DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.10.2 Run by uzivatel at 12:09:37 on 2013-02-26 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.928 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\conime.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com uURLSearchHooks: : - LocalServer32 - mURLSearchHooks: : - LocalServer32 - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\uzivatel\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Od&eslat do aplikace OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\icq7.7\ICQ.exe IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{67EA8654-558B-42FD-B911-1850130D772A} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\uzivatel\appdata\roaming\mozilla\firefox\profiles\ovv1ht79.default\ FF - prefs.js: browser.search.defaulturl - FF - ExtSQL: 2013-01-11 16:48; toolbar@ask.com; c:\users\uzivatel\appdata\roaming\mozilla\firefox\profiles\ovv1ht79.default\extensions\toolbar@ask.com . ============= SERVICES / DRIVERS =============== . R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-4-5 24408] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-5 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-5 337880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-5 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-4-5 57688] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-5 44768] R2 FontCache;Mezipamì písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-2-17 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-24 682344] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-24 398184] R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-24 21104] S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-4-5 134920] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1" . =============== Created Last 30 ================ . 2013-02-26 10:56:17 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{272f8c29-eb88-4861-901f-0ad0f7e7361a}\mpengine.dll 2013-02-25 17:06:55 -------- d-sh--w- C:\$RECYCLE.BIN 2013-02-25 17:06:50 -------- d-----w- c:\users\uzivatel\appdata\local\temp 2013-02-25 16:46:41 98816 ----a-w- c:\windows\sed.exe 2013-02-25 16:46:41 256000 ----a-w- c:\windows\PEV.exe 2013-02-25 16:46:41 208896 ----a-w- c:\windows\MBR.exe 2013-02-25 16:46:33 -------- d-----w- C:\ComboFix 2013-02-24 19:11:38 -------- d-----w- c:\users\uzivatel\appdata\roaming\Malwarebytes 2013-02-24 19:11:22 -------- d-----w- c:\programdata\Malwarebytes 2013-02-24 19:11:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-24 19:11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-24 16:45:38 -------- d-----w- c:\program files\trend micro 2013-02-17 11:28:00 6161832 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-17 11:28:00 19914680 ----a-w- c:\windows\system32\nvoglv32.dll 2013-02-17 11:28:00 10919864 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-17 11:27:58 7753688 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-17 11:27:58 2575800 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-17 11:27:58 1867704 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-17 11:27:57 17560504 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-15 22:31:23 186432 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2013-02-15 21:07:36 -------- d-----w- c:\program files\FlatOut2 2013-02-14 06:50:58 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-14 06:50:56 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-14 06:50:54 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-14 06:50:50 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-14 06:50:50 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 19:06:58 -------- d-----w- c:\program files\YTD Toolbar 2013-02-02 16:59:51 -------- d-----w- c:\program files\Microsoft 2013-02-02 16:59:12 -------- d--h--w- c:\windows\msdownld.tmp 2013-02-02 16:59:06 -------- d-----w- c:\windows\system32\directx . ==================== Find3M ==================== . 2013-02-23 21:05:22 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-23 21:05:22 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-11 15:35:34 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-11 15:35:20 859072 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-11 15:35:20 779704 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-01-03 11:42:57 888760 ----a-w- c:\windows\system32\nvdispgenco32.dll 2013-01-03 11:42:57 2443472 ----a-w- c:\windows\system32\nvapi.dll 2013-01-03 11:42:57 15411296 ----a-w- c:\windows\system32\nvd3dum.dll 2013-01-03 11:42:57 1010104 ----a-w- c:\windows\system32\nvdispco32.dll 2013-01-03 08:38:31 3969976 ----a-w- c:\windows\system32\nvcpl.dll 2013-01-03 08:38:31 2858424 ----a-w- c:\windows\system32\nvsvc.dll 2013-01-03 08:37:58 634808 ----a-w- c:\windows\system32\nvvsvc.exe 2013-01-03 08:37:58 62904 ----a-w- c:\windows\system32\nvshext.dll 2013-01-03 08:37:58 108984 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-07-06 19:24:21 189 ----a-w- c:\program files\0SQ7B5G2.bat . ============= FINISH: 12:10:11,10 ===============