18:02 - 2014-05-25 18:02 - 0000003 _____ () C:\Documents and Settings\PC\Local Settings\Application Data\updater.log
2014-05-25 18:02 - 2014-05-31 11:08 - 0000059 _____ () C:\Documents and Settings\PC\Local Settings\Application Data\UserProducts.xml
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe
[2008-04-14 04:42] - [2013-04-08 15:26] - 0507904 ____A (Microsoft Corporation) 679a7259741f6a09994f02ce261b5f2e
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Needitujte sve prispevky! Nezobrazi se mi to jako nova odpoved a nevsimnu si toho.
Najdete tento soubor c:\windows\system32\winlogon.exe a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.