Dobrý den,
potřeboval bych pomoc při odstranění viru.
Avast hlásí nákazu virem Win32:Sirefef-ZT [Trj] a tento vir nelze odstranit ani umístit do karantény.
Dále pak štít souborového systému neustále dokola blokuje tyto viry:
win32:Malware-gen
win32:Trojan-gen
Win32:ZAccess-PB [Trj]
všechno odkazuje na soubor services.exe
LOG:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jarda at 2013-03-05 21:23:09
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 912 GB (48%) free of 1908 GB
Total RAM: 8188 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:23:12, on 5.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files\programy instalace\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe
C:\Program Files (x86)\QIP Infium\infium.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\programy instalace\razerhid.exe
C:\Program Files (x86)\Razer\Arctosa\razerhid.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Arctosa\razertra.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\programy instalace\razertra.exe
C:\Program Files\programy instalace\razerofa.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jarda.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: SmartView VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
O4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
O4 - HKLM\..\Run: [SmartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Abyssus] C:\Program Files\programy instalace\razerhid.exe
O4 - HKLM\..\Run: [Arctosa] "C:\Program Files (x86)\Razer\Arctosa\razerhid.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\programy instalace\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: F-Stream Tuning.lnk = C:\Program Files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe
O4 - Startup: QIP Infium.lnk = C:\Program Files (x86)\QIP Infium\infium.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SmartView service (SmartViewService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13700 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
"C:\Program Files\programy instalace\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Steam\steam.exe" -silent
"C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
C:\Windows\System32\spoolsv.exe
"C:\Program Files\GamePark2\gpcl.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe"
"taskhost.exe"
"C:\Program Files (x86)\QIP Infium\infium.exe"
"C:\Program Files (x86)\XFastUsb\XFastUsb.exe"
"C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
HydraDM64.exe -h:65778 "Maximalizovat na celou plochu" "Maximalizovat k rohum okna" "Obnovit pracovní plochu"
"C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
"C:\Program Files\programy instalace\razerhid.exe"
"C:\Program Files (x86)\Razer\Arctosa\razerhid.exe"
"C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
"C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Razer\Arctosa\razertra.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe"
"C:\Program Files\programy instalace\razertra.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
WLIDSvcM.exe 3292
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\programy instalace\razerofa.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-04088ecb-3d80-4dc6-ae13-851ea6b3227a -SystemEventPortName:HostProcess-ee6b782c-3578-4c8a-a5bd-5af15c4fa439 -IoCancelEventPortName:HostProcess-f2312bbc-a8ad-4f17-be28-e82e6608bb14 -NonStateChangingEventPortName:HostProcess-589dd22d-a8d0-444e-82b2-05b3e2dd8866 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3c6b4542-71e7-438e-9e37-ac1ea752db54 -DeviceGroupId:WpdFsGroup
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3956.0.1823119770\2139828541" --supports-dual-gpus=false --gpu-vendor-id=0x1002 --gpu-device-id=0x6719 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=12.100.17.0 --ignored=" --type=renderer " /prefetch:12
taskeng.exe {4E73DBFF-CFB0-4093-AB76-425F800E421E}
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3956.4.565833426\381679984" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3956.8.2112862430\1946368799" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3956.14.899794802\1766559707" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3956.15.1968111736\1911803217" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3956.17.1722825739\1901989834" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3956.32.1393605971\1109167503" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3956.35.398983489\1954647628" /prefetch:3
taskeng.exe {741AB207-B14E-46F2-84EE-2DABCCB5D2EB}
"C:\Users\Jarda\Downloads\RSITx64 (2).exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce055fafa66057.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-02-28 1497560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-27 551840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-31 6304888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-27 209824]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]
SmartView VisualBookmark - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll [2010-09-02 325904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-09-01 48080]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-27 461216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-02-28 1224568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2012-03-23 142288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31 4528760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06 1519304]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-27 170912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-02-28 1497560]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06 1519304]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-02-28 1224568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"=C:\Windows\system32\THXCfg64.dll [2011-05-13 26624]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\programy instalace\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2013-02-25 1602984]
"HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2011-10-16 393216]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"=C:\Program Files (x86)\XFastUsb\XFastUsb.exe [2011-09-30 4838912]
"THX TruStudio NB Settings"=C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [2011-05-19 909824]
"SmartViewAgent"=C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe [2010-09-02 948504]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-06-06 1564872]
"Abyssus"=C:\Program Files\programy instalace\razerhid.exe [2010-05-10 223744]
"Arctosa"=C:\Program Files (x86)\Razer\Arctosa\razerhid.exe [2009-08-19 232960]
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2012-10-04 115032]
"Sweetpacks Communicator"=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [2012-08-15 231768]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-02-26 642656]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-02-28 4767304]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll [2012-12-14 1091432]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamePark klient 2.lnk - C:\Program Files\GamePark2\gpcl.exe
C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
F-Stream Tuning.lnk - C:\Program Files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe
QIP Infium.lnk - C:\Program Files (x86)\QIP Infium\infium.exe
SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-03-05 21:22:35 ----D---- C:\Program Files (x86)\trend micro
2013-03-05 20:25:14 ----A---- C:\Windows\system32\drivers\FixZeroAccess.sys
2013-03-05 20:20:44 ----A---- C:\Windows\ntbtlog.txt
2013-03-05 19:45:14 ----D---- C:\rsit
2013-03-05 19:45:14 ----D---- C:\Program Files\trend micro
2013-03-05 17:09:41 ----D---- C:\Users\Jarda\AppData\Roaming\Malwarebytes
2013-03-05 17:09:29 ----D---- C:\ProgramData\Malwarebytes
2013-03-05 17:09:26 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-05 17:09:26 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-03-05 15:21:37 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-03-05 15:21:37 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-03-05 15:21:35 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-03-05 15:21:32 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-03-05 15:21:29 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-03-05 15:21:27 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-03-05 15:21:26 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-03-05 15:21:25 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-03-05 15:21:11 ----A---- C:\Windows\avastSS.scr
2013-03-05 14:38:41 ----D---- C:\ProgramData\ATI
2013-03-05 14:38:40 ----D---- C:\Program Files (x86)\AMD AVT
2013-03-05 14:38:35 ----D---- C:\Program Files (x86)\AMD APP
2013-02-26 20:20:22 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2013-02-26 20:20:22 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2013-02-26 20:20:22 ----A---- C:\Windows\system32\atimpc64.dll
2013-02-26 20:20:22 ----A---- C:\Windows\system32\amdpcom64.dll
2013-02-26 20:20:16 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2013-02-26 20:20:14 ----A---- C:\Windows\system32\atiu9p64.dll
2013-02-26 20:20:04 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2013-02-26 20:19:50 ----A---- C:\Windows\system32\atiumd6a.dll
2013-02-26 20:19:48 ----A---- C:\Windows\system32\atiumd64.dll
2013-02-26 20:17:50 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2013-02-26 19:54:12 ----A---- C:\Windows\system32\atio6axx.dll
2013-02-26 19:49:52 ----A---- C:\Windows\system32\coinst_12.10.17.dll
2013-02-26 19:48:14 ----A---- C:\Windows\system32\atiapfxx.exe
2013-02-26 19:45:52 ----A---- C:\Windows\system32\aticalrt64.dll
2013-02-26 19:45:50 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2013-02-26 19:45:44 ----A---- C:\Windows\system32\aticalcl64.dll
2013-02-26 19:45:42 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2013-02-26 19:45:30 ----A---- C:\Windows\system32\aticaldd64.dll
2013-02-26 19:41:24 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2013-02-26 19:37:46 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2013-02-26 19:25:42 ----A---- C:\Windows\system32\atidemgy.dll
2013-02-26 19:25:32 ----A---- C:\Windows\system32\atieclxx.exe
2013-02-26 19:24:44 ----A---- C:\Windows\system32\atiesrxx.exe
2013-02-26 19:23:24 ----A---- C:\Windows\system32\atitmm64.dll
2013-02-26 19:23:12 ----A---- C:\Windows\system32\atimuixx.dll
2013-02-26 19:23:06 ----A---- C:\Windows\system32\atiedu64.dll
2013-02-26 19:23:02 ----A---- C:\Windows\SYSWOW64\ati2edxx.dll
2013-02-26 18:58:54 ----A---- C:\Windows\system32\atiadlxx.dll
2013-02-26 18:58:44 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2013-02-26 18:58:28 ----A---- C:\Windows\system32\atig6pxx.dll
2013-02-26 18:58:26 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2013-02-26 18:58:26 ----A---- C:\Windows\system32\atiglpxx.dll
2013-02-26 18:58:22 ----A---- C:\Windows\system32\atig6txx.dll
2013-02-26 18:58:14 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2013-02-26 18:58:04 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2013-02-26 18:55:50 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2013-02-26 14:05:38 ----A---- C:\Windows\system32\clinfo.exe
2013-02-26 14:05:20 ----A---- C:\Windows\system32\OpenVideo64.dll
2013-02-26 14:05:16 ----A---- C:\Windows\SYSWOW64\OpenVideo.dll
2013-02-26 14:05:10 ----A---- C:\Windows\system32\OVDecode64.dll
2013-02-26 14:05:08 ----A---- C:\Windows\SYSWOW64\OVDecode.dll
2013-02-26 14:04:58 ----A---- C:\Windows\system32\amdocl64.dll
2013-02-26 14:03:04 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2013-02-26 14:01:22 ----A---- C:\Windows\system32\OpenCL.dll
2013-02-26 14:01:20 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2013-02-26 13:54:44 ----A---- C:\Windows\system32\amdsc64.dll
2013-02-26 13:54:40 ----A---- C:\Windows\SYSWOW64\amdsc.dll
2013-02-24 07:42:33 ----D---- C:\Program Files (x86)\Crysis 3
2013-02-17 19:27:31 ----A---- C:\Windows\BlendSettings.ini
2013-02-17 18:52:00 ----D---- C:\Users\Jarda\AppData\Roaming\Software Informer
2013-02-17 18:52:00 ----D---- C:\Program Files (x86)\Software Informer
2013-02-12 15:10:50 ----D---- C:\Program Files (x86)\Aliens Colonial Marines
======List of files/folders modified in the last 1 month======
2013-03-05 21:22:35 ----RD---- C:\Program Files (x86)
2013-03-05 21:22:20 ----D---- C:\Windows\Temp
2013-03-05 20:28:11 ----D---- C:\Program Files (x86)\Steam
2013-03-05 20:27:42 ----D---- C:\Windows\SYSWOW64\drivers
2013-03-05 20:27:42 ----D---- C:\Program Files (x86)\SpeedFan
2013-03-05 20:27:39 ----D---- C:\Users\Jarda\AppData\Roaming\Skype
2013-03-05 20:25:14 ----D---- C:\Windows\system32\drivers
2013-03-05 20:20:44 ----D---- C:\Windows
2013-03-05 19:45:14 ----RD---- C:\Program Files
2013-03-05 19:16:18 ----D---- C:\Windows\system32\wdi
2013-03-05 19:11:39 ----D---- C:\TEMP
2013-03-05 18:15:14 ----D---- C:\Windows\System32
2013-03-05 18:15:14 ----D---- C:\Windows\inf
2013-03-05 18:15:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-05 18:12:23 ----D---- C:\Windows\Prefetch
2013-03-05 17:24:41 ----D---- C:\Windows\system32\catroot2
2013-03-05 17:22:44 ----SHD---- C:\Config.Msi
2013-03-05 17:22:44 ----D---- C:\Users\Jarda\AppData\Roaming\QipGuard
2013-03-05 17:09:29 ----HD---- C:\ProgramData
2013-03-05 17:01:22 ----SHD---- C:\Windows\Installer
2013-03-05 16:58:50 ----D---- C:\Windows\system32\DriverStore
2013-03-05 16:58:50 ----D---- C:\Windows\system32\catroot
2013-03-05 15:22:02 ----D---- C:\Program Files (x86)\Google
2013-03-05 15:21:25 ----D---- C:\Windows\system32\Tasks
2013-03-05 15:21:01 ----D---- C:\ProgramData\AVAST Software
2013-03-05 15:21:01 ----D---- C:\Program Files\AVAST Software
2013-03-05 15:14:57 ----SD---- C:\ProgramData\Microsoft
2013-03-05 14:44:20 ----D---- C:\Windows\SysWOW64
2013-03-05 14:38:40 ----D---- C:\ProgramData\AMD
2013-03-05 14:38:17 ----D---- C:\Program Files\ATI Technologies
2013-03-05 14:24:27 ----D---- C:\AMD
2013-03-04 23:45:34 ----D---- C:\Users\Jarda\AppData\Roaming\uTorrent
2013-03-03 08:53:05 ----D---- C:\Users\Jarda\AppData\Roaming\Media Player Classic
2013-02-28 09:35:43 ----A---- C:\Windows\system32\aswBoot.exe
2013-02-27 11:22:11 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-02-26 20:20:16 ----A---- C:\Windows\system32\atiuxp64.dll
2013-02-26 20:20:14 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2013-02-26 20:20:12 ----A---- C:\Windows\system32\aticfx64.dll
2013-02-26 20:20:10 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2013-02-26 20:20:08 ----A---- C:\Windows\system32\atidxx64.dll
2013-02-26 20:20:00 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2013-02-26 20:19:54 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2013-02-25 18:33:45 ----D---- C:\Windows\system32\NDF
2013-02-25 13:56:49 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-02-23 12:36:43 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2013-02-23 12:10:56 ----D---- C:\ProgramData\Origin
2013-02-23 12:10:52 ----D---- C:\Users\Jarda\AppData\Roaming\Origin
2013-02-22 11:55:50 ----D---- C:\Windows\Minidump
2013-02-17 18:46:52 ----D---- C:\Program Files (x86)\Common Files
2013-02-17 18:41:51 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-02-17 17:29:46 ----D---- C:\Program Files (x86)\Bethesda Softworks
2013-02-16 07:45:37 ----D---- C:\ProgramData\Adobe
2013-02-12 17:55:32 ----D---- C:\Users\Jarda\AppData\Roaming\Tunngle
2013-02-12 17:55:32 ----D---- C:\ProgramData\Tunngle
2013-02-08 21:36:06 ----D---- C:\Windows\system32\config
2013-02-08 21:25:50 ----D---- C:\Windows\winsxs
2013-02-08 21:10:19 ----D---- C:\Windows\SYSWOW64\directx
2013-02-08 20:56:49 ----D---- C:\Games
2013-02-07 19:19:36 ----D---- C:\Windows\Tasks
2013-02-06 17:29:30 ----D---- C:\ProgramData\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-02-28 65408]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-02-28 177672]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-02-28 71064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-02-28 1025880]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-02-28 377992]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-02-28 68992]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-15 283200]
R1 FNETURPX;FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [2011-09-30 15936]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-02-28 33472]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R3 Abyssus;Razer Abyssus; C:\Windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-02-26 11613184]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-02-26 576000]
R3 Arctosa;Arctosa Keyboard; C:\Windows\system32\drivers\Arctosa.sys [2009-08-19 19840]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-01-15 96768]
R3 AxtuDrv;AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys []
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-02-08 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-02-08 64512]
R3 FNETTBOH_305;FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [2011-09-30 31808]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-06-30 33344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
R3 vhidmini;Razer Gaming Device; C:\Windows\system32\DRIVERS\vHidDev.sys [2009-12-21 7552]
S1 AsrHidFilter;AsrHidFilter; C:\Windows\system32\DRIVERS\AsrHidFilter.sys [2011-02-17 17928]
S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2009-02-17 17792]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 RivaTuner64;RivaTuner64; \??\C:\Program Files\programy instalace\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-10-01 19952]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;Remote Deskotop USB Hub; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-02-26 240640]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-02-26 361984]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-02-28 45248]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-10-18 76888]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 SmartViewService;SmartView service; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service; C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 251248]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-01-19 541608]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomoc při odstranění viru
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomoc při odstranění viru
Zdravím!
Dejte log ComboFix:
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomoc při odstranění viru
Omlouvám se za zdržení tady je ten ComboFix Log
ComboFix 13-03-05.01 - Jarda 05.03.2013 23:49:17.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8188.6216 [GMT 1:00]
Running from: c:\users\Jarda\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\ntuser.dat
c:\users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\@
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\L\00000004.@
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\L\201d3dde
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\L\4cce1f70
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\L\76603ac3
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\U\00000004.@
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\U\00000008.@
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\U\80000000.@
c:\windows\iun6002.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))
.
.
2013-03-05 22:56 . 2013-03-05 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-05 22:13 . 2013-03-05 22:13 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-03-05 22:12 . 2013-03-05 22:13 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-03-05 22:12 . 2013-03-05 22:12 -------- d-----w- c:\programdata\Lavasoft
2013-03-05 22:10 . 2013-03-05 22:10 -------- d-----w- c:\programdata\Search Protection
2013-03-05 20:22 . 2013-03-05 20:22 -------- d-----w- c:\program files (x86)\trend micro
2013-03-05 19:25 . 2013-03-05 19:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2013-03-05 18:45 . 2013-03-05 20:23 -------- d-----w- c:\program files\trend micro
2013-03-05 18:45 . 2013-03-05 18:45 -------- d-----w- C:\rsit
2013-03-05 16:09 . 2013-03-05 16:09 -------- d-----w- c:\users\Jarda\AppData\Roaming\Malwarebytes
2013-03-05 16:09 . 2013-03-05 16:09 -------- d-----w- c:\programdata\Malwarebytes
2013-03-05 16:09 . 2013-03-05 16:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-05 16:09 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-05 14:21 . 2013-02-28 08:36 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-05 14:21 . 2013-02-28 08:36 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-05 14:21 . 2013-02-28 08:36 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-05 14:21 . 2013-02-28 08:36 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-05 14:21 . 2013-02-28 08:36 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-05 14:21 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-05 14:21 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-05 14:21 . 2013-02-28 08:36 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-05 14:21 . 2013-02-28 08:36 41664 ----a-w- c:\windows\avastSS.scr
2013-03-05 13:38 . 2013-03-05 13:38 -------- d-----w- c:\programdata\ATI
2013-03-05 13:38 . 2013-03-05 13:38 -------- d-----w- c:\program files (x86)\AMD AVT
2013-03-05 13:38 . 2013-03-05 13:38 -------- d-----w- c:\program files (x86)\AMD APP
2013-02-26 19:20 . 2013-02-26 19:20 78640 ----a-w- c:\windows\system32\atimpc64.dll
2013-02-26 19:20 . 2013-02-26 19:20 78640 ----a-w- c:\windows\system32\amdpcom64.dll
2013-02-26 19:20 . 2013-02-26 19:20 71912 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-02-26 19:20 . 2013-02-26 19:20 71912 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-02-26 19:20 . 2013-02-26 19:20 118792 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-02-26 19:20 . 2013-02-26 19:20 113672 ----a-w- c:\windows\system32\atiu9p64.dll
2013-02-26 19:20 . 2013-02-26 19:20 7192832 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-02-26 19:19 . 2013-02-26 19:19 5035000 ----a-w- c:\windows\system32\atiumd6a.dll
2013-02-26 19:19 . 2013-02-26 19:19 7040928 ----a-w- c:\windows\system32\atiumd64.dll
2013-02-26 19:17 . 2013-02-26 19:17 11613184 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-02-26 18:54 . 2013-02-26 18:54 23581184 ----a-w- c:\windows\system32\atio6axx.dll
2013-02-26 18:49 . 2013-02-26 18:49 77312 ----a-w- c:\windows\system32\coinst_12.10.17.dll
2013-02-26 18:48 . 2013-02-26 18:48 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-02-26 18:45 . 2013-02-26 18:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-02-26 18:45 . 2013-02-26 18:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-02-26 18:45 . 2013-02-26 18:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-02-26 18:45 . 2013-02-26 18:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-02-26 18:45 . 2013-02-26 18:45 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-02-26 18:41 . 2013-02-26 18:41 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-02-26 18:37 . 2013-02-26 18:37 19755520 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-02-26 18:25 . 2013-02-26 18:25 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-02-26 18:25 . 2013-02-26 18:25 561152 ----a-w- c:\windows\system32\atieclxx.exe
2013-02-26 18:24 . 2013-02-26 18:24 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2013-02-26 18:23 . 2013-02-26 18:23 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-02-26 18:23 . 2013-02-26 18:23 25600 ----a-w- c:\windows\system32\atimuixx.dll
2013-02-26 18:23 . 2013-02-26 18:23 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-02-26 18:23 . 2013-02-26 18:23 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 630272 ----a-w- c:\windows\system32\atiadlxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 425984 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-02-26 17:58 . 2013-02-26 17:58 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-02-26 17:58 . 2013-02-26 17:58 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-02-26 17:55 . 2013-02-26 17:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-02-26 13:05 . 2013-02-26 13:05 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-02-26 13:05 . 2013-02-26 13:05 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-02-26 13:05 . 2013-02-26 13:05 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-02-26 13:05 . 2013-02-26 13:05 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-02-26 13:05 . 2013-02-26 13:05 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-02-26 13:04 . 2013-02-26 13:04 29149696 ----a-w- c:\windows\system32\amdocl64.dll
2013-02-26 13:03 . 2013-02-26 13:03 23810048 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-02-26 13:01 . 2013-02-26 13:01 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-02-26 13:01 . 2013-02-26 13:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-02-26 12:54 . 2013-02-26 12:54 5067264 ----a-w- c:\windows\system32\amdsc64.dll
2013-02-26 12:54 . 2013-02-26 12:54 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll
2013-02-24 06:42 . 2013-02-24 13:46 -------- d-----w- c:\program files (x86)\Crysis 3
2013-02-23 11:36 . 2013-02-23 11:36 -------- d-----w- c:\users\Jarda\AppData\Local\ESN
2013-02-17 17:58 . 2013-02-17 17:58 -------- d-----w- c:\users\Jarda\AppData\Local\Oblivion
2013-02-17 17:52 . 2013-03-05 16:25 -------- d-----w- c:\users\Jarda\AppData\Roaming\Software Informer
2013-02-17 17:52 . 2013-02-17 17:52 -------- d-----w- c:\program files (x86)\Software Informer
2013-02-17 17:46 . 2013-02-17 17:46 -------- d-----w- c:\program files (x86)\Common Files\lightning group shared files
2013-02-17 16:19 . 2005-04-03 22:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-02-17 16:19 . 2005-04-03 22:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-02-17 16:19 . 2005-04-03 22:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-02-17 16:19 . 2005-04-03 22:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-02-17 16:19 . 2005-04-03 22:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-02-17 16:19 . 2005-04-03 21:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-02-17 16:19 . 2013-02-17 16:19 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-02-17 16:19 . 2013-02-17 16:19 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-02-12 14:10 . 2013-02-12 14:14 -------- d-----w- c:\program files (x86)\Aliens Colonial Marines
2013-02-08 20:11 . 2013-02-08 20:11 -------- d-----w- c:\users\Jarda\AppData\Local\Electronic Arts
2013-02-05 19:08 . 2013-02-05 19:26 -------- d-----w- c:\program files (x86)\Dead Space 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 08:35 . 2011-11-20 17:38 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-27 10:22 . 2012-07-15 06:24 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 10:22 . 2011-10-01 00:45 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 19:20 . 2011-09-29 21:36 139904 ----a-w- c:\windows\system32\atiuxp64.dll
2013-02-26 19:20 . 2011-09-29 21:36 92512 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-02-26 19:20 . 2011-09-29 21:36 1150328 ----a-w- c:\windows\system32\aticfx64.dll
2013-02-26 19:20 . 2012-03-09 05:16 968560 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-02-26 19:20 . 2011-09-29 21:36 8209496 ----a-w- c:\windows\system32\atidxx64.dll
2013-02-26 19:20 . 2012-03-09 04:23 4475192 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-02-26 19:19 . 2012-03-09 04:23 6036160 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-02-25 12:56 . 2011-10-01 09:47 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-02-25 12:56 . 2011-10-01 09:42 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-02-25 12:56 . 2011-10-01 09:42 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-02-01 09:25 . 2013-02-01 09:25 11974 ----a-w- C:\cc_20130201_102457.reg
2013-01-27 18:03 . 2013-01-27 18:04 960416 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-27 18:03 . 2013-01-27 18:04 308640 ----a-w- c:\windows\system32\javaws.exe
2013-01-27 18:03 . 2013-01-27 18:04 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-27 18:03 . 2013-01-27 18:04 188832 ----a-w- c:\windows\system32\javaw.exe
2013-01-27 18:03 . 2013-01-27 18:04 188832 ----a-w- c:\windows\system32\java.exe
2013-01-27 18:03 . 2013-01-27 18:04 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-27 17:43 . 2013-01-27 17:43 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-27 17:43 . 2013-01-27 17:43 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-27 17:43 . 2013-01-27 17:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-15 10:11 . 2013-01-15 10:11 96768 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2013-01-15 10:11 . 2013-01-15 10:11 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-01-01 09:57 . 2013-01-01 09:54 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-12-09 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-12-09 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47 87464 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\programy instalace\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-02-25 1602984]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-16 393216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-09-30 4838912]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"SmartViewAgent"="c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" [2010-09-02 948504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"Abyssus"="c:\program files\programy instalace\razerhid.exe" [2010-05-10 223744]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2009-08-19 232960]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-02-26 642656]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2013-03-05 168]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
c:\users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
F-Stream Tuning.lnk - c:\program files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe [2011-9-30 14790440]
QIP Infium.lnk - c:\program files (x86)\QIP Infium\infium.exe [2012-7-9 5896656]
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2011-7-13 4615064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-10-17 442880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UpdReg"=c:\windows\UpdReg.EXE
.
R1 AsrHidFilter;AsrHidFilter;c:\windows\system32\DRIVERS\AsrHidFilter.sys [2011-02-17 17928]
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RivaTuner64;RivaTuner64;c:\program files\programy instalace\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-10-01 19952]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-05 14456]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-15 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-09-30 15936]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-02-21 1236336]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-02-26 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-02-26 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 Arctosa;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [2009-08-19 19840]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-01-15 96768]
S3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-09-30 31808]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 13:24 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 10:22]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 15:24]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce055fafa66057.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 15:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=ED51EA929F1354BAB2CD9751366D4C3F
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{6B5863A0-C43F-4C0A-982B-CC0E9125783F} - c:\users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3414849235-1478885224-1814082010-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,98,4c,f7,0b,ac,4d,19,28,83,3a,40,af,82,b1,f6,f5,5a,be,58,46,
df,e5,af,c7,62,a7,99,ee,ef,9e,17,46,28,56,28,f5,21,90,c9,3b,4b,b3,a0,c8,e1,\
"rkeysecu"=hex:dc,64,34,be,a2,1a,36,89,0f,b3,10,49,20,c2,5c,41
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Razer\Arctosa\razertra.exe
c:\programdata\Search Protection\SearchProtection.exe
c:\progra~2\AD-AWA~1\AdAware.exe
c:\program files\programy instalace\razerofa.exe
c:\program files\programy instalace\razertra.exe
.
**************************************************************************
.
Completion time: 2013-03-06 00:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-05 23:04
.
Pre-Run: Volných bajtu: 955 297 210 368
Post-Run: Volných bajtu: 955 228 856 320
.
- - End Of File - - AD79F2ADD59C818DE2637CC73045AC00
ComboFix 13-03-05.01 - Jarda 05.03.2013 23:49:17.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8188.6216 [GMT 1:00]
Running from: c:\users\Jarda\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\ntuser.dat
c:\users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\@
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\L\00000004.@
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\L\201d3dde
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\L\4cce1f70
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\L\76603ac3
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\U\00000004.@
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\U\00000008.@
c:\windows\Installer\{c4f47454-4890-77c5-0e16-5ec8d3483a2a}\U\80000000.@
c:\windows\iun6002.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))
.
.
2013-03-05 22:56 . 2013-03-05 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-05 22:13 . 2013-03-05 22:13 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-03-05 22:12 . 2013-03-05 22:13 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-03-05 22:12 . 2013-03-05 22:12 -------- d-----w- c:\programdata\Lavasoft
2013-03-05 22:10 . 2013-03-05 22:10 -------- d-----w- c:\programdata\Search Protection
2013-03-05 20:22 . 2013-03-05 20:22 -------- d-----w- c:\program files (x86)\trend micro
2013-03-05 19:25 . 2013-03-05 19:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2013-03-05 18:45 . 2013-03-05 20:23 -------- d-----w- c:\program files\trend micro
2013-03-05 18:45 . 2013-03-05 18:45 -------- d-----w- C:\rsit
2013-03-05 16:09 . 2013-03-05 16:09 -------- d-----w- c:\users\Jarda\AppData\Roaming\Malwarebytes
2013-03-05 16:09 . 2013-03-05 16:09 -------- d-----w- c:\programdata\Malwarebytes
2013-03-05 16:09 . 2013-03-05 16:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-05 16:09 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-05 14:21 . 2013-02-28 08:36 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-05 14:21 . 2013-02-28 08:36 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-05 14:21 . 2013-02-28 08:36 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-05 14:21 . 2013-02-28 08:36 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-05 14:21 . 2013-02-28 08:36 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-05 14:21 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-05 14:21 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-05 14:21 . 2013-02-28 08:36 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-05 14:21 . 2013-02-28 08:36 41664 ----a-w- c:\windows\avastSS.scr
2013-03-05 13:38 . 2013-03-05 13:38 -------- d-----w- c:\programdata\ATI
2013-03-05 13:38 . 2013-03-05 13:38 -------- d-----w- c:\program files (x86)\AMD AVT
2013-03-05 13:38 . 2013-03-05 13:38 -------- d-----w- c:\program files (x86)\AMD APP
2013-02-26 19:20 . 2013-02-26 19:20 78640 ----a-w- c:\windows\system32\atimpc64.dll
2013-02-26 19:20 . 2013-02-26 19:20 78640 ----a-w- c:\windows\system32\amdpcom64.dll
2013-02-26 19:20 . 2013-02-26 19:20 71912 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-02-26 19:20 . 2013-02-26 19:20 71912 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-02-26 19:20 . 2013-02-26 19:20 118792 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-02-26 19:20 . 2013-02-26 19:20 113672 ----a-w- c:\windows\system32\atiu9p64.dll
2013-02-26 19:20 . 2013-02-26 19:20 7192832 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-02-26 19:19 . 2013-02-26 19:19 5035000 ----a-w- c:\windows\system32\atiumd6a.dll
2013-02-26 19:19 . 2013-02-26 19:19 7040928 ----a-w- c:\windows\system32\atiumd64.dll
2013-02-26 19:17 . 2013-02-26 19:17 11613184 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-02-26 18:54 . 2013-02-26 18:54 23581184 ----a-w- c:\windows\system32\atio6axx.dll
2013-02-26 18:49 . 2013-02-26 18:49 77312 ----a-w- c:\windows\system32\coinst_12.10.17.dll
2013-02-26 18:48 . 2013-02-26 18:48 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-02-26 18:45 . 2013-02-26 18:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-02-26 18:45 . 2013-02-26 18:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-02-26 18:45 . 2013-02-26 18:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-02-26 18:45 . 2013-02-26 18:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-02-26 18:45 . 2013-02-26 18:45 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-02-26 18:41 . 2013-02-26 18:41 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-02-26 18:37 . 2013-02-26 18:37 19755520 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-02-26 18:25 . 2013-02-26 18:25 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-02-26 18:25 . 2013-02-26 18:25 561152 ----a-w- c:\windows\system32\atieclxx.exe
2013-02-26 18:24 . 2013-02-26 18:24 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2013-02-26 18:23 . 2013-02-26 18:23 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-02-26 18:23 . 2013-02-26 18:23 25600 ----a-w- c:\windows\system32\atimuixx.dll
2013-02-26 18:23 . 2013-02-26 18:23 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-02-26 18:23 . 2013-02-26 18:23 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 630272 ----a-w- c:\windows\system32\atiadlxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 425984 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-02-26 17:58 . 2013-02-26 17:58 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-02-26 17:58 . 2013-02-26 17:58 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-02-26 17:58 . 2013-02-26 17:58 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-02-26 17:55 . 2013-02-26 17:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-02-26 13:05 . 2013-02-26 13:05 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-02-26 13:05 . 2013-02-26 13:05 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-02-26 13:05 . 2013-02-26 13:05 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-02-26 13:05 . 2013-02-26 13:05 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-02-26 13:05 . 2013-02-26 13:05 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-02-26 13:04 . 2013-02-26 13:04 29149696 ----a-w- c:\windows\system32\amdocl64.dll
2013-02-26 13:03 . 2013-02-26 13:03 23810048 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-02-26 13:01 . 2013-02-26 13:01 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-02-26 13:01 . 2013-02-26 13:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-02-26 12:54 . 2013-02-26 12:54 5067264 ----a-w- c:\windows\system32\amdsc64.dll
2013-02-26 12:54 . 2013-02-26 12:54 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll
2013-02-24 06:42 . 2013-02-24 13:46 -------- d-----w- c:\program files (x86)\Crysis 3
2013-02-23 11:36 . 2013-02-23 11:36 -------- d-----w- c:\users\Jarda\AppData\Local\ESN
2013-02-17 17:58 . 2013-02-17 17:58 -------- d-----w- c:\users\Jarda\AppData\Local\Oblivion
2013-02-17 17:52 . 2013-03-05 16:25 -------- d-----w- c:\users\Jarda\AppData\Roaming\Software Informer
2013-02-17 17:52 . 2013-02-17 17:52 -------- d-----w- c:\program files (x86)\Software Informer
2013-02-17 17:46 . 2013-02-17 17:46 -------- d-----w- c:\program files (x86)\Common Files\lightning group shared files
2013-02-17 16:19 . 2005-04-03 22:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-02-17 16:19 . 2005-04-03 22:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-02-17 16:19 . 2005-04-03 22:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-02-17 16:19 . 2005-04-03 22:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-02-17 16:19 . 2005-04-03 22:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-02-17 16:19 . 2005-04-03 21:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-02-17 16:19 . 2013-02-17 16:19 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-02-17 16:19 . 2013-02-17 16:19 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-02-12 14:10 . 2013-02-12 14:14 -------- d-----w- c:\program files (x86)\Aliens Colonial Marines
2013-02-08 20:11 . 2013-02-08 20:11 -------- d-----w- c:\users\Jarda\AppData\Local\Electronic Arts
2013-02-05 19:08 . 2013-02-05 19:26 -------- d-----w- c:\program files (x86)\Dead Space 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 08:35 . 2011-11-20 17:38 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-27 10:22 . 2012-07-15 06:24 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 10:22 . 2011-10-01 00:45 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 19:20 . 2011-09-29 21:36 139904 ----a-w- c:\windows\system32\atiuxp64.dll
2013-02-26 19:20 . 2011-09-29 21:36 92512 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-02-26 19:20 . 2011-09-29 21:36 1150328 ----a-w- c:\windows\system32\aticfx64.dll
2013-02-26 19:20 . 2012-03-09 05:16 968560 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-02-26 19:20 . 2011-09-29 21:36 8209496 ----a-w- c:\windows\system32\atidxx64.dll
2013-02-26 19:20 . 2012-03-09 04:23 4475192 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-02-26 19:19 . 2012-03-09 04:23 6036160 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-02-25 12:56 . 2011-10-01 09:47 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-02-25 12:56 . 2011-10-01 09:42 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-02-25 12:56 . 2011-10-01 09:42 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-02-01 09:25 . 2013-02-01 09:25 11974 ----a-w- C:\cc_20130201_102457.reg
2013-01-27 18:03 . 2013-01-27 18:04 960416 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-27 18:03 . 2013-01-27 18:04 308640 ----a-w- c:\windows\system32\javaws.exe
2013-01-27 18:03 . 2013-01-27 18:04 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-27 18:03 . 2013-01-27 18:04 188832 ----a-w- c:\windows\system32\javaw.exe
2013-01-27 18:03 . 2013-01-27 18:04 188832 ----a-w- c:\windows\system32\java.exe
2013-01-27 18:03 . 2013-01-27 18:04 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-27 17:43 . 2013-01-27 17:43 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-27 17:43 . 2013-01-27 17:43 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-27 17:43 . 2013-01-27 17:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-15 10:11 . 2013-01-15 10:11 96768 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2013-01-15 10:11 . 2013-01-15 10:11 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-01-01 09:57 . 2013-01-01 09:54 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-12-09 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-12-09 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47 87464 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\programy instalace\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-02-25 1602984]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-16 393216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-09-30 4838912]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"SmartViewAgent"="c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" [2010-09-02 948504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"Abyssus"="c:\program files\programy instalace\razerhid.exe" [2010-05-10 223744]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2009-08-19 232960]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-02-26 642656]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2013-03-05 168]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
c:\users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
F-Stream Tuning.lnk - c:\program files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe [2011-9-30 14790440]
QIP Infium.lnk - c:\program files (x86)\QIP Infium\infium.exe [2012-7-9 5896656]
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2011-7-13 4615064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-10-17 442880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UpdReg"=c:\windows\UpdReg.EXE
.
R1 AsrHidFilter;AsrHidFilter;c:\windows\system32\DRIVERS\AsrHidFilter.sys [2011-02-17 17928]
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RivaTuner64;RivaTuner64;c:\program files\programy instalace\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-10-01 19952]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-05 14456]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-15 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-09-30 15936]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-02-21 1236336]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-02-26 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-02-26 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 Arctosa;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [2009-08-19 19840]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-01-15 96768]
S3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-09-30 31808]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 13:24 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 10:22]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 15:24]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce055fafa66057.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 15:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=ED51EA929F1354BAB2CD9751366D4C3F
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{6B5863A0-C43F-4C0A-982B-CC0E9125783F} - c:\users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3414849235-1478885224-1814082010-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,98,4c,f7,0b,ac,4d,19,28,83,3a,40,af,82,b1,f6,f5,5a,be,58,46,
df,e5,af,c7,62,a7,99,ee,ef,9e,17,46,28,56,28,f5,21,90,c9,3b,4b,b3,a0,c8,e1,\
"rkeysecu"=hex:dc,64,34,be,a2,1a,36,89,0f,b3,10,49,20,c2,5c,41
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Razer\Arctosa\razertra.exe
c:\programdata\Search Protection\SearchProtection.exe
c:\progra~2\AD-AWA~1\AdAware.exe
c:\program files\programy instalace\razerofa.exe
c:\program files\programy instalace\razertra.exe
.
**************************************************************************
.
Completion time: 2013-03-06 00:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-05 23:04
.
Pre-Run: Volných bajtu: 955 297 210 368
Post-Run: Volných bajtu: 955 228 856 320
.
- - End Of File - - AD79F2ADD59C818DE2637CC73045AC00
Re: Pomoc při odstranění viru
Po použití combofixu se zdá být vše v pořádku několikrát jsem udělal test v Avastu a Malwarebytes a nikde nic.
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomoc při odstranění viru
Ještě dočistíme od zbytečností. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\program files (x86)\adawaretb
c:\program files (x86)\Ask.com
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"Sweetpacks Communicator"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
RegNull::
[HKEY_USERS\S-1-5-21-3414849235-1478885224-1814082010-1000\Software\SecuROM\License information*]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomoc při odstranění viru
Bezva, všecko proběhlo v pohodě díky za pomoc. Pošlu vám menší příspěvek na účet, odvádíte tady skvělou práci. 
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomoc při odstranění viru
Nemáte zač a za příspěvek děkujeme! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?