VIRY.CZ

Dobrý den! Před pár dny, kdy jsem mazal nějaké složky z počítače mi systém hlásil, že složka je sdílená a jejím smazáním nebude možno již číst. Jednalo se o nějaké zálohy konfiguračních souborů nesouvisejících s tímto počítačem a win vůbec. Když jsem jednotlivé soubory otevíral pomocí PSPad Editor, byly všechny změněné na stejnou konfiguraci, přesto, že se jednalo o zcela odlišné soubory. Když jsem však zvolil přes tcmd náhled, složka byla nezměněná. To sdílení složek ale mě opravdu vyděsilo a pojal jsem podezření na to, že se někdo k počítači připojuje. Osobně jsem žádné sdílení totiž nenastavoval. Původní AVG, které nic nenašlo, jsem vyměnil za Avast se stejným výsledkem a win firewall za Comodo. Můžete mi, prosím, zkontrolovat log? Jiné podezřelé chování PC nezaznamenávám.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Chmelík at 2014-04-14 13:11:29
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 21 GB (14%) free of 153 GB
Total RAM: 3327 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:11:39, on 14.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe
C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\USB_video_device\Driver\Driver32\emmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Chmelík\AppData\Roaming\Wandoujia2\Applications\2.69.0.5457\wandoujia_helper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Users\Chmelík\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\Comodo\COMODO Internet Security\CIS.exe
C:\Users\Chmelík\AppData\Local\Opera\Opera\temporary_downloads\RSIT (1).exe
C:\Program Files\trend micro\Chmelík.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Chmelík\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Chmelík\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PrivDogExtension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [PrivDogService] "C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chmelík\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2282636475-4151022380-181368577-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2282636475-4151022380-181368577-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: wandoujia_helper.lnk = ?
O4 - Global Startup: emMon.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\Comodo\GeekBuddy\launcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: QipGuard - QIP.ru - C:\Program Files\QipGuard\QipGuard.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 10142 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2282636475-4151022380-181368577-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2282636475-4151022380-181368577-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default

prefs.js - "browser.startup.homepage" - "http://seznam.cz"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\extensions\
{32a1fd71-835e-4b11-8e54-886fda0b4c89}

C:\Users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-14 597816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Chmelík\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-10-12 142288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-10 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}]
PrivDog Extension - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll [2013-11-15 744616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-12-20 7711264]
"Turbo Key"=C:\Program Files\ASUS\Turbo Key\TurboKey.exe [2009-06-02 1769472]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"tvncontrol"=C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2014-02-27 2327248]
"PrivDogService"=C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe [2013-11-15 525480]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-14 3854640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-12-21 39408]
""= []
"Google Update"=C:\Users\Chmelík\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 1821576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10 1313640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-03-06 488984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Labtec\WebCam10\WebCam10.exe [2007-03-06 1060376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSetup]
C:\Program Files\Labtec\WebCamWebInstall\Setup\Setup.exe [2007-03-06 620056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-12-21 1090040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2012-02-28 190768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Chmelík\AppData\Roaming\QipGuard\QipGuard.exe [2011-10-12 191440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-12-21 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Chmelík^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
emMon.lnk - C:\Program Files\USB_video_device\Driver\Driver32\emmon.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Start GeekBuddy.lnk - C:\Program Files\Comodo\GeekBuddy\launcher.exe

C:\Users\Chmelík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
wandoujia_helper.lnk - C:\Users\Chmelík\AppData\Roaming\Wandoujia2\Applications\2.69.0.5457\wandoujia_helper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-04-14 13:11:05 ----D---- C:\Program Files\trend micro
2014-04-14 13:11:04 ----D---- C:\rsit
2014-04-14 11:33:21 ----D---- C:\Program Files\Advanced Fix 2013
2014-04-14 09:35:27 ----D---- C:\Users\Chmelík\AppData\Roaming\AVAST Software
2014-04-14 09:33:59 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-04-14 09:33:58 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-04-14 09:33:56 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2014-04-14 09:33:55 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-04-14 09:33:55 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-04-14 09:33:53 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-04-14 09:33:50 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-04-14 09:33:43 ----A---- C:\Windows\system32\aswBoot.exe
2014-04-14 09:33:37 ----A---- C:\Windows\avastSS.scr
2014-04-14 09:32:54 ----D---- C:\Program Files\AVAST Software
2014-04-14 09:16:03 ----HD---- C:\VTRoot
2014-04-14 09:16:02 ----A---- C:\Windows\system32\drivers\fvstore.dat
2014-04-14 09:11:05 ----D---- C:\ProgramData\AVAST Software
2014-04-10 22:47:16 ----SD---- C:\ProgramData\Shared Space
2014-04-10 22:46:57 ----D---- C:\Program Files\AdTrustMedia
2014-04-10 22:46:56 ----D---- C:\ProgramData\Adtrustmedia
2014-04-10 22:46:45 ----D---- C:\Program Files\Common Files\COMODO
2014-04-10 22:46:33 ----A---- C:\Windows\system32\certsentry.dll
2014-04-10 22:46:27 ----D---- C:\Program Files\Comodo
2014-04-10 22:46:20 ----D---- C:\ProgramData\Comodo Downloader
2014-04-10 22:42:00 ----D---- C:\ProgramData\Comodo
2014-04-10 08:37:21 ----A---- C:\Windows\system32\WinUSBCoInstaller2.dll
2014-04-10 08:37:21 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2014-04-10 08:37:21 ----A---- C:\Windows\system32\USBCoInstaller.dll
2014-03-29 20:04:28 ----D---- C:\Program Files\Mozilla Firefox
2014-03-25 20:22:50 ----A---- C:\Windows\system32\drivers\inspect.sys
2014-03-25 20:22:50 ----A---- C:\Windows\system32\drivers\cmdhlp.sys
2014-03-25 20:22:48 ----A---- C:\Windows\system32\drivers\cmdguard.sys
2014-03-25 20:22:48 ----A---- C:\Windows\system32\drivers\cmderd.sys
2014-03-25 20:22:38 ----A---- C:\Windows\system32\guard32.dll
2014-03-25 20:22:38 ----A---- C:\Windows\system32\cmdcsr.dll
2014-03-25 20:22:26 ----A---- C:\Windows\system32\cmdvrt32.dll
2014-03-25 20:22:24 ----A---- C:\Windows\system32\cmdkbd32.dll
2014-03-22 23:06:29 ----D---- C:\Program Files\Flash_Tools
2014-03-22 22:46:42 ----D---- C:\Program Files\FlashTools

======List of files/folders modified in the last 1 month======

2014-04-14 13:11:39 ----D---- C:\Windows\Prefetch
2014-04-14 13:11:32 ----D---- C:\Windows\Temp
2014-04-14 13:11:05 ----RD---- C:\Program Files
2014-04-14 12:24:36 ----D---- C:\Windows\system32\config
2014-04-14 09:46:18 ----D---- C:\ProgramData\AVG2013
2014-04-14 09:46:17 ----D---- C:\ProgramData\MFAData
2014-04-14 09:45:36 ----SHD---- C:\Windows\Installer
2014-04-14 09:45:35 ----HD---- C:\Config.Msi
2014-04-14 09:45:16 ----SHD---- C:\System Volume Information
2014-04-14 09:41:59 ----D---- C:\Windows\system32\drivers
2014-04-14 09:35:26 ----D---- C:\Windows\inf
2014-04-14 09:34:07 ----D---- C:\Windows\system32\Tasks
2014-04-14 09:33:44 ----D---- C:\Windows\winsxs
2014-04-14 09:33:43 ----D---- C:\Windows\System32
2014-04-14 09:33:42 ----D---- C:\Windows
2014-04-14 09:27:34 ----D---- C:\ProgramData\NVIDIA
2014-04-14 09:26:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-14 09:11:05 ----HD---- C:\ProgramData
2014-04-14 08:47:38 ----D---- C:\Users\Chmelík\AppData\Roaming\Media Player Classic
2014-04-14 08:47:38 ----D---- C:\Users\Chmelík\AppData\Roaming\DAEMON Tools Lite
2014-04-14 08:47:16 ----D---- C:\Windows\Minidump
2014-04-14 08:47:16 ----D---- C:\Windows\Logs
2014-04-14 08:44:43 ----D---- C:\Program Files\CCleaner
2014-04-10 22:48:00 ----D---- C:\Windows\system32\DriverStore
2014-04-10 22:48:00 ----D---- C:\Windows\system32\catroot
2014-04-10 22:46:45 ----D---- C:\Program Files\Common Files
2014-04-10 22:35:30 ----D---- C:\Users\Chmelík\AppData\Roaming\Skype
2014-04-10 13:01:00 ----D---- C:\Users\Chmelík\AppData\Roaming\Wandoujia2
2014-04-10 08:37:21 ----D---- C:\Users\Chmelík\AppData\Roaming\WandoujiaUsbDriver
2014-04-08 15:22:39 ----D---- C:\Install
2014-04-07 12:33:13 ----D---- C:\Windows\system32\catroot2
2014-04-01 07:32:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-03-22 23:06:13 ----A---- C:\Windows\IFinst27.exe
2014-03-20 09:38:46 ----D---- C:\Users\Chmelík\AppData\Roaming\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-04-14 180760]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-31 428088]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-18 12400]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-04-14 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-04-14 776976]
R1 CFRMD;CFRMD; C:\Windows\system32\DRIVERS\CFRMD.sys [2013-05-07 35064]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2014-03-25 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2014-03-25 607168]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2014-03-25 43728]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver; C:\Windows\system32\DRIVERS\hmd.sys [2013-10-07 15400]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2014-03-25 92656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-04-14 67824]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 3xHybrid;3xHybrid service; C:\Windows\system32\DRIVERS\3xHybrid.sys [2005-04-08 709632]
R3 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-04-14 67264]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-12-20 2752352]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-03-06 41376]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-14 6504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2011-07-08 139880]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-12-21 47360]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2004-02-24 10368]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-03-06 491168]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-08-01 40936]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R4 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys []
R4 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys []
R4 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys []
R4 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys []
R4 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys []
S0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-04-14 49944]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-04-14 411552]
S2 WFPVRENC;WinFast PVR2000 MPEG Encoder; C:\Windows\system32\drivers\wfpvrenc.sys [2006-11-28 299392]
S2 WFPVRTUNER;WinFast PVR2000 WDM Tuner; C:\Windows\system32\drivers\wfpvrtun.sys [2006-11-28 33408]
S2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture; C:\Windows\system32\drivers\wfpvrcap.sys [2006-11-28 162688]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\E:\Flashka\Komerční\AIDA64 Extreme 1.85_portable\kerneld.x32 []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2013-05-11 25088]
S3 lqisbiwa;lqisbiwa; C:\Windows\system32\drivers\lqisbiwa.sys []
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-11-09 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-11-09 23168]
S3 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2012-06-14 35088]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-11-09 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-11-09 8192]
S3 vbggqefv;vbggqefv; C:\Windows\system32\drivers\vbggqefv.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WFPVRBAR;WinFast PVR2000 WDM Crossbar; C:\Windows\system32\drivers\WFPVRBAR.sys [2006-11-28 9728]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-14 50344]
R2 CLPSLauncher;COMODO LPS Launcher; C:\Program Files\Common Files\COMODO\launcher_service.exe [2014-02-27 70352]
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-03-25 5302384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2014-01-28 2135232]
R2 GeekBuddyRSP;GeekBuddyRSP Server; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2014-02-27 2327248]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1136448]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2011-10-12 191440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-03-06 105248]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-17 194032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-29 119408]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Zdravím, přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update (gupdate)
Služba Google Update (gupdatem)
Google Software Updater (gusvc)
NBService
QipGuard

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.

V Plánovači úloh zakaž Google Update bude to tam několikrát.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.

Pak použij Mbam z mého podpisu a také mi sem z něj dej log, předem nic nemazat !

Zdravím! Zde je log z AdwCleaner.

# AdwCleaner v3.023 - Report created 16/04/2014 at 08:51:04
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Chmelík - CHMELIK-PC
# Running from : C:\Users\Chmelík\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Chmelík\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
File Found : C:\Users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\searchplugins\qip-search.xml
Folder Found : C:\Users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\Extensions\{32A1FD71-835E-4B11-8E54-886FDA0B4C89}
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\Users\Chmelík\AppData\Local\TempDir
Folder Found C:\Users\Chmelík\AppData\Roaming\OpenCandy

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_advanced-ip-scanner_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_advanced-ip-scanner_RASMANCS
Key Found : HKLM\Software\TENCENT

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.qip.ru
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://search.qip.ru/ie
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.qip.ru
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://qip.ru
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://search.qip.ru/ie

-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\prefs.js ]

Line Found : user_pref("keyword.URL", "hxxp://search.qip.ru/search?from=FF&query=");

-\\ Google Chrome v

[ File : C:\Users\Chmelík\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2907 octets] - [16/04/2014 08:51:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2967 octets] ##########

Mbam stále ještě scanuje.

Zde je log Mbam

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 16.4.2014
Čas skenování: 10:40:05
Protokol: výsledek Mbam.txt
Správce: Ano

Verze: 2.00.1.1004
Databáze malwaru: v2014.04.16.04
Databáze rootkitů: v2014.03.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Chameleon: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: ChmelAk

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 376009
Uplynulý čas: 1 hod, 38 min, 58 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Sken hloubkových rootkitů: Zapnuto
Shuriken: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-2282636475-4151022380-181368577-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [5da3847cd52bbb457935e2873bc79b65],

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 2
PUP.Optional.OpenCandy, C:\Users\ChmelAk\AppData\Roaming\OpenCandy, , [b64a8b75dc24b05004d41b41f909619f],
PUP.Optional.OpenCandy, C:\Users\ChmelAk\AppData\Roaming\OpenCandy\313A698FCAD64CD087D53339FC7570C0, , [b64a8b75dc24b05004d41b41f909619f],

Soubory: 3
Trojan.Downloader, C:\Install\Alcohol_120__1.9.8.7612.rar, , [ea16cb3501ff1ee22b060afcc73d25db],
Trojan.Downloader, E:\Install\Alcohol_120__1.9.8.7612.rar, , [847c5aa610f0ef11d859b650d62ed828],
PUP.Optional.OpenCandy, C:\Users\ChmelAk\AppData\Roaming\OpenCandy\313A698FCAD64CD087D53339FC7570C0\pokkiInstaller.exe, , [b64a8b75dc24b05004d41b41f909619f],

Fyzické sektory: 0
(No malicious items detected)

(end)

Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.

To co Mbam našel nech vše smazat a pak mi sem dej zase log.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

Zde je log z AdwCleaner po čištění

# AdwCleaner v3.023 - Report created 17/04/2014 at 11:01:52
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Chmelík - CHMELIK-PC
# Running from : C:\Users\Chmelík\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Chmelík\AppData\Local\TempDir
Folder Deleted : C:\Users\Chmelík\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\Extensions\{32A1FD71-835E-4B11-8E54-886FDA0B4C89}
File Deleted : C:\Users\Chmelík\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
File Deleted : C:\Users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\searchplugins\qip-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_advanced-ip-scanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_advanced-ip-scanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\TENCENT

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\prefs.js ]

Line Deleted : user_pref("keyword.URL", "hxxp://search.qip.ru/search?from=FF&query=");

-\\ Google Chrome v

[ File : C:\Users\Chmelík\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3047 octets] - [16/04/2014 08:51:04]
AdwCleaner[S0].txt - [2919 octets] - [17/04/2014 11:01:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2979 octets] ##########

Jelikož Mbam v základním vyhledávání nic nenašel, spustil jsem, stejně jako včera, vlastní a prohledání celého PC včetně Rootkitů. Tak to potrvá opět přes hodinu.

Bigmen píše:Tak to potrvá opět přes hodinu.

V pohodě času dost

výsledek Mbam

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 17.4.2014
Čas skenování: 14:50:40
Protokol: scan mban2.txt
Správce: Ano

Verze: 2.00.1.1004
Databáze malwaru: v2014.04.17.03
Databáze rootkitů: v2014.03.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Chameleon: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: ChmelAk

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 376990
Uplynulý čas: 1 hod, 34 min, 48 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Sken hloubkových rootkitů: Zapnuto
Shuriken: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 0
(No malicious items detected)

Soubory: 0
(No malicious items detected)

Fyzické sektory: 0
(No malicious items detected)

(end)

Nemohu spustit combofix. Resp. spustím jako správce, proběhne krátce tabulka, pak bez jakéhokoliv potvrzování, instalování konzole apod. naskočí tabulka modrá. Pak pokus o vytvoření bodu obnovení. Pak nápis, že připravuje start a upozornění, že prohledávání počítače může trvat 10 min. či déle v závislosti na napadení počítače. Chvíli nic a za chvíli nápis, že byl odepřen přístup. Firewall Comodo i windowsácký vypnutý, antivir avast taktéž. Jiné zabezpečení nemám. Nevím, co dělám blbě. Prostě to spuštění Conbofixu je naprosto odlišné, než je popisováno v obrázkovém návodu, který jsem si také prohlédl.

Bigmen píše:Nemohu spustit combofix.

Zkus to v Nouzovém režimu.

Konečně log z combofixu - nouzový režim fungoval

ComboFix 14-04-17.01 - Chmelík 17.04.2014 22:29:47.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3327.2772 [GMT 2:00]
Spuštěný z: c:\users\Chmelík\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-17 do 2014-04-17 )))))))))))))))))))))))))))))))
.
.
2014-04-17 20:35 . 2014-04-17 20:35 -------- d-----w- c:\users\Chmelík\AppData\Local\temp
2014-04-17 20:35 . 2014-04-17 20:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-17 20:35 . 2014-04-17 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-17 20:14 . 2014-04-17 20:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{486A9921-4B35-40E1-BE5A-83572714F9C6}\offreg.dll
2014-04-16 09:58 . 2014-04-16 09:58 -------- d-----w- c:\program files\Common Files\COMODO
2014-04-16 06:58 . 2014-04-17 11:15 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 06:57 . 2014-04-16 06:57 -------- d-----w- c:\programdata\Malwarebytes
2014-04-16 06:57 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 06:57 . 2014-04-03 07:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 06:57 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-16 06:57 . 2014-04-16 06:57 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-16 06:56 . 2014-04-16 06:56 -------- d-----w- c:\users\Chmelík\AppData\Local\Programs
2014-04-16 06:50 . 2014-04-17 09:01 -------- d-----w- C:\AdwCleaner
2014-04-14 11:11 . 2014-04-14 11:11 -------- d-----w- c:\program files\trend micro
2014-04-14 11:11 . 2014-04-14 11:11 -------- d-----w- C:\rsit
2014-04-14 09:33 . 2014-04-14 09:35 -------- d-----w- c:\program files\Advanced Fix 2013
2014-04-14 07:44 . 2014-04-14 07:46 -------- d-----w- c:\users\Chmelík\AppData\Local\Avg2013
2014-04-14 07:35 . 2014-04-14 07:35 -------- d-----w- c:\users\Chmelík\AppData\Roaming\AVAST Software
2014-04-14 07:33 . 2014-04-14 07:33 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-14 07:33 . 2014-04-14 07:33 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-14 07:33 . 2014-04-14 07:33 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-14 07:33 . 2014-04-14 07:33 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-14 07:33 . 2014-04-14 07:33 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-14 07:33 . 2014-04-14 07:33 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-14 07:33 . 2014-04-14 07:33 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-14 07:33 . 2014-04-14 07:33 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-14 07:33 . 2014-04-14 07:33 43152 ----a-w- c:\windows\avastSS.scr
2014-04-14 07:32 . 2014-04-14 07:32 -------- d-----w- c:\program files\AVAST Software
2014-04-14 07:16 . 2014-04-14 07:16 -------- d-----w- C:\VTRoot
2014-04-14 07:16 . 2014-04-14 07:19 79018 ----a-w- c:\windows\system32\drivers\fvstore.dat
2014-04-14 07:11 . 2014-04-14 07:11 -------- d-----w- c:\programdata\AVAST Software
2014-04-10 20:47 . 2014-04-10 20:48 -------- d-s---w- c:\programdata\Shared Space
2014-04-10 20:46 . 2014-04-10 20:46 -------- d-----w- c:\program files\AdTrustMedia
2014-04-10 20:46 . 2014-04-10 20:46 -------- d-----w- c:\programdata\Adtrustmedia
2014-04-10 20:46 . 2014-04-10 20:46 -------- d-----w- c:\users\Chmelík\AppData\Local\Comodo
2014-04-10 20:46 . 2014-04-10 20:46 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-04-10 20:46 . 2014-04-10 20:47 -------- d-----w- c:\program files\Comodo
2014-04-10 20:46 . 2014-04-10 20:46 -------- d-----w- c:\programdata\Comodo Downloader
2014-04-10 20:42 . 2014-04-10 20:48 -------- d-----w- c:\programdata\Comodo
2014-04-10 06:37 . 2014-04-10 06:37 850352 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-04-10 06:37 . 2014-04-10 06:37 54704 ----a-w- c:\windows\system32\USBCoInstaller.dll
2014-04-10 06:37 . 2014-04-10 06:37 1461168 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-03-25 18:22 . 2014-03-25 18:22 92656 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-03-25 18:22 . 2014-03-25 18:22 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-03-25 18:22 . 2014-03-25 18:22 607168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2014-03-25 18:22 . 2014-03-25 18:22 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-03-25 18:22 . 2014-03-25 18:22 363504 ----a-w- c:\windows\system32\guard32.dll
2014-03-25 18:22 . 2014-03-25 18:22 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 18:22 . 2014-03-25 18:22 284888 ----a-w- c:\windows\system32\cmdvrt32.dll
2014-03-25 18:22 . 2014-03-25 18:22 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2014-03-22 21:06 . 2014-03-22 21:06 -------- d-----w- c:\program files\Flash_Tools
2014-03-22 20:46 . 2014-03-22 20:46 -------- d-----w- c:\program files\FlashTools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-22 21:06 . 2013-12-01 13:13 65536 ----a-w- c:\windows\IFinst27.exe
2014-03-12 17:40 . 2012-07-13 07:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 17:40 . 2011-12-20 14:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 20:07 . 2014-03-11 20:07 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2014-03-11 12:25 . 2014-03-11 12:25 384 ----a-w- c:\users\Chmelík\advanced_ip_scanner_MAC.bin
2014-03-11 12:25 . 2014-03-11 12:25 384 ----a-w- c:\users\Chmelík\advanced_ip_scanner_MAC.bin
2012-01-21 09:35 . 2012-01-21 09:35 7738752 ----a-w- c:\program files\ipscan20.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-14 07:33 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-20 7711264]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-06-02 1769472]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PrivDogService"="c:\program files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe" [2013-11-15 525480]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1225944]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-14 3854640]
"tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2014-03-20 2327248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
emMon.lnk - c:\program files\USB_video_device\Driver\Driver32\emmon.exe [2011-12-20 65536]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2014-3-20 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^Chmelík^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
path=c:\users\Chmelík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Chmelík^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk]
path=c:\users\Chmelík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk
backup=c:\windows\pss\wandoujia_helper.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2013-07-13 12:41 116648 ----atw- c:\users\Chmelík\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 14:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2011-08-10 15:39 1313640 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-03-06 15:48 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-03-06 15:58 1060376 ----a-w- c:\program files\Labtec\WebCam10\WebCam10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSetup]
2007-03-06 15:46 620056 ----a-w- c:\program files\Labtec\WebCamWebInstall\Setup\Setup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-12-21 16:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
2011-10-12 17:35 191440 ----a-w- c:\users\Chmelík\AppData\Roaming\QipGuard\QipGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-12-21 16:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-04-14 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-04-14 411552]
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2013-05-07 35064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2014-03-25 607168]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys [2013-10-07 15400]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-14 67824]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [2014-03-20 70352]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2014-01-28 2135232]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [2014-03-20 2327248]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder;c:\windows\system32\drivers\wfpvrenc.sys [2006-11-28 299392]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;c:\windows\system32\drivers\wfpvrtun.sys [2006-11-28 33408]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;c:\windows\system32\drivers\wfpvrcap.sys [2006-11-28 162688]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-04-08 709632]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;e:\flashka\Komerční\AIDA64 Extreme 1.85_portable\kerneld.x32 [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-04-14 67264]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2013-05-11 25088]
R3 lqisbiwa;lqisbiwa; [x]
R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2012-06-14 35088]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-12-21 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 vbggqefv;vbggqefv; [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;c:\windows\system32\drivers\WFPVRBAR.sys [2006-11-28 9728]
R4 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [2011-10-12 191440]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2014-03-25 20072]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2014-03-25 43728]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 16:54]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 16:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - c:\program files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - ExtSQL: 2014-04-10 22:47; PrivDog@AdTrustMedia.com; c:\users\ChmelĂk\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\extensions\PrivDog@AdTrustMedia.com.xpi
FF - ExtSQL: !HIDDEN! 2011-12-22 20:20; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\e:\flashka\Komerční\AIDA64 Extreme 1.85_portable\kerneld.x32"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2282636475-4151022380-181368577-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}*]
"pahpjcpdjladbnpclaechbfdopiccmef"=hex:61,61,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Celkový čas: 2014-04-17 22:36:53
ComboFix-quarantined-files.txt 2014-04-17 20:36
.
Před spuštěním: Volných bajtů: 24 219 119 616
Po spuštění: Volných bajtů: 24 151 793 664
.
- - End Of File - - E4581EE82D5F2738080959E69B21AA72
A36C5E4F47E84449FF07ED3517B43A31

Odinstaluj QipGuard

Přesuň Combofix na Místní disk C:

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Driver:: 
lqisbiwa
vbggqefv

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na Místní disk C:,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Počítač jsem musel opět spustit v nouzovém režimu a naběhl po restartu bez problémů.
Zde je log:

ComboFix 14-04-17.01 - Chmelík 20.04.2014 9:12.2.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3327.2718 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_lqisbiwa
-------\Service_vbggqefv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-20 do 2014-04-20 )))))))))))))))))))))))))))))))
.
.
2014-04-20 07:17 . 2014-04-20 07:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-20 07:17 . 2014-04-20 07:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-20 07:00 . 2014-04-20 07:19 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{486A9921-4B35-40E1-BE5A-83572714F9C6}\offreg.dll
2014-04-17 21:20 . 2014-04-17 21:20 -------- d-----w- c:\program files\PSPad editor
2014-04-17 20:36 . 2014-04-20 07:19 -------- d-----w- c:\users\Chmelík\AppData\Local\temp
2014-04-16 09:58 . 2014-04-16 09:58 -------- d-----w- c:\program files\Common Files\COMODO
2014-04-16 06:58 . 2014-04-17 11:15 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 06:57 . 2014-04-16 06:57 -------- d-----w- c:\programdata\Malwarebytes
2014-04-16 06:57 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 06:57 . 2014-04-03 07:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 06:57 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-16 06:57 . 2014-04-16 06:57 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-16 06:56 . 2014-04-16 06:56 -------- d-----w- c:\users\Chmelík\AppData\Local\Programs
2014-04-16 06:50 . 2014-04-17 09:01 -------- d-----w- C:\AdwCleaner
2014-04-14 11:11 . 2014-04-14 11:11 -------- d-----w- c:\program files\trend micro
2014-04-14 11:11 . 2014-04-14 11:11 -------- d-----w- C:\rsit
2014-04-14 09:33 . 2014-04-14 09:35 -------- d-----w- c:\program files\Advanced Fix 2013
2014-04-14 07:44 . 2014-04-14 07:46 -------- d-----w- c:\users\Chmelík\AppData\Local\Avg2013
2014-04-14 07:35 . 2014-04-14 07:35 -------- d-----w- c:\users\Chmelík\AppData\Roaming\AVAST Software
2014-04-14 07:33 . 2014-04-14 07:33 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-14 07:33 . 2014-04-14 07:33 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-14 07:33 . 2014-04-14 07:33 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-14 07:33 . 2014-04-14 07:33 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-14 07:33 . 2014-04-14 07:33 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-14 07:33 . 2014-04-14 07:33 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-14 07:33 . 2014-04-14 07:33 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-14 07:33 . 2014-04-14 07:33 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-14 07:33 . 2014-04-14 07:33 43152 ----a-w- c:\windows\avastSS.scr
2014-04-14 07:32 . 2014-04-14 07:32 -------- d-----w- c:\program files\AVAST Software
2014-04-14 07:16 . 2014-04-14 07:16 -------- d-----w- C:\VTRoot
2014-04-14 07:16 . 2014-04-17 21:25 121296 ----a-w- c:\windows\system32\drivers\fvstore.dat
2014-04-14 07:11 . 2014-04-14 07:11 -------- d-----w- c:\programdata\AVAST Software
2014-04-10 20:47 . 2014-04-10 20:48 -------- d-s---w- c:\programdata\Shared Space
2014-04-10 20:46 . 2014-04-10 20:46 -------- d-----w- c:\program files\AdTrustMedia
2014-04-10 20:46 . 2014-04-10 20:46 -------- d-----w- c:\programdata\Adtrustmedia
2014-04-10 20:46 . 2014-04-10 20:46 -------- d-----w- c:\users\Chmelík\AppData\Local\Comodo
2014-04-10 20:46 . 2014-04-10 20:46 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-04-10 20:46 . 2014-04-10 20:47 -------- d-----w- c:\program files\Comodo
2014-04-10 20:46 . 2014-04-10 20:46 -------- d-----w- c:\programdata\Comodo Downloader
2014-04-10 20:42 . 2014-04-10 20:48 -------- d-----w- c:\programdata\Comodo
2014-04-10 06:37 . 2014-04-10 06:37 850352 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-04-10 06:37 . 2014-04-10 06:37 54704 ----a-w- c:\windows\system32\USBCoInstaller.dll
2014-04-10 06:37 . 2014-04-10 06:37 1461168 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-03-25 18:22 . 2014-04-16 21:12 92656 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-03-25 18:22 . 2014-04-16 21:12 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-03-25 18:22 . 2014-04-16 21:12 607168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2014-03-25 18:22 . 2014-04-16 21:12 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-03-25 18:22 . 2014-03-25 18:22 363504 ----a-w- c:\windows\system32\guard32.dll
2014-03-25 18:22 . 2014-03-25 18:22 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 18:22 . 2014-03-25 18:22 284888 ----a-w- c:\windows\system32\cmdvrt32.dll
2014-03-25 18:22 . 2014-03-25 18:22 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2014-03-22 21:06 . 2014-03-22 21:06 -------- d-----w- c:\program files\Flash_Tools
2014-03-22 20:46 . 2014-03-22 20:46 -------- d-----w- c:\program files\FlashTools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-22 21:06 . 2013-12-01 13:13 65536 ----a-w- c:\windows\IFinst27.exe
2014-03-12 17:40 . 2012-07-13 07:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 17:40 . 2011-12-20 14:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 20:07 . 2014-03-11 20:07 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2014-03-11 12:25 . 2014-03-11 12:25 384 ----a-w- c:\users\Chmelík\advanced_ip_scanner_MAC.bin
2014-03-11 12:25 . 2014-03-11 12:25 384 ----a-w- c:\users\Chmelík\advanced_ip_scanner_MAC.bin
2012-01-21 09:35 . 2012-01-21 09:35 7738752 ----a-w- c:\program files\ipscan20.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}]
2013-11-15 12:17 744616 ----a-w- c:\program files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-14 07:33 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-20 7711264]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-06-02 1769472]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PrivDogService"="c:\program files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe" [2013-11-15 525480]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1225944]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-14 3854640]
"tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2014-03-20 2327248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
emMon.lnk - c:\program files\USB_video_device\Driver\Driver32\emmon.exe [2011-12-20 65536]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2014-3-20 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^Chmelík^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
path=c:\users\Chmelík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Chmelík^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk]
path=c:\users\Chmelík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk
backup=c:\windows\pss\wandoujia_helper.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2013-07-13 12:41 116648 ----atw- c:\users\Chmelík\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 14:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2011-08-10 15:39 1313640 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-03-06 15:48 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-03-06 15:58 1060376 ----a-w- c:\program files\Labtec\WebCam10\WebCam10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSetup]
2007-03-06 15:46 620056 ----a-w- c:\program files\Labtec\WebCamWebInstall\Setup\Setup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-12-21 16:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
2011-10-12 17:35 191440 ----a-w- c:\users\Chmelík\AppData\Roaming\QipGuard\QipGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-12-21 16:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder;c:\windows\system32\drivers\wfpvrenc.sys [2006-11-28 299392]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;c:\windows\system32\drivers\wfpvrtun.sys [2006-11-28 33408]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;c:\windows\system32\drivers\wfpvrcap.sys [2006-11-28 162688]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;e:\flashka\Komerční\AIDA64 Extreme 1.85_portable\kerneld.x32 [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-04-14 67264]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2013-05-11 25088]
R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2012-06-14 35088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;c:\windows\system32\drivers\WFPVRBAR.sys [2006-11-28 9728]
R4 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [2011-10-12 191440]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-04-14 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-04-14 411552]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2013-05-07 35064]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2014-04-16 20072]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2014-04-16 607168]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2014-04-16 43728]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys [2013-10-07 15400]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-14 67824]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [2014-03-20 70352]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2014-01-28 2135232]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [2014-03-20 2327248]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-04-08 709632]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-12-21 47360]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 16:54]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 16:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - c:\program files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Chmelík\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - ExtSQL: 2014-04-10 22:47; PrivDog@AdTrustMedia.com; c:\users\ChmelĂk\AppData\Roaming\Mozilla\Firefox\Profiles\24bs78ee.default\extensions\PrivDog@AdTrustMedia.com.xpi
FF - ExtSQL: !HIDDEN! 2011-12-22 20:20; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ComodoFSChrome - c:\program files\AdTrustMedia\PrivDog\FinalizeSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\e:\flashka\Komerční\AIDA64 Extreme 1.85_portable\kerneld.x32"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2282636475-4151022380-181368577-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}*]
"pahpjcpdjladbnpclaechbfdopiccmef"=hex:61,61,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\guard32.dll
c:\windows\system32\dssenh.dll
.
- - - - - - - > 'Explorer.exe'(3376)
c:\windows\system32\guard32.dll
c:\windows\system32\MsftEdit.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\stobject.dll
c:\windows\system32\BatMeter.dll
c:\windows\system32\Syncreg.dll
c:\windows\ehome\ehSSO.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\System32\cscobj.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Comodo\GeekBuddy\unit_manager.exe
c:\program files\Comodo\GeekBuddy\unit.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Comodo\COMODO Internet Security\cis.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-04-20 09:24:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-20 07:23
ComboFix2.txt 2014-04-17 20:36
.
Před spuštěním: Volných bajtů: 23 611 822 080
Po spuštění: Volných bajtů: 23 411 109 888
.
- - End Of File - - 6DE73DCEF243C7B0FD4D92EBB6586505
A36C5E4F47E84449FF07ED3517B43A31

VIRY.CZ

Bigmen - žádost o kontrolu logu

Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu

Re: Bigmen - žádost o kontrolu logu