Zpomalený PC - téměř nefunkčnní
Napsal: 19 bře 2013 23:02
Dobrý den, problém se u mého PC vyskytl dnes. Počítač po spuštění zamrzává, přibližně po minutě nelze kliknout na nic vše se strašně pomalu načítá, nelze obnovit do bodu obnovení. Občas nejde ani dát normální reset nebo vypnutí PC, při kliknutí na defragmentaci nereaguje. Naposled se nespustila ani většina programů co se normálně spustí se zapnutím PC. Zkoušel jsem avastem kontrolu před zapnutím - a nic.
Prosím o pomoc, jsem už bezradný
Kopíruji log RSIT a následně DDS:
Logfile of random's system information tool 1.09 (written by random/random)
Run by nothinQ at 2013-03-19 22:50:23
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 28 GB (18%) free of 157 GB
Total RAM: 4094 MB (79% free)
HijackThis download failed
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
taskmgr.exe /3
"C:\Users\nothinQ\Desktop\RSITx64.exe"
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3085540732-2805876386-3132524388-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3085540732-2805876386-3132524388-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
Shareaza Web Download Hook - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll [2011-02-12 99840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-03-07 1497560]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b7430e9-e659-4555-ac67-be3340aaa519}]
brothersoft afc Toolbar - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
Shareaza Web Download Hook - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll [2011-02-12 84992]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
Funmoods Helper Object - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll [2012-08-24 243664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7EC6757A-A0A7-1038-E54F-E723C37F6EDD}]
MaggnIPieC - C:\ProgramData\MaggnIPieC\5143173ea48aa.dll [2013-03-15 118272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88ac3cb6-596b-4217-964c-b6757ef9602d}]
express-files Toolbar - C:\Program Files (x86)\express-files\prxtbexp0.dll [2013-03-05 231168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
KMPlayer Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-03-07 1497560]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0b7430e9-e659-4555-ac67-be3340aaa519} - brothersoft afc Toolbar - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll [2011-05-09 176936]
{D4027C7F-154A-4066-A1AD-4243D8127440} - KMPlayer Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]
{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - Funmoods Toolbar - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll [2012-08-24 251856]
{88ac3cb6-596b-4217-964c-b6757ef9602d} - express-files Toolbar - C:\Program Files (x86)\express-files\prxtbexp0.dll [2013-03-05 231168]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-09 12666984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\nothinQ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
"OscarEditor"=C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [2011-02-11 3357696]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2013-03-15 1632680]
"Gadwin PrintScreen"=C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [2012-05-13 493776]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
"SearchProtect"=C:\Users\nothinQ\AppData\Roaming\SearchProtect\bin\cltmng.exe [2013-03-06 2731296]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-01-03 1391272]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SearchProtectAll"=C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2013-03-06 2731296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"Frank Nagl's Screenshotz"=C:\Program Files (x86)\Screenshotz\Screenshotz.exe [2009-04-23 137728]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-03-19 22:48:27 ----D---- C:\rsit
2013-03-19 22:48:27 ----D---- C:\Program Files\trend micro
2013-03-19 17:27:25 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-03-19 17:27:24 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-03-19 17:27:23 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-03-19 17:27:22 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-03-19 17:27:21 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-03-19 17:27:20 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-03-19 17:27:20 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-03-19 17:27:15 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-03-19 17:27:15 ----A---- C:\Windows\system32\aswBoot.exe
2013-03-19 17:26:16 ----A---- C:\Windows\avastSS.scr
2013-03-19 17:26:03 ----D---- C:\Program Files\AVAST Software
2013-03-19 17:24:51 ----D---- C:\ProgramData\AVAST Software
2013-03-19 17:07:42 ----SHD---- C:\Config.Msi
2013-03-18 14:44:40 ----D---- C:\Program Files (x86)\Screenshotz
2013-03-17 10:56:24 ----D---- C:\Program Files (x86)\PCSX2 1.0.0
2013-03-15 13:19:26 ----D---- C:\Program Files (x86)\express-files
2013-03-15 13:18:53 ----D---- C:\Program Files (x86)\SearchProtect
2013-03-15 13:18:46 ----D---- C:\Users\nothinQ\AppData\Roaming\SearchProtect
2013-03-15 13:18:14 ----D---- C:\ProgramData\Tarma Installer
2013-03-15 13:17:59 ----D---- C:\Users\nothinQ\AppData\Roaming\ExpressFiles
2013-03-15 13:17:59 ----D---- C:\Program Files (x86)\ExpressFiles
2013-03-15 13:10:29 ----D---- C:\ProgramData\CLSoft LTD
2013-03-15 13:10:25 ----D---- C:\ProgramData\Premium
2013-03-15 13:10:23 ----D---- C:\Program Files (x86)\MagniPic
2013-03-15 13:10:17 ----D---- C:\ProgramData\MaggnIPieC
2013-03-15 13:10:16 ----D---- C:\ProgramData\InstallMate
2013-03-14 07:58:33 ----A---- C:\Windows\system32\drivers\usb8023.sys
2013-03-14 07:52:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-14 07:52:42 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-14 07:52:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-14 07:52:40 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-14 07:52:39 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-14 07:52:39 ----A---- C:\Windows\system32\ieui.dll
2013-03-14 07:52:38 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-14 07:52:38 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-14 07:52:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-14 07:52:37 ----A---- C:\Windows\system32\url.dll
2013-03-14 07:52:36 ----A---- C:\Windows\system32\urlmon.dll
2013-03-14 07:52:35 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-14 07:52:35 ----A---- C:\Windows\system32\jscript9.dll
2013-03-14 07:52:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-14 07:52:34 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-14 07:52:33 ----A---- C:\Windows\system32\wininet.dll
2013-03-14 07:52:32 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-14 07:52:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-14 07:52:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-14 07:52:31 ----A---- C:\Windows\system32\vbscript.dll
2013-03-14 07:52:30 ----A---- C:\Windows\system32\jscript.dll
2013-03-14 07:52:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-14 07:52:29 ----A---- C:\Windows\system32\iertutil.dll
2013-03-14 07:52:27 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-14 07:52:09 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-14 07:52:03 ----A---- C:\Windows\system32\mshtml.dll
2013-03-14 07:52:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-14 07:52:02 ----A---- C:\Windows\system32\ieframe.dll
2013-03-13 18:46:50 ----HD---- C:\Windows\msdownld.tmp
2013-03-13 18:46:49 ----D---- C:\Windows\SYSWOW64\directx
======List of files/folders modified in the last 1 month======
2013-03-19 22:50:23 ----A---- C:\Windows\ntbtlog.txt
2013-03-19 22:50:22 ----D---- C:\Windows\Temp
2013-03-19 22:48:27 ----RD---- C:\Program Files
2013-03-19 21:29:49 ----D---- C:\ProgramData\NVIDIA
2013-03-19 21:29:42 ----D---- C:\Windows\system32\wbem
2013-03-19 21:29:42 ----D---- C:\Windows
2013-03-19 21:28:47 ----D---- C:\Program Files (x86)\Steam
2013-03-19 21:28:45 ----SHD---- C:\Windows\Installer
2013-03-19 21:28:45 ----HD---- C:\ProgramData
2013-03-19 21:28:45 ----D---- C:\Windows\system32\Tasks
2013-03-19 21:28:45 ----D---- C:\Windows\system32\NDF
2013-03-19 21:28:45 ----D---- C:\Windows\system32\DriverStore
2013-03-19 21:28:45 ----D---- C:\Windows\system32\drivers
2013-03-19 21:28:45 ----D---- C:\Windows\system32\CodeIntegrity
2013-03-19 21:28:45 ----D---- C:\Windows\system32\catroot2
2013-03-19 21:28:45 ----D---- C:\Windows\System32
2013-03-19 21:28:45 ----D---- C:\Windows\inf
2013-03-19 21:28:45 ----D---- C:\ProgramData\McAfee Security Scan
2013-03-19 21:28:44 ----D---- C:\Windows\Tasks
2013-03-19 21:28:44 ----D---- C:\Windows\SysWOW64
2013-03-19 21:28:44 ----D---- C:\Windows\system32\wfp
2013-03-19 21:28:43 ----D---- C:\Windows\winsxs
2013-03-19 21:28:43 ----D---- C:\Windows\registration
2013-03-19 17:31:56 ----D---- C:\Windows\Prefetch
2013-03-19 17:26:49 ----D---- C:\Windows\system32\config
2013-03-19 17:25:59 ----SHD---- C:\System Volume Information
2013-03-19 17:25:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-19 17:11:07 ----D---- C:\Program Files\ESET
2013-03-18 21:04:45 ----RD---- C:\Program Files (x86)
2013-03-17 11:35:49 ----D---- C:\Hry
2013-03-17 09:20:13 ----D---- C:\Users\nothinQ\AppData\Roaming\TS3Client
2013-03-15 13:21:53 ----SH---- C:\Program Files (x86)\desktop.ini
2013-03-15 12:32:51 ----D---- C:\Users\nothinQ\AppData\Roaming\DAEMON Tools Lite
2013-03-15 03:18:08 ----D---- C:\Windows\SYSWOW64\migration
2013-03-15 03:18:08 ----D---- C:\Windows\system32\migration
2013-03-15 03:18:08 ----D---- C:\Program Files\Internet Explorer
2013-03-15 03:18:08 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-14 07:54:46 ----D---- C:\Windows\system32\catroot
2013-03-14 07:54:34 ----A---- C:\Windows\system32\MRT.exe
2013-03-13 20:03:16 ----SD---- C:\Users\nothinQ\AppData\Roaming\Microsoft
2013-03-13 20:03:08 ----D---- C:\Program Files (x86)\Common Files
2013-03-13 18:46:51 ----D---- C:\Windows\Logs
2013-03-12 22:17:05 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-03-06 11:38:36 ----A---- C:\Windows\SYSWOW64\msvcr100.dll
2013-03-06 11:38:36 ----A---- C:\Windows\SYSWOW64\msvcp100.dll
2013-03-02 04:53:16 ----D---- C:\Program Files (x86)\Google
2013-02-27 21:40:25 ----RD---- C:\Users
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-03-07 65336]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2012-02-28 132704]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-28 283200]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
S0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-03-07 70992]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-03-07 1025808]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-03-07 377920]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-03-07 68920]
S1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 mbmiodrvr;mbmiodrvr; \??\C:\Windows\syswow64\mbmiodrvr.sys [2004-04-10 4608]
S1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
S1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-03-07 33400]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-03-07 80816]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-03-07 178624]
S3 cpuz135;cpuz135; \??\C:\Users\nothinQ\AppData\Local\Temp\cpuz135\cpuz135_x64.sys []
S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2011-07-29 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2011-07-29 8456]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-12 3053160]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-03-06 93984]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-20 116648]
S2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 253656]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-20 116648]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-02-25 543144]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-28 1255736]
-----------------EOF-----------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 9.0.8112.16470
Run by nothinQ at 22:45:54 on 2013-03-19
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4094.3172 [GMT 1:00]
.
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921&SearchSource=61&CUI=UN23667707066272325&UM=2&UP=SP519F4821-6B0C-453F-B9ED-08164039354C
mStart Page = hxxp://searchou.com/?affil=7&uid=37ee7fab-8d69-11e2-ae70-6cf049d07a27
uURLSearchHooks: brothersoft afc Toolbar: {0b7430e9-e659-4555-ac67-be3340aaa519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
uURLSearchHooks: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexp0.dll
mURLSearchHooks: brothersoft afc Toolbar: {0b7430e9-e659-4555-ac67-be3340aaa519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
mURLSearchHooks: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexp0.dll
mWinlogon: Userinit = userinit.exe
BHO: brothersoft afc Toolbar: {0b7430e9-e659-4555-ac67-be3340aaa519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
BHO: MaggnIPieC: {7EC6757A-A0A7-1038-E54F-E723C37F6EDD} - C:\ProgramData\MaggnIPieC\5143173ea48aa.dll
BHO: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexp0.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: brothersoft afc Toolbar: {0B7430E9-E659-4555-AC67-BE3340AAA519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
TB: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: brothersoft afc Toolbar: {0b7430e9-e659-4555-ac67-be3340aaa519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
TB: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
TB: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexp0.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\nothinQ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [SearchProtect] C:\Users\nothinQ\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Frank Nagl's Screenshotz] C:\Program Files (x86)\Screenshotz\Screenshotz.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{A6142A61-D20B-408D-A7AB-5B49C769DAA0} : DHCPNameServer = 10.0.0.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0DtDyB0AtByBzz0F0ByDtN0D0Tzu0StBtAyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1034915140
x64-BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-19 65336]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-2-28 132704]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-28 283200]
S0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-19 1025808]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-19 377920]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-19 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-19 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-19 45248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-3-6 93984]
S2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" --> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [?]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-19 178624]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-2-28 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-2-28 9096]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-26 565352]
S3 StorSvc;Služba úložiště;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-28 59392]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-28 1255736]
.
=============== Created Last 30 ================
.
2013-03-19 16:31:50 -------- d-----w- C:\Users\nothinQ\AppData\Local\ElevatedDiagnostics
2013-03-19 16:27:23 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-19 16:27:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-19 16:27:20 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-19 16:27:20 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-19 16:27:15 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-19 16:26:16 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-19 16:26:03 -------- d-----w- C:\Program Files\AVAST Software
2013-03-19 16:24:51 -------- d-----w- C:\ProgramData\AVAST Software
2013-03-19 07:46:41 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3BE7462-4F6F-42AC-94E6-95C8C5BC0C79}\mpengine.dll
2013-03-18 13:44:40 -------- d-----w- C:\Users\nothinQ\AppData\Local\Screenshotz
2013-03-18 13:44:40 -------- d-----w- C:\Program Files (x86)\Screenshotz
2013-03-17 09:56:24 -------- d-----w- C:\Program Files (x86)\PCSX2 1.0.0
2013-03-15 12:19:26 -------- d-----w- C:\Program Files (x86)\express-files
2013-03-15 12:18:53 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-03-15 12:18:46 -------- d-----w- C:\Users\nothinQ\AppData\Roaming\SearchProtect
2013-03-15 12:18:44 -------- d-----w- C:\Users\nothinQ\AppData\Local\CRE
2013-03-15 12:18:14 -------- d-----w- C:\ProgramData\Tarma Installer
2013-03-15 12:17:59 -------- d-----w- C:\Users\nothinQ\AppData\Roaming\ExpressFiles
2013-03-15 12:17:59 -------- d-----w- C:\Program Files (x86)\ExpressFiles
2013-03-15 12:10:29 -------- d-----w- C:\ProgramData\CLSoft LTD
2013-03-15 12:10:25 -------- d-----w- C:\ProgramData\Premium
2013-03-15 12:10:23 -------- d-----w- C:\Program Files (x86)\MagniPic
2013-03-15 12:10:17 -------- d-----w- C:\ProgramData\MaggnIPieC
2013-03-15 12:10:16 -------- d-----w- C:\ProgramData\InstallMate
2013-03-14 06:58:33 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-13 17:46:50 -------- d--h--w- C:\Windows\msdownld.tmp
2013-03-13 17:46:49 -------- d-----w- C:\Windows\SysWow64\directx
2013-02-18 19:31:02 -------- d-----w- C:\Users\nothinQ\AppData\Roaming\Funmoods
.
==================== Find3M ====================
.
2013-03-12 21:17:05 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 21:17:05 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-06 10:38:36 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-03-06 10:38:36 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 22:46:44,92 ===============
Prosím o pomoc, jsem už bezradný
Kopíruji log RSIT a následně DDS:
Logfile of random's system information tool 1.09 (written by random/random)
Run by nothinQ at 2013-03-19 22:50:23
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 28 GB (18%) free of 157 GB
Total RAM: 4094 MB (79% free)
HijackThis download failed
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
taskmgr.exe /3
"C:\Users\nothinQ\Desktop\RSITx64.exe"
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3085540732-2805876386-3132524388-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3085540732-2805876386-3132524388-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
Shareaza Web Download Hook - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll [2011-02-12 99840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-03-07 1497560]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b7430e9-e659-4555-ac67-be3340aaa519}]
brothersoft afc Toolbar - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
Shareaza Web Download Hook - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll [2011-02-12 84992]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
Funmoods Helper Object - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll [2012-08-24 243664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7EC6757A-A0A7-1038-E54F-E723C37F6EDD}]
MaggnIPieC - C:\ProgramData\MaggnIPieC\5143173ea48aa.dll [2013-03-15 118272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88ac3cb6-596b-4217-964c-b6757ef9602d}]
express-files Toolbar - C:\Program Files (x86)\express-files\prxtbexp0.dll [2013-03-05 231168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
KMPlayer Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-03-07 1497560]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0b7430e9-e659-4555-ac67-be3340aaa519} - brothersoft afc Toolbar - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll [2011-05-09 176936]
{D4027C7F-154A-4066-A1AD-4243D8127440} - KMPlayer Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]
{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - Funmoods Toolbar - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll [2012-08-24 251856]
{88ac3cb6-596b-4217-964c-b6757ef9602d} - express-files Toolbar - C:\Program Files (x86)\express-files\prxtbexp0.dll [2013-03-05 231168]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-09 12666984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\nothinQ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
"OscarEditor"=C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [2011-02-11 3357696]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2013-03-15 1632680]
"Gadwin PrintScreen"=C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [2012-05-13 493776]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
"SearchProtect"=C:\Users\nothinQ\AppData\Roaming\SearchProtect\bin\cltmng.exe [2013-03-06 2731296]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-01-03 1391272]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SearchProtectAll"=C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2013-03-06 2731296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"Frank Nagl's Screenshotz"=C:\Program Files (x86)\Screenshotz\Screenshotz.exe [2009-04-23 137728]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-03-19 22:48:27 ----D---- C:\rsit
2013-03-19 22:48:27 ----D---- C:\Program Files\trend micro
2013-03-19 17:27:25 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2013-03-19 17:27:24 ----A---- C:\Windows\system32\drivers\aswSP.sys
2013-03-19 17:27:23 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2013-03-19 17:27:22 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2013-03-19 17:27:21 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2013-03-19 17:27:20 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-03-19 17:27:20 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-03-19 17:27:15 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2013-03-19 17:27:15 ----A---- C:\Windows\system32\aswBoot.exe
2013-03-19 17:26:16 ----A---- C:\Windows\avastSS.scr
2013-03-19 17:26:03 ----D---- C:\Program Files\AVAST Software
2013-03-19 17:24:51 ----D---- C:\ProgramData\AVAST Software
2013-03-19 17:07:42 ----SHD---- C:\Config.Msi
2013-03-18 14:44:40 ----D---- C:\Program Files (x86)\Screenshotz
2013-03-17 10:56:24 ----D---- C:\Program Files (x86)\PCSX2 1.0.0
2013-03-15 13:19:26 ----D---- C:\Program Files (x86)\express-files
2013-03-15 13:18:53 ----D---- C:\Program Files (x86)\SearchProtect
2013-03-15 13:18:46 ----D---- C:\Users\nothinQ\AppData\Roaming\SearchProtect
2013-03-15 13:18:14 ----D---- C:\ProgramData\Tarma Installer
2013-03-15 13:17:59 ----D---- C:\Users\nothinQ\AppData\Roaming\ExpressFiles
2013-03-15 13:17:59 ----D---- C:\Program Files (x86)\ExpressFiles
2013-03-15 13:10:29 ----D---- C:\ProgramData\CLSoft LTD
2013-03-15 13:10:25 ----D---- C:\ProgramData\Premium
2013-03-15 13:10:23 ----D---- C:\Program Files (x86)\MagniPic
2013-03-15 13:10:17 ----D---- C:\ProgramData\MaggnIPieC
2013-03-15 13:10:16 ----D---- C:\ProgramData\InstallMate
2013-03-14 07:58:33 ----A---- C:\Windows\system32\drivers\usb8023.sys
2013-03-14 07:52:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-14 07:52:42 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-14 07:52:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-14 07:52:40 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-14 07:52:39 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-14 07:52:39 ----A---- C:\Windows\system32\ieui.dll
2013-03-14 07:52:38 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-14 07:52:38 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-14 07:52:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-14 07:52:37 ----A---- C:\Windows\system32\url.dll
2013-03-14 07:52:36 ----A---- C:\Windows\system32\urlmon.dll
2013-03-14 07:52:35 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-14 07:52:35 ----A---- C:\Windows\system32\jscript9.dll
2013-03-14 07:52:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-14 07:52:34 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-14 07:52:33 ----A---- C:\Windows\system32\wininet.dll
2013-03-14 07:52:32 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-14 07:52:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-14 07:52:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-14 07:52:31 ----A---- C:\Windows\system32\vbscript.dll
2013-03-14 07:52:30 ----A---- C:\Windows\system32\jscript.dll
2013-03-14 07:52:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-14 07:52:29 ----A---- C:\Windows\system32\iertutil.dll
2013-03-14 07:52:27 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-14 07:52:09 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-14 07:52:03 ----A---- C:\Windows\system32\mshtml.dll
2013-03-14 07:52:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-14 07:52:02 ----A---- C:\Windows\system32\ieframe.dll
2013-03-13 18:46:50 ----HD---- C:\Windows\msdownld.tmp
2013-03-13 18:46:49 ----D---- C:\Windows\SYSWOW64\directx
======List of files/folders modified in the last 1 month======
2013-03-19 22:50:23 ----A---- C:\Windows\ntbtlog.txt
2013-03-19 22:50:22 ----D---- C:\Windows\Temp
2013-03-19 22:48:27 ----RD---- C:\Program Files
2013-03-19 21:29:49 ----D---- C:\ProgramData\NVIDIA
2013-03-19 21:29:42 ----D---- C:\Windows\system32\wbem
2013-03-19 21:29:42 ----D---- C:\Windows
2013-03-19 21:28:47 ----D---- C:\Program Files (x86)\Steam
2013-03-19 21:28:45 ----SHD---- C:\Windows\Installer
2013-03-19 21:28:45 ----HD---- C:\ProgramData
2013-03-19 21:28:45 ----D---- C:\Windows\system32\Tasks
2013-03-19 21:28:45 ----D---- C:\Windows\system32\NDF
2013-03-19 21:28:45 ----D---- C:\Windows\system32\DriverStore
2013-03-19 21:28:45 ----D---- C:\Windows\system32\drivers
2013-03-19 21:28:45 ----D---- C:\Windows\system32\CodeIntegrity
2013-03-19 21:28:45 ----D---- C:\Windows\system32\catroot2
2013-03-19 21:28:45 ----D---- C:\Windows\System32
2013-03-19 21:28:45 ----D---- C:\Windows\inf
2013-03-19 21:28:45 ----D---- C:\ProgramData\McAfee Security Scan
2013-03-19 21:28:44 ----D---- C:\Windows\Tasks
2013-03-19 21:28:44 ----D---- C:\Windows\SysWOW64
2013-03-19 21:28:44 ----D---- C:\Windows\system32\wfp
2013-03-19 21:28:43 ----D---- C:\Windows\winsxs
2013-03-19 21:28:43 ----D---- C:\Windows\registration
2013-03-19 17:31:56 ----D---- C:\Windows\Prefetch
2013-03-19 17:26:49 ----D---- C:\Windows\system32\config
2013-03-19 17:25:59 ----SHD---- C:\System Volume Information
2013-03-19 17:25:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-19 17:11:07 ----D---- C:\Program Files\ESET
2013-03-18 21:04:45 ----RD---- C:\Program Files (x86)
2013-03-17 11:35:49 ----D---- C:\Hry
2013-03-17 09:20:13 ----D---- C:\Users\nothinQ\AppData\Roaming\TS3Client
2013-03-15 13:21:53 ----SH---- C:\Program Files (x86)\desktop.ini
2013-03-15 12:32:51 ----D---- C:\Users\nothinQ\AppData\Roaming\DAEMON Tools Lite
2013-03-15 03:18:08 ----D---- C:\Windows\SYSWOW64\migration
2013-03-15 03:18:08 ----D---- C:\Windows\system32\migration
2013-03-15 03:18:08 ----D---- C:\Program Files\Internet Explorer
2013-03-15 03:18:08 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-14 07:54:46 ----D---- C:\Windows\system32\catroot
2013-03-14 07:54:34 ----A---- C:\Windows\system32\MRT.exe
2013-03-13 20:03:16 ----SD---- C:\Users\nothinQ\AppData\Roaming\Microsoft
2013-03-13 20:03:08 ----D---- C:\Program Files (x86)\Common Files
2013-03-13 18:46:51 ----D---- C:\Windows\Logs
2013-03-12 22:17:05 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-03-06 11:38:36 ----A---- C:\Windows\SYSWOW64\msvcr100.dll
2013-03-06 11:38:36 ----A---- C:\Windows\SYSWOW64\msvcp100.dll
2013-03-02 04:53:16 ----D---- C:\Program Files (x86)\Google
2013-02-27 21:40:25 ----RD---- C:\Users
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-03-07 65336]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2012-02-28 132704]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-28 283200]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
S0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-03-07 70992]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-03-07 1025808]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-03-07 377920]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-03-07 68920]
S1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 mbmiodrvr;mbmiodrvr; \??\C:\Windows\syswow64\mbmiodrvr.sys [2004-04-10 4608]
S1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
S1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-03-07 33400]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-03-07 80816]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-03-07 178624]
S3 cpuz135;cpuz135; \??\C:\Users\nothinQ\AppData\Local\Temp\cpuz135\cpuz135_x64.sys []
S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2011-07-29 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2011-07-29 8456]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-12 3053160]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-03-06 93984]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-20 116648]
S2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 253656]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-20 116648]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-02-25 543144]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-28 1255736]
-----------------EOF-----------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 9.0.8112.16470
Run by nothinQ at 22:45:54 on 2013-03-19
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4094.3172 [GMT 1:00]
.
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921&SearchSource=61&CUI=UN23667707066272325&UM=2&UP=SP519F4821-6B0C-453F-B9ED-08164039354C
mStart Page = hxxp://searchou.com/?affil=7&uid=37ee7fab-8d69-11e2-ae70-6cf049d07a27
uURLSearchHooks: brothersoft afc Toolbar: {0b7430e9-e659-4555-ac67-be3340aaa519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
uURLSearchHooks: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexp0.dll
mURLSearchHooks: brothersoft afc Toolbar: {0b7430e9-e659-4555-ac67-be3340aaa519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
mURLSearchHooks: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexp0.dll
mWinlogon: Userinit = userinit.exe
BHO: brothersoft afc Toolbar: {0b7430e9-e659-4555-ac67-be3340aaa519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
BHO: MaggnIPieC: {7EC6757A-A0A7-1038-E54F-E723C37F6EDD} - C:\ProgramData\MaggnIPieC\5143173ea48aa.dll
BHO: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexp0.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: brothersoft afc Toolbar: {0B7430E9-E659-4555-AC67-BE3340AAA519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
TB: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: brothersoft afc Toolbar: {0b7430e9-e659-4555-ac67-be3340aaa519} - C:\Program Files (x86)\brothersoft_afc\prxtbbro0.dll
TB: KMPlayer Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
TB: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexp0.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\nothinQ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [SearchProtect] C:\Users\nothinQ\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Frank Nagl's Screenshotz] C:\Program Files (x86)\Screenshotz\Screenshotz.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{A6142A61-D20B-408D-A7AB-5B49C769DAA0} : DHCPNameServer = 10.0.0.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0DtDyB0AtByBzz0F0ByDtN0D0Tzu0StBtAyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1034915140
x64-BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-19 65336]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-2-28 132704]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-28 283200]
S0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-19 1025808]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-19 377920]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-19 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-19 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-19 45248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-3-6 93984]
S2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" --> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [?]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-19 178624]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-2-28 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-2-28 9096]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-26 565352]
S3 StorSvc;Služba úložiště;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-28 59392]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-28 1255736]
.
=============== Created Last 30 ================
.
2013-03-19 16:31:50 -------- d-----w- C:\Users\nothinQ\AppData\Local\ElevatedDiagnostics
2013-03-19 16:27:23 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-19 16:27:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-19 16:27:20 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-19 16:27:20 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-19 16:27:15 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-19 16:26:16 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-19 16:26:03 -------- d-----w- C:\Program Files\AVAST Software
2013-03-19 16:24:51 -------- d-----w- C:\ProgramData\AVAST Software
2013-03-19 07:46:41 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3BE7462-4F6F-42AC-94E6-95C8C5BC0C79}\mpengine.dll
2013-03-18 13:44:40 -------- d-----w- C:\Users\nothinQ\AppData\Local\Screenshotz
2013-03-18 13:44:40 -------- d-----w- C:\Program Files (x86)\Screenshotz
2013-03-17 09:56:24 -------- d-----w- C:\Program Files (x86)\PCSX2 1.0.0
2013-03-15 12:19:26 -------- d-----w- C:\Program Files (x86)\express-files
2013-03-15 12:18:53 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-03-15 12:18:46 -------- d-----w- C:\Users\nothinQ\AppData\Roaming\SearchProtect
2013-03-15 12:18:44 -------- d-----w- C:\Users\nothinQ\AppData\Local\CRE
2013-03-15 12:18:14 -------- d-----w- C:\ProgramData\Tarma Installer
2013-03-15 12:17:59 -------- d-----w- C:\Users\nothinQ\AppData\Roaming\ExpressFiles
2013-03-15 12:17:59 -------- d-----w- C:\Program Files (x86)\ExpressFiles
2013-03-15 12:10:29 -------- d-----w- C:\ProgramData\CLSoft LTD
2013-03-15 12:10:25 -------- d-----w- C:\ProgramData\Premium
2013-03-15 12:10:23 -------- d-----w- C:\Program Files (x86)\MagniPic
2013-03-15 12:10:17 -------- d-----w- C:\ProgramData\MaggnIPieC
2013-03-15 12:10:16 -------- d-----w- C:\ProgramData\InstallMate
2013-03-14 06:58:33 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-13 17:46:50 -------- d--h--w- C:\Windows\msdownld.tmp
2013-03-13 17:46:49 -------- d-----w- C:\Windows\SysWow64\directx
2013-02-18 19:31:02 -------- d-----w- C:\Users\nothinQ\AppData\Roaming\Funmoods
.
==================== Find3M ====================
.
2013-03-12 21:17:05 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 21:17:05 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-06 10:38:36 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-03-06 10:38:36 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 22:46:44,92 ===============
v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate
. Momentálně pracuju v režimu nouze a soubory si posílám přes flashku na notebook. Momentálně zatím probíhá operace.