Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu počítač se pomalý a nestabilní

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Gonycz
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 29 led 2011 20:25

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#46 Příspěvek od Gonycz »

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/04/2013 10:50:34 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\Ati2evxx.exe (PID: 772) [WD-HEUR]
* C:\WINDOWS\system32\Ati2evxx.exe (PID: 1060) [WD-HEUR]
* C:\WINDOWS\system32\HPZipm12.exe (PID: 2120) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000




Zde combofix


ComboFix 13-05-04.01 - Gonycz 04.05.2013 10:57:25.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1615 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gonycz\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gonycz\WINDOWS
c:\windows\system32\37.exe
c:\windows\system32\Cache
c:\windows\system32\tmp122.tmp
c:\windows\system32\tmp123.tmp
G:\install.exe
H:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-04 do 2013-05-04 )))))))))))))))))))))))))))))))
.
.
2013-05-04 04:40 . 2013-05-04 04:44 -------- d-----w- c:\program files\AMD
2013-05-04 04:33 . 2013-05-04 04:33 -------- d-----w- c:\windows\SxsCaPendDel
2013-05-03 18:44 . 2008-04-13 20:05 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2013-05-03 18:44 . 2008-04-13 20:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2013-05-03 18:17 . 2013-05-03 18:17 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\8.exe
2013-05-03 17:19 . 2013-05-03 17:19 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\14.exe
2013-05-03 16:08 . 2013-05-03 16:08 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\5D.exe
2013-05-03 11:37 . 2013-05-04 05:13 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\temp.bin
2013-05-03 09:42 . 2013-05-03 09:42 -------- d-----w- c:\documents and settings\Gonycz\Local Settings\Data aplikací\Sun
2013-05-03 08:58 . 2013-05-03 08:58 -------- d-----w- c:\documents and settings\Gonycz\Data aplikací\Malwarebytes
2013-05-03 08:58 . 2013-05-03 08:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-05-03 08:58 . 2013-05-03 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-03 08:58 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-03 08:23 . 2013-05-03 08:23 -------- d-----w- c:\program files\Common Files\Java
2013-05-03 08:22 . 2013-05-03 08:22 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-03 08:22 . 2013-05-03 08:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-02 20:05 . 2013-05-03 14:52 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-05-02 20:05 . 2013-05-02 20:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\StarApp
2013-05-02 19:05 . 2013-05-02 19:05 -------- d-----w- c:\program files\trend micro
2013-05-02 19:05 . 2013-05-02 19:05 -------- d-----w- C:\rsit
2013-05-01 08:17 . 2013-05-01 08:17 40960 ----a-r- c:\documents and settings\Gonycz\Data aplikací\Microsoft\Installer\{797D1DB3-BA0F-4A2D-9F99-5D2C09D0A7FE}\_7D65E701E2A0_4D18_86F7_E1CB6AA922DD.exe
2013-05-01 08:15 . 2013-05-01 08:15 53248 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2013-05-01 08:15 . 2013-05-01 08:15 126976 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2013-05-01 08:15 . 2013-05-01 08:15 114688 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2013-04-27 07:55 . 2013-05-03 21:49 -------- d-----w- c:\documents and settings\Gonycz\Data aplikací\vlc
2013-04-26 13:39 . 2004-06-17 11:19 155648 ----a-w- c:\windows\system32\ssleay32.dll
2013-04-26 13:39 . 2004-06-17 11:19 688128 ----a-w- c:\windows\system32\libeay32.dll
2013-04-26 13:39 . 2000-01-31 02:00 25600 ----a-w- c:\windows\system32\BORLNDMM.DLL
2013-04-26 13:39 . 2000-01-31 02:00 219648 ----a-w- c:\windows\system32\cg32.dll
2013-04-26 13:39 . 2000-01-31 02:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2013-04-16 07:41 . 2013-04-16 07:41 -------- d-sh--w- c:\documents and settings\Gonycz\IECompatCache
2013-04-05 17:36 . 2013-04-05 17:36 -------- d-----w- c:\documents and settings\Gonycz\Data aplikací\Notepad++
2013-04-05 17:36 . 2013-04-05 17:36 -------- d-----w- c:\program files\Notepad++
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 08:22 . 2012-09-15 05:05 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-03 08:22 . 2012-07-22 10:25 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 08:01 . 2013-02-12 07:18 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 08:01 . 2013-02-12 07:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 08:01 . 2013-03-13 08:01 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-24 07:52 . 2013-01-20 08:33 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-24 07:52 . 2013-01-20 08:33 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-22 09:29 . 2013-02-22 09:29 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2013-04-12 06:49 . 2013-04-12 06:49 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 546312]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-7-26 113664]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gonycz^Nabídka Start^Programy^Po spuštění^Facebook Messenger.lnk]
path=c:\documents and settings\Gonycz\Nabídka Start\Programy\Po spuštění\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2013-02-10 12:23 109336 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Hry\\Counter-Strike 1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\ANNO 1404\\Anno4.exe"=
"c:\\Hry\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Hry\\ANNO 1404\\tools\\Benchmark.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5910:TCP"= 5910:TCP:vnc5910
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.7.2012 19:50 242240]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [22.1.2007 2:59 607496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.5.2013 10:58 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3.5.2013 10:58 701512]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [26.1.2013 20:40 100736]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;\??\c:\program files\Setup Files\Ms7181v150\NTIOLib.sys --> c:\program files\Setup Files\Ms7181v150\NTIOLib.sys [?]
S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [24.8.2012 16:12 62848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 05:56 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 08:01]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 05:46]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 05:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
TCP: Interfaces\{86996986-2DF9-4088-A446-6C8E01845350}: NameServer = 62.129.50.20,85.135.32.100
TCP: Interfaces\{E3B0F0E5-1AC6-405C-96B0-4072B3D1F944}: NameServer = 62.129.50.20,85.135.32.100
FF - ProfilePath - c:\documents and settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-05-03 07:18; auigebgve@aobo.com; c:\documents and settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\extensions\auigebgve@aobo.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Screen Saver Pro 3.1 - c:\documents and settings\Gonycz\Data aplikací\ScreenSaverPro.scr
HKCU-Run-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-WheelMouse - c:\program files\A4Tech\Mouse\Amoumain.exe
AddRemove-{658641B0-30D1-0163-6F08-F72A3BE7E164} - c:\docume~1\ALLUSE~1\DATAAP~1\INSTAL~2\{10703~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-04 11:05
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
? [54924]
? [56644]
? [56656]
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Vaicix = c:\documents and settings\Gonycz\Data aplikac?\Microsoft\Vaicix.exe
.
skenování skrytých souborů ...
.
.
c:\documents and settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe 128512 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vaicix"="c:\\Documents and Settings\\Gonycz\\Data aplikací\\Microsoft\\Vaicix.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2013-05-04 11:08:24
ComboFix-quarantined-files.txt 2013-05-04 09:08
.
Před spuštěním: Volných bajtů: 36 260 917 248
Po spuštění: Volných bajtů: 36 573 642 752
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - AD393AE584D54B6B3E8E45A1794D75FD


vše jse udělal podole návodu.já jsem musel zpustit ten malware jinak bych se nedostal vůbec na nternet. Jiní zásahy rozhodně teď nedělám.
Nahoru
Uživatelský avatar
Mc_Murphy
VIP in memoriam
VIP in memoriam
Příspěvky: 6706
Registrován: 03 lis 2008 15:55
Bydliště: Plzeň [ZČ]
Kontaktovat uživatele:
Kontaktovat uživatele Mc_Murphy

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#47 Příspěvek od Mc_Murphy »

:arrow: Následující soubory otestuj na stránkách VirusTotal.
  • c:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe
  • Klikni na [Choose File].
  • Soubor nehledej, jen vlož cestu souboru, který chci otestovat.
  • Klikni na [Scan it!].
  • Pokud na Tebe vyskočí obrazovka podobná té, co je níže, klikni na [Reanalyse]!
    Obrázek
  • Výsledek analýzy mi sem vlož (jako odkaz).

:arrow: Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.
  • Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> stiskni [Enter]).
  • Zkopíruj do něj tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

KillAll::

Collect::
c:\documents and settings\Gonycz\Data aplikací\8.exe
c:\documents and settings\Gonycz\Data aplikací\14.exe
c:\documents and settings\Gonycz\Data aplikací\5D.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
"kX Mixer"=-
"HP Software Update"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gonycz^Nabídka Start^Programy^Po spuštění^Facebook Messenger.lnk]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\PSP\Counter Strike Global Offensive [MULTI][PCDVD][STEAM UNLOCKED][[iND][WwW.GamesTorrents.CoM]\iND-csgoff\csgo.exe"=-

Driver::
JavaQuickStarterService
NMSAccess
gupdate
gupdatem

Firefox::
FF - ProfilePath - c:\documents and settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\
FF - ExtSQL: 2013-05-03 07:18; auigebgve@aobo.com; c:\documents and settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\extensions\auigebgve@aobo.com

File::
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
c:\documents and settings\Gonycz\Nabídka Start\Programy\Po spuštění\Facebook Messenger.lnk
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-261478967-1801674531-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-261478967-1801674531-1005UA.job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

ClearJavaCache::

AtJob::

Reboot::
  • Ulož vytvořený TXT jako CFScript.txt
  • Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
    Obrázek
  • Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.
:!: Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.
Obrázek-Obrázek
Obrázek-Obrázek

  • ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
    • You gave me love, I've found my identity, found my identity.

    I'm moving on, I'm moving on, I'm moving on by the Spirit.
    • You gave me hope, I've found my identity in Christ...
Nahoru
Gonycz
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 29 led 2011 20:25

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#48 Příspěvek od Gonycz »

Nechápu to stránku, kterou si uvedl, že tam mám smazan tu cestu souboru, tak ta stránka mi nechce opět najed necháputo. Dále jsem udělal proces jak si popsal se scriptem a Combofixem, ale po restatu PC normálně jelo, ale opět nejel internet :( takže jsem musel udělat bleskovou kontrolu v Malwarebytes Anti-Malware a po restartu opět internet jel v pořádku. Dávám ti tu logy

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.04.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gonycz :: GONY [administrátor]

Ochrana: Zakázána

5.5.2013 9:00:39
mbam-log-2013-05-05 (09-00-39).txt

Typ: Blesková kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: Registr | Systémové soubory | P2P
Kontrolované objekty: 166085
Uplynulý čas: 1 minut, 3 sekund

Nalezené procesy v paměti: 1
C:\WINDOWS\yndrive32.exe (Trojan.Zbot.HE) -> 120576 -> Bude smazán při restartu.

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 5
C:\WINDOWS\yndrive32.exe (Trojan.Zbot.HE) -> Bude smazán při restartu.
C:\Documents and Settings\Gonycz\Data aplikací\14.exe (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Gonycz\Data aplikací\5D.exe (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Gonycz\Data aplikací\2.exe (Trojan.Downloader) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Gonycz\Data aplikací\8.exe (Trojan.Downloader) -> Přesun do karantény a smazání se zdařilo.

(konec)




A Combo fix
ComboFix 13-05-04.01 - Gonycz 05.05.2013 8:39.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1622 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gonycz\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Gonycz\Plocha\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk"
"c:\documents and settings\Gonycz\Nabídka Start\Programy\Po spuštění\Facebook Messenger.lnk"
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-261478967-1801674531-1005Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-261478967-1801674531-1005UA.job"
.
file zipped: c:\documents and settings\Gonycz\Data aplikací\14.exe
file zipped: c:\documents and settings\Gonycz\Data aplikací\5D.exe
file zipped: c:\documents and settings\Gonycz\Data aplikací\8.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gonycz\Data aplikací\1.exe
c:\documents and settings\Gonycz\Data aplikací\2.exe
c:\documents and settings\Gonycz\Data aplikací\4.exe
c:\documents and settings\Gonycz\Data aplikací\5.exe
c:\documents and settings\Gonycz\Data aplikací\6.exe
c:\documents and settings\Gonycz\Data aplikací\ED.exe
c:\windows\system32\00.exe
c:\windows\system32\10.exe
c:\windows\system32\40.exe
c:\windows\system32\50.exe
c:\windows\system32\60.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Legacy_NMSACCESS
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_JavaQuickStarterService
-------\Service_NMSAccess
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-05 do 2013-05-05 )))))))))))))))))))))))))))))))
.
.
2013-05-05 06:19 . 2013-05-05 06:19 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\7.exe
2013-05-05 05:53 . 2013-05-05 05:53 123489 --sh--w- c:\documents and settings\Gonycz\Data aplikací\3.exe
2013-05-04 09:07 . 2013-05-04 09:07 123489 --sh--w- c:\documents and settings\Gonycz\Data aplikací\EF.exe
2013-05-04 09:07 . 2013-05-04 09:07 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\EE.exe
2013-05-04 04:40 . 2013-05-04 04:44 -------- d-----w- c:\program files\AMD
2013-05-04 04:33 . 2013-05-04 04:33 -------- d-----w- c:\windows\SxsCaPendDel
2013-05-03 18:44 . 2008-04-13 20:05 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2013-05-03 18:44 . 2008-04-13 20:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2013-05-03 18:17 . 2013-05-03 18:17 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\8.exe
2013-05-03 17:19 . 2013-05-03 17:19 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\14.exe
2013-05-03 16:08 . 2013-05-03 16:08 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\5D.exe
2013-05-03 11:37 . 2013-05-05 06:19 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\temp.bin
2013-05-03 09:42 . 2013-05-03 09:42 -------- d-----w- c:\documents and settings\Gonycz\Local Settings\Data aplikací\Sun
2013-05-03 08:58 . 2013-05-03 08:58 -------- d-----w- c:\documents and settings\Gonycz\Data aplikací\Malwarebytes
2013-05-03 08:58 . 2013-05-03 08:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-05-03 08:58 . 2013-05-03 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-03 08:58 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-03 08:23 . 2013-05-03 08:23 -------- d-----w- c:\program files\Common Files\Java
2013-05-03 08:22 . 2013-05-03 08:22 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-03 08:22 . 2013-05-03 08:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-02 20:05 . 2013-05-03 14:52 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-05-02 20:05 . 2013-05-02 20:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\StarApp
2013-05-02 19:05 . 2013-05-02 19:05 -------- d-----w- c:\program files\trend micro
2013-05-02 19:05 . 2013-05-02 19:05 -------- d-----w- C:\rsit
2013-05-01 08:17 . 2013-05-01 08:17 40960 ----a-r- c:\documents and settings\Gonycz\Data aplikací\Microsoft\Installer\{797D1DB3-BA0F-4A2D-9F99-5D2C09D0A7FE}\_7D65E701E2A0_4D18_86F7_E1CB6AA922DD.exe
2013-05-01 08:15 . 2013-05-01 08:15 53248 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2013-05-01 08:15 . 2013-05-01 08:15 126976 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2013-05-01 08:15 . 2013-05-01 08:15 114688 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2013-04-27 07:55 . 2013-05-04 19:07 -------- d-----w- c:\documents and settings\Gonycz\Data aplikací\vlc
2013-04-26 13:39 . 2004-06-17 11:19 155648 ----a-w- c:\windows\system32\ssleay32.dll
2013-04-26 13:39 . 2004-06-17 11:19 688128 ----a-w- c:\windows\system32\libeay32.dll
2013-04-26 13:39 . 2000-01-31 02:00 25600 ----a-w- c:\windows\system32\BORLNDMM.DLL
2013-04-26 13:39 . 2000-01-31 02:00 219648 ----a-w- c:\windows\system32\cg32.dll
2013-04-26 13:39 . 2000-01-31 02:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2013-04-16 07:41 . 2013-04-16 07:41 -------- d-sh--w- c:\documents and settings\Gonycz\IECompatCache
2013-04-05 17:36 . 2013-04-05 17:36 -------- d-----w- c:\documents and settings\Gonycz\Data aplikací\Notepad++
2013-04-05 17:36 . 2013-04-05 17:36 -------- d-----w- c:\program files\Notepad++
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 06:52 . 2013-05-05 06:52 123489 --sh--w- c:\windows\yndrive32.exe
2013-05-05 06:52 . 2013-05-05 06:52 123489 --sh--w- c:\documents and settings\Gonycz\Data aplikací\4.exe
2013-05-05 06:52 . 2013-05-05 06:52 43020 ----a-w- c:\documents and settings\Gonycz\Data aplikací\2.exe
2013-05-03 08:22 . 2012-09-15 05:05 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-03 08:22 . 2012-07-22 10:25 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 08:01 . 2013-02-12 07:18 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 08:01 . 2013-02-12 07:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 08:01 . 2013-03-13 08:01 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-24 07:52 . 2013-01-20 08:33 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-24 07:52 . 2013-01-20 08:33 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-22 09:29 . 2013-02-22 09:29 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2013-04-12 06:49 . 2013-04-12 06:49 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Screen Saver Pro 3.1"="c:\documents and settings\Gonycz\Data aplikací\ScreenSaverPro.scr" [BU]
"proxzy0229"="c:\recycler\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe" [2013-05-05 43020]
"proxzy0229"="c:\recycler\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe" [2013-05-05 43020]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Driver Setup"="c:\windows\yndrive32.exe" [2013-05-05 123489]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Microsoft Driver Setup"="c:\windows\yndrive32.exe" [2013-05-05 123489]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-7-26 113664]
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe,c:\recycler\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\recycler\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Hry\\Counter-Strike 1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\ANNO 1404\\Anno4.exe"=
"c:\\Hry\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Hry\\ANNO 1404\\tools\\Benchmark.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5910:TCP"= 5910:TCP:vnc5910
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.7.2012 19:50 242240]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [22.1.2007 2:59 607496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.5.2013 10:58 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3.5.2013 10:58 701512]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [26.1.2013 20:40 100736]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;\??\c:\program files\Setup Files\Ms7181v150\NTIOLib.sys --> c:\program files\Setup Files\Ms7181v150\NTIOLib.sys [?]
S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [24.8.2012 16:12 62848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 05:56 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 08:01]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 05:46]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 05:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
TCP: Interfaces\{86996986-2DF9-4088-A446-6C8E01845350}: NameServer = 62.129.50.20,85.135.32.100
TCP: Interfaces\{E3B0F0E5-1AC6-405C-96B0-4072B3D1F944}: NameServer = 62.129.50.20,85.135.32.100
FF - ProfilePath - c:\documents and settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-05-03 07:18; auigebgve@aobo.com; c:\documents and settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\extensions\auigebgve@aobo.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-05 08:52
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
? [55040]
? [55772]
? [55820]
? [55272]
? [55632]
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Vaicix = c:\documents and settings\Gonycz\Data aplikac?\Microsoft\Vaicix.exe
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vaicix"="c:\\Documents and Settings\\Gonycz\\Data aplikací\\Microsoft\\Vaicix.exe"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(121308)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\mspaint.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Gonycz\Data aplikací\2.exe
c:\documents and settings\Gonycz\Data aplikací\4.exe
.
**************************************************************************
.
Celkový čas: 2013-05-05 08:55:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-05 06:55
ComboFix2.txt 2013-05-04 09:08
.
Před spuštěním: Volných bajtů: 36 596 609 024
Po spuštění: Volných bajtů: 36 531 838 976
.
- - End Of File - - 7BC9E1CF51D5E0406386282BC1B95B3A

Nevíš kde může být chyba s tím internetem?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#49 Příspěvek od vyosek »

Zdravim a pekne nedelni odpoledne preji :)

:arrow: Kolega me poprosil o soucinnost

:arrow: Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.
  • Utilitu spustte a prikazte ji, at skenuje - klik na Scan
  • Kliknutim na Save log ulozte log aswMBR na plochu
  • Obsah logu aswMBR mi sem vlozte
:arrow: Dale poprosim o gmer dle navodu kolegy
Naughty píše: :arrow: stáhni gmer http://www2.gmer.net/gmer.zip

-rozbal
- odskrkni volbu IAT/EAT
- zbytek nech nastaveno jak je
- klik na Scan, po dokonceni kontroly vloz obsah logu.
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Gonycz
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 29 led 2011 20:25

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#50 Příspěvek od Gonycz »

Také přeji pěkné odpoledne
Bohužel mi opět nejde stránka se stažením aswMBR a na google jsem nenašel jiný link všechny směřují stejně. Musím míz zakázané nějaké porty u provozovatele, ale to mohu vyřešit až v pondělí. Poprosil bych o alternativní link
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#51 Příspěvek od vyosek »

:arrow: Ja myslim, ze to mozna blokuje havet :?: Uvidime

:arrow: Oboji mate zde
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Gonycz
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 29 led 2011 20:25

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#52 Příspěvek od Gonycz »

Dobrý den,
Konečně jsem vše dokončil a tady jsou logy

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-05 17:10:13
-----------------------------
17:10:13.187 OS Version: Windows 5.1.2600 Service Pack 3
17:10:13.187 Number of processors: 1 586 0x40A
17:10:13.187 ComputerName: GONY UserName:
17:10:13.515 Initialize success
17:10:20.421 AVAST engine download error: 0
17:10:29.468 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:10:29.468 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
17:10:29.468 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
17:10:29.468 Disk 1 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476940MB BusType: 3
17:10:29.546 Disk 1 MBR read successfully
17:10:29.546 Disk 1 MBR scan
17:10:29.546 Disk 1 Windows XP default MBR code
17:10:29.562 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131059 MB offset 63
17:10:29.578 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 345877 MB offset 268410240
17:10:29.578 Disk 1 scanning sectors +976767120
17:10:29.609 Disk 1 scanning C:\WINDOWS\system32\drivers
17:10:32.968 Service scanning
17:10:41.078 Modules scanning
17:10:55.234 Disk 1 trace - called modules:
17:10:55.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:10:55.265 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a896ab8]
17:10:55.265 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a8ccb00]
17:10:55.265 Scan finished successfully
17:11:07.156 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Gonycz\Plocha\MBR.dat"
17:11:07.171 The log file has been saved successfully to "C:\Documents and Settings\Gonycz\Plocha\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-05 17:10:13
-----------------------------
17:10:13.187 OS Version: Windows 5.1.2600 Service Pack 3
17:10:13.187 Number of processors: 1 586 0x40A
17:10:13.187 ComputerName: GONY UserName:
17:10:13.515 Initialize success
17:10:20.421 AVAST engine download error: 0
17:10:29.468 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:10:29.468 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
17:10:29.468 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
17:10:29.468 Disk 1 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476940MB BusType: 3
17:10:29.546 Disk 1 MBR read successfully
17:10:29.546 Disk 1 MBR scan
17:10:29.546 Disk 1 Windows XP default MBR code
17:10:29.562 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131059 MB offset 63
17:10:29.578 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 345877 MB offset 268410240
17:10:29.578 Disk 1 scanning sectors +976767120
17:10:29.609 Disk 1 scanning C:\WINDOWS\system32\drivers
17:10:32.968 Service scanning
17:10:41.078 Modules scanning
17:10:55.234 Disk 1 trace - called modules:
17:10:55.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:10:55.265 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a896ab8]
17:10:55.265 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a8ccb00]
17:10:55.265 Scan finished successfully
17:11:07.156 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Gonycz\Plocha\MBR.dat"
17:11:07.171 The log file has been saved successfully to "C:\Documents and Settings\Gonycz\Plocha\aswMBR.txt"
17:11:15.156 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Gonycz\Plocha\MBR.dat"
17:11:15.156 The log file has been saved successfully to "C:\Documents and Settings\Gonycz\Plocha\aswMBR.txt"



Druhý

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-06 16:21:30
Windows 5.1.2600 Service Pack 3 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HD502HI rev.1AG01118 465,76GB
Running: gmer.exe; Driver: C:\DOCUME~1\Gonycz\LOCALS~1\Temp\pxtoqpob.sys


---- Kernel code sections - GMER 2.1 ----

? bjdwrnus.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99F1000, 0x1C5D38, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA495B300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3F8300, 0x1BEE, 0xE8000020]
? C:\DOCUME~1\Gonycz\LOCALS~1\Temp\aswMBR.sys Systém nemůže nalézt uvedenou cestu. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00ED6390
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00ED6640
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00ED53D0
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00ED5300
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED11C0
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00ED1290
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00ED2570
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00ED1000
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00ED10A0
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00ED2510
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00ED1D10
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] WS2_32.dll!send 71A94C27 5 Bytes JMP 00ED7250
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00ED2160
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 00ED20A0
.text C:\Program Files\kX Audio Driver\3550\kxmixer.exe[248] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 00ED23A0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01046390
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01046640
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 010453D0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01045300
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010411C0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01041290
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01042570
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01041000
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 010410A0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01042510
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 01041D10
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] WS2_32.dll!send 71A94C27 5 Bytes JMP 01047250
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 01042160
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 010420A0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[344] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 010423A0
.text C:\WINDOWS\system32\ctfmon.exe[392] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A56390
.text C:\WINDOWS\system32\ctfmon.exe[392] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A56640
.text C:\WINDOWS\system32\ctfmon.exe[392] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A553D0
.text C:\WINDOWS\system32\ctfmon.exe[392] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A55300
.text C:\WINDOWS\system32\ctfmon.exe[392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A511C0
.text C:\WINDOWS\system32\ctfmon.exe[392] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A51290
.text C:\WINDOWS\system32\ctfmon.exe[392] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A52570
.text C:\WINDOWS\system32\ctfmon.exe[392] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A51000
.text C:\WINDOWS\system32\ctfmon.exe[392] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A510A0
.text C:\WINDOWS\system32\ctfmon.exe[392] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A52510
.text C:\WINDOWS\system32\ctfmon.exe[392] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00A51D10
.text C:\WINDOWS\system32\ctfmon.exe[392] WS2_32.dll!send 71A94C27 5 Bytes JMP 00A57250
.text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00A52160
.text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 00A520A0
.text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 00A523A0
.text C:\WINDOWS\system32\svchost.exe[444] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00D66390
.text C:\WINDOWS\system32\svchost.exe[444] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00D66640
.text C:\WINDOWS\system32\svchost.exe[444] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00D653D0
.text C:\WINDOWS\system32\svchost.exe[444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D65300
.text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D611C0
.text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D61290
.text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00D62570
.text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00D61000
.text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00D610A0
.text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00D62510
.text C:\WINDOWS\system32\svchost.exe[444] wininet.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00D62160
.text C:\WINDOWS\system32\svchost.exe[444] wininet.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 00D620A0
.text C:\WINDOWS\system32\svchost.exe[444] wininet.dll!InternetWriteFile 40C76116 5 Bytes JMP 00D623A0
.text C:\WINDOWS\system32\svchost.exe[444] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00D61D10
.text C:\WINDOWS\system32\svchost.exe[444] WS2_32.dll!send 71A94C27 5 Bytes JMP 00D67250
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00656390
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00656640
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 006553D0
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00655300
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006511C0
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00651290
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00652570
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00651000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 006510A0
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00652510
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00651D10
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] WS2_32.dll!send 71A94C27 5 Bytes JMP 00657250
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00652160
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 006520A0
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[512] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 006523A0
.text C:\WINDOWS\system32\mspaint.exe[528] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes JMP 00916390
.text C:\WINDOWS\system32\mspaint.exe[528] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 1 Byte [84]
.text C:\WINDOWS\system32\mspaint.exe[528] ntdll.dll!NtQueryDirectoryFile 7C90D750 3 Bytes JMP 00916640
.text C:\WINDOWS\system32\mspaint.exe[528] ntdll.dll!NtQueryDirectoryFile + 4 7C90D754 1 Byte [84]
.text C:\WINDOWS\system32\mspaint.exe[528] ntdll.dll!NtResumeThread 7C90DB20 3 Bytes JMP 009153D0
.text C:\WINDOWS\system32\mspaint.exe[528] ntdll.dll!NtResumeThread + 4 7C90DB24 1 Byte [84]
.text C:\WINDOWS\system32\mspaint.exe[528] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00915300
.text C:\WINDOWS\system32\mspaint.exe[528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009111C0
.text C:\WINDOWS\system32\mspaint.exe[528] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00911290
.text C:\WINDOWS\system32\mspaint.exe[528] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00912570
.text C:\WINDOWS\system32\mspaint.exe[528] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00911000
.text C:\WINDOWS\system32\mspaint.exe[528] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 009110A0
.text C:\WINDOWS\system32\mspaint.exe[528] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00912510
.text C:\WINDOWS\system32\mspaint.exe[528] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00911D10
.text C:\WINDOWS\system32\mspaint.exe[528] WS2_32.dll!send 71A94C27 5 Bytes JMP 00917250
.text C:\WINDOWS\system32\mspaint.exe[528] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00912160
.text C:\WINDOWS\system32\mspaint.exe[528] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 009120A0
.text C:\WINDOWS\system32\mspaint.exe[528] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 009123A0
.text C:\WINDOWS\system32\csrss.exe[532] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01166390
.text C:\WINDOWS\system32\csrss.exe[532] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01166640
.text C:\WINDOWS\system32\csrss.exe[532] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011653D0
.text C:\WINDOWS\system32\csrss.exe[532] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01165300
.text C:\WINDOWS\system32\csrss.exe[532] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 011611C0
.text C:\WINDOWS\system32\csrss.exe[532] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01161290
.text C:\WINDOWS\system32\csrss.exe[532] KERNEL32.dll!MoveFileW 7C821249 5 Bytes JMP 01162570
.text C:\WINDOWS\system32\csrss.exe[532] KERNEL32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01161000
.text C:\WINDOWS\system32\csrss.exe[532] KERNEL32.dll!CopyFileW 7C82F863 5 Bytes JMP 011610A0
.text C:\WINDOWS\system32\csrss.exe[532] KERNEL32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01162510
.text C:\WINDOWS\system32\csrss.exe[532] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 01161D10
.text C:\WINDOWS\system32\csrss.exe[532] WS2_32.dll!send 71A94C27 5 Bytes JMP 01167250
.text C:\WINDOWS\system32\csrss.exe[532] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 01162160
.text C:\WINDOWS\system32\csrss.exe[532] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 011620A0
.text C:\WINDOWS\system32\csrss.exe[532] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 011623A0
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01B46390
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01B46640
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01B453D0
.text C:\WINDOWS\system32\winlogon.exe[568] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01B45300
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01B411C0
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01B41290
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01B42570
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01B41000
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01B410A0
.text C:\WINDOWS\system32\winlogon.exe[568] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01B42510
.text C:\WINDOWS\system32\winlogon.exe[568] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 01B41D10
.text C:\WINDOWS\system32\winlogon.exe[568] WS2_32.dll!send 71A94C27 5 Bytes JMP 01B47250
.text C:\WINDOWS\system32\winlogon.exe[568] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 01B42160
.text C:\WINDOWS\system32\winlogon.exe[568] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 01B420A0
.text C:\WINDOWS\system32\winlogon.exe[568] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 01B423A0
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 010A6390
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 010A6640
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 010A53D0
.text C:\WINDOWS\system32\services.exe[612] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 010A5300
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010A11C0
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 010A1290
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 010A2570
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 010A1000
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 010A10A0
.text C:\WINDOWS\system32\services.exe[612] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 010A2510
.text C:\WINDOWS\system32\services.exe[612] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 010A1D10
.text C:\WINDOWS\system32\services.exe[612] WS2_32.dll!send 71A94C27 5 Bytes JMP 010A7250
.text C:\WINDOWS\system32\services.exe[612] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 010A2160
.text C:\WINDOWS\system32\services.exe[612] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 010A20A0
.text C:\WINDOWS\system32\services.exe[612] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 010A23A0
.text C:\WINDOWS\system32\Ati2evxx.exe[776] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00E26390
.text C:\WINDOWS\system32\Ati2evxx.exe[776] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00E26640
.text C:\WINDOWS\system32\Ati2evxx.exe[776] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00E253D0
.text C:\WINDOWS\system32\Ati2evxx.exe[776] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00E25300
.text C:\WINDOWS\system32\Ati2evxx.exe[776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E211C0
.text C:\WINDOWS\system32\Ati2evxx.exe[776] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E21290
.text C:\WINDOWS\system32\Ati2evxx.exe[776] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00E22570
.text C:\WINDOWS\system32\Ati2evxx.exe[776] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00E21000
.text C:\WINDOWS\system32\Ati2evxx.exe[776] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00E210A0
.text C:\WINDOWS\system32\Ati2evxx.exe[776] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00E22510
.text C:\WINDOWS\system32\Ati2evxx.exe[776] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00E21D10
.text C:\WINDOWS\system32\Ati2evxx.exe[776] WS2_32.dll!send 71A94C27 5 Bytes JMP 00E27250
.text C:\WINDOWS\system32\Ati2evxx.exe[776] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00E22160
.text C:\WINDOWS\system32\Ati2evxx.exe[776] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 00E220A0
.text C:\WINDOWS\system32\Ati2evxx.exe[776] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 00E223A0
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B66390
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B66640
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B653D0
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B65300
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B611C0
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B61290
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B62570
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B61000
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B610A0
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B62510
.text C:\WINDOWS\system32\svchost.exe[812] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00B61D10
.text C:\WINDOWS\system32\svchost.exe[812] WS2_32.dll!send 71A94C27 5 Bytes JMP 00B67250
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00B62160
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 00B620A0
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 00B623A0
.text C:\WINDOWS\system32\PnkBstrA.exe[868] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00156390
.text C:\WINDOWS\system32\PnkBstrA.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156640
.text C:\WINDOWS\system32\PnkBstrA.exe[868] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001553D0
.text C:\WINDOWS\system32\PnkBstrA.exe[868] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00155300
.text C:\WINDOWS\system32\PnkBstrA.exe[868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001511C0
.text C:\WINDOWS\system32\PnkBstrA.exe[868] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00151290
.text C:\WINDOWS\system32\PnkBstrA.exe[868] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00152570
.text C:\WINDOWS\system32\PnkBstrA.exe[868] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00151000
.text C:\WINDOWS\system32\PnkBstrA.exe[868] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001510A0
.text C:\WINDOWS\system32\PnkBstrA.exe[868] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00152510
.text C:\WINDOWS\system32\PnkBstrA.exe[868] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00151D10
.text C:\WINDOWS\system32\PnkBstrA.exe[868] WS2_32.dll!send 71A94C27 5 Bytes JMP 00157250
.text C:\WINDOWS\system32\PnkBstrA.exe[868] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00152160
.text C:\WINDOWS\system32\PnkBstrA.exe[868] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 001520A0
.text C:\WINDOWS\system32\PnkBstrA.exe[868] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 001523A0
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C16390
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C16640
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C153D0
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C15300
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C11290
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C12570
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C11000
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C110A0
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C12510
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00C11D10
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!send 71A94C27 5 Bytes JMP 00C17250
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00C12160
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 00C120A0
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 00C123A0
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02226390
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02226640
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 022253D0
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02225300
.text C:\WINDOWS\System32\svchost.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 022211C0
.text C:\WINDOWS\System32\svchost.exe[952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02221290
.text C:\WINDOWS\System32\svchost.exe[952] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02222570
.text C:\WINDOWS\System32\svchost.exe[952] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02221000
.text C:\WINDOWS\System32\svchost.exe[952] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 022210A0
.text C:\WINDOWS\System32\svchost.exe[952] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02222510
.text C:\WINDOWS\System32\svchost.exe[952] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 02221D10
.text C:\WINDOWS\System32\svchost.exe[952] WS2_32.dll!send 71A94C27 5 Bytes JMP 02227250
.text C:\WINDOWS\System32\svchost.exe[952] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 02222160
.text C:\WINDOWS\System32\svchost.exe[952] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 022220A0
.text C:\WINDOWS\System32\svchost.exe[952] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 022223A0
.text C:\WINDOWS\system32\HPZipm12.exe[968] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00156390
.text C:\WINDOWS\system32\HPZipm12.exe[968] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156640
.text C:\WINDOWS\system32\HPZipm12.exe[968] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001553D0
.text C:\WINDOWS\system32\HPZipm12.exe[968] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00155300
.text C:\WINDOWS\system32\HPZipm12.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001511C0
.text C:\WINDOWS\system32\HPZipm12.exe[968] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00151290
.text C:\WINDOWS\system32\HPZipm12.exe[968] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00152570
.text C:\WINDOWS\system32\HPZipm12.exe[968] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00151000
.text C:\WINDOWS\system32\HPZipm12.exe[968] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001510A0
.text C:\WINDOWS\system32\HPZipm12.exe[968] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00152510
.text C:\WINDOWS\system32\HPZipm12.exe[968] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00151D10
.text C:\WINDOWS\system32\HPZipm12.exe[968] WS2_32.dll!send 71A94C27 5 Bytes JMP 00157250
.text C:\WINDOWS\system32\HPZipm12.exe[968] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00152160
.text C:\WINDOWS\system32\HPZipm12.exe[968] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 001520A0
.text C:\WINDOWS\system32\HPZipm12.exe[968] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 001523A0
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00936390
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00936640
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 009353D0
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00935300
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009311C0
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00931290
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00932570
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00931000
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 009310A0
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00932510
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00931D10
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] WS2_32.dll!send 71A94C27 5 Bytes JMP 00937250
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00932160
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 009320A0
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[984] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 009323A0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 002B6390
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 002B6640
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 002B53D0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002B5300
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002B11C0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 002B1290
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 002B2570
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 002B1000
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 002B10A0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 002B2510
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 002B1D10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] WS2_32.dll!send 71A94C27 5 Bytes JMP 002B7250
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 002B2160
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 002B20A0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1020] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 002B23A0
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007A6390
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007A6640
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007A53D0
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007A5300
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A11C0
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007A1290
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007A2570
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007A1000
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007A10A0
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007A2510
.text C:\WINDOWS\system32\svchost.exe[1040] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 007A1D10
.text C:\WINDOWS\system32\svchost.exe[1040] WS2_32.dll!send 71A94C27 5 Bytes JMP 007A7250
.text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 007A2160
.text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 007A20A0
.text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 007A23A0
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01366390
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01366640
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 013653D0
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01365300
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013611C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01361290
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01362570
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01361000
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 013610A0
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01362510
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 01361D10
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] WS2_32.dll!send 71A94C27 5 Bytes JMP 01367250
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 01362160
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 013620A0
.text C:\WINDOWS\system32\Ati2evxx.exe[1064] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 013623A0
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00CB6390
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00CB6640
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00CB53D0
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00CB5300
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB11C0
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CB1290
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00CB2570
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00CB1000
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00CB10A0
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00CB2510
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00CB1D10
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!send 71A94C27 5 Bytes JMP 00CB7250
.text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00CB2160
.text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 00CB20A0
.text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 00CB23A0
.text C:\WINDOWS\system32\spoolsv.exe[1288] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00D16390
.text C:\WINDOWS\system32\spoolsv.exe[1288] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00D16640
.text C:\WINDOWS\system32\spoolsv.exe[1288] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00D153D0
.text C:\WINDOWS\system32\spoolsv.exe[1288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D15300
.text C:\WINDOWS\system32\spoolsv.exe[1288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D111C0
.text C:\WINDOWS\system32\spoolsv.exe[1288] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D11290
.text C:\WINDOWS\system32\spoolsv.exe[1288] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00D12570
.text C:\WINDOWS\system32\spoolsv.exe[1288] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00D11000
.text C:\WINDOWS\system32\spoolsv.exe[1288] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00D110A0
.text C:\WINDOWS\system32\spoolsv.exe[1288] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00D12510
.text C:\WINDOWS\system32\spoolsv.exe[1288] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00D11D10
.text C:\WINDOWS\system32\spoolsv.exe[1288] WS2_32.dll!send 71A94C27 5 Bytes JMP 00D17250
.text C:\WINDOWS\system32\spoolsv.exe[1288] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00D12160
.text C:\WINDOWS\system32\spoolsv.exe[1288] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 00D120A0
.text C:\WINDOWS\system32\spoolsv.exe[1288] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 00D123A0
.text C:\WINDOWS\Explorer.EXE[1564] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 024B6390
.text C:\WINDOWS\Explorer.EXE[1564] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 024B6640
.text C:\WINDOWS\Explorer.EXE[1564] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 024B53D0
.text C:\WINDOWS\Explorer.EXE[1564] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 024B5300
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024B11C0
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 024B1290
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 024B2570
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 024B1000
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 024B10A0
.text C:\WINDOWS\Explorer.EXE[1564] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 024B2510
.text C:\WINDOWS\Explorer.EXE[1564] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 024B2160
.text C:\WINDOWS\Explorer.EXE[1564] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 024B20A0
.text C:\WINDOWS\Explorer.EXE[1564] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 024B23A0
.text C:\WINDOWS\Explorer.EXE[1564] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 024B1D10
.text C:\WINDOWS\Explorer.EXE[1564] WS2_32.dll!send 71A94C27 5 Bytes JMP 024B7250
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00DB6390
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00DB6640
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00DB53D0
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00DB5300
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB11C0
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB1290
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00DB2570
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00DB1000
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00DB10A0
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00DB2510
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00DB1D10
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] WS2_32.dll!send 71A94C27 5 Bytes JMP 00DB7250
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00DB2160
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 00DB20A0
.text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1700] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 00DB23A0
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510
.text C:\WINDOWS\system32\svchost.exe[1948] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\system32\svchost.exe[1948] WS2_32.dll!send 71A94C27 5 Bytes JMP 000A7250
.text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 000A2160
.text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 000A20A0
.text C:\WINDOWS\system32\svchost.exe[1948] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 000A23A0
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00161D10
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] WS2_32.dll!send 71A94C27 5 Bytes JMP 00167250
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00162160
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 001620A0
.text C:\Documents and Settings\Gonycz\Plocha\gmer\gmer.exe[2088] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 001623A0
.text C:\WINDOWS\System32\alg.exe[2260] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390
.text C:\WINDOWS\System32\alg.exe[2260] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640
.text C:\WINDOWS\System32\alg.exe[2260] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0
.text C:\WINDOWS\System32\alg.exe[2260] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300
.text C:\WINDOWS\System32\alg.exe[2260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0
.text C:\WINDOWS\System32\alg.exe[2260] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290
.text C:\WINDOWS\System32\alg.exe[2260] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570
.text C:\WINDOWS\System32\alg.exe[2260] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000
.text C:\WINDOWS\System32\alg.exe[2260] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0
.text C:\WINDOWS\System32\alg.exe[2260] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510
.text C:\WINDOWS\System32\alg.exe[2260] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\System32\alg.exe[2260] WS2_32.dll!send 71A94C27 5 Bytes JMP 000A7250
.text C:\WINDOWS\System32\alg.exe[2260] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 000A2160
.text C:\WINDOWS\System32\alg.exe[2260] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 000A20A0
.text C:\WINDOWS\System32\alg.exe[2260] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 000A23A0
.text C:\WINDOWS\system32\wscntfy.exe[2388] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390
.text C:\WINDOWS\system32\wscntfy.exe[2388] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640
.text C:\WINDOWS\system32\wscntfy.exe[2388] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0
.text C:\WINDOWS\system32\wscntfy.exe[2388] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0
.text C:\WINDOWS\system32\wscntfy.exe[2388] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510
.text C:\WINDOWS\system32\wscntfy.exe[2388] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\system32\wscntfy.exe[2388] WS2_32.dll!send 71A94C27 5 Bytes JMP 000A7250
.text C:\WINDOWS\system32\wscntfy.exe[2388] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 000A2160
.text C:\WINDOWS\system32\wscntfy.exe[2388] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 000A20A0
.text C:\WINDOWS\system32\wscntfy.exe[2388] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 000A23A0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01926D70 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 01C7D736 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 01C7D713 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 01941C62 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 01C7D694 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00161D10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WS2_32.dll!send 71A94C27 5 Bytes JMP 00167250
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00162160
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 001620A0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3336] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 001623A0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] WS2_32.dll!GetAddrInfoW 71A92899 5 Bytes JMP 00161D10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] WS2_32.dll!send 71A94C27 5 Bytes JMP 00167250
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 108243E6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 10824375 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1046E50D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 1046E9FB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] WININET.dll!HttpSendRequestW 40C1FACE 5 Bytes JMP 00162160
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] WININET.dll!HttpSendRequestA 40C2EEA1 5 Bytes JMP 001620A0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3520] WININET.dll!InternetWriteFile 40C76116 5 Bytes JMP 001623A0

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon@Taskman C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe(2013-05-06 07:34:22)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Vaicix C:\Documents and Settings\Gonycz\Data aplikac?\Microsoft\Vaicix.exe
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe Uxalyv Qasajip Cif

---- Files - GMER 2.1 ----

File C:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe 128512 bytes executable
File C:\Documents and Settings\Gonycz\Plocha\RK_Quarantine\Run_Vaicix0.dat 8192 bytes
File C:\Documents and Settings\Gonycz\Plocha\RK_Quarantine\Vaicix.exe.vir 195072 bytes

---- EOF - GMER 2.1 ----
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#53 Příspěvek od vyosek »

Zdravicko :)

:arrow: Gmer nam neco malo ukazal, jeste pouzijem jeden poradny skener a pak se vrhnem na mazani

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 20 az 35 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
  • Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Gonycz
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 29 led 2011 20:25

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#54 Příspěvek od Gonycz »

Poprosil bych o alternativní link opět mi nejde tento link načíst :(
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#55 Příspěvek od vyosek »

Zde tedy http://vyosek.ic.cz/pro_usery/OTL.exe
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Gonycz
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 29 led 2011 20:25

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#56 Příspěvek od Gonycz »

OTL logfile created on: 6.5.2013 18:33:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gonycz\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,53% Memory free
3,85 Gb Paging File | 2,11 Gb Available in Paging File | 54,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127,99 Gb Total Space | 33,29 Gb Free Space | 26,01% Space Free | Partition Type: NTFS
Drive D: | 337,77 Gb Total Space | 57,49 Gb Free Space | 17,02% Space Free | Partition Type: NTFS
Drive G: | 1153,12 Gb Total Space | 1106,12 Gb Free Space | 95,92% Space Free | Partition Type: NTFS
Drive H: | 244,14 Gb Total Space | 243,55 Gb Free Space | 99,76% Space Free | Partition Type: NTFS

Computer Name: GONY | User Name: Gonycz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.05.06 18:23:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gonycz\Plocha\OTL.exe
PRC - [2013.05.05 17:56:45 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.06.15 16:29:52 | 013,455,360 | ---- | M] () -- C:\Program Files\Centrum Mail\MailClient.exe
PRC - [2009.09.18 01:08:02 | 000,546,312 | ---- | M] (Eugene Gavrilov) -- C:\Program Files\kX Audio Driver\3550\kxmixer.exe
PRC - [2008.04.14 08:52:38 | 000,343,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exe
PRC - [2008.04.14 08:52:28 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012.12.23 22:27:27 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll
MOD - [2012.12.23 22:27:25 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2012.12.23 22:27:21 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.12.23 22:27:20 | 000,159,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_cs_b77a5c561934e089\System.Xml.resources.dll
MOD - [2012.12.23 22:27:17 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2012.12.23 22:24:47 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012.12.23 22:24:41 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012.12.23 22:24:36 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012.07.17 19:14:51 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\QuartzTypeLib\5e19640d55014961d1336abfae68f5f8\QuartzTypeLib.ni.dll
MOD - [2012.07.17 19:14:48 | 000,109,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Search.In#\3d8079ac2c2eff100708c51c5c635b0a\Microsoft.Search.Interop.ni.dll
MOD - [2012.07.17 19:14:47 | 000,035,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Experimen#\d8075c57e7fd3986dc3e0c365310a55d\Microsoft.Experimental.IO.ni.dll
MOD - [2012.07.17 19:14:47 | 000,027,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Exceptio#\fefe653e4572c9913431654057f5a1c0\MailClient.ExceptionUtils.ni.dll
MOD - [2012.07.17 19:14:46 | 000,241,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SgmlReader\198436a85db439a13c648d2bdb77abd2\SgmlReader.ni.dll
MOD - [2012.07.17 19:14:44 | 031,378,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient\46599ac0d267330ea18faa66a989db3e\MailClient.ni.exe
MOD - [2012.07.17 19:14:44 | 000,107,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\NSkype\5ff8a04532831d041e462ec1db1785ae\NSkype.ni.dll
MOD - [2012.07.17 19:14:10 | 000,873,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HTMLEditorControl\f20f0b2d00ea05b006613189a6186288\HTMLEditorControl.ni.dll
MOD - [2012.07.17 19:14:09 | 000,239,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Imap.Base\1f64f871a6b75b46e7d4e1f6fbbcee01\MailClient.Imap.Base.ni.dll
MOD - [2012.07.17 19:14:09 | 000,104,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\FacebookAPI\e0d5b11c970399e16bd5bd87a2cfd792\FacebookAPI.ni.dll
MOD - [2012.07.17 19:14:08 | 001,190,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Esent.Interop\a03035da48d62d6ce961efe140e3a45b\Esent.Interop.ni.dll
MOD - [2012.07.17 19:14:03 | 000,362,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HtmlInterop\2c9dc456cf5c059d526f2af9e33d6753\HtmlInterop.ni.dll
MOD - [2012.07.17 19:14:03 | 000,101,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\NHunspell\ad139b96cc701d4176eb68d9311eac09\NHunspell.ni.dll
MOD - [2012.07.17 19:14:03 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Interop\28da943564288833255c5ce7155508c8\MailClient.Interop.ni.dll
MOD - [2012.07.17 19:14:02 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Sasl\7b3c1507d22f51af71416856c2b9fdf2\MailClient.Sasl.ni.dll
MOD - [2012.07.17 19:14:01 | 001,802,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\jabber-net\896d91fa97719d07213fb45cb2f38494\jabber-net.ni.dll
MOD - [2012.07.17 19:14:00 | 000,494,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Mail\fdc7755d9ee1e4644a9c049e3340f13b\MailClient.Mail.ni.dll
MOD - [2012.07.17 19:13:59 | 000,220,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Google.GData.Extens#\58234123b1d905b32a9afa7b0b580515\Google.GData.Extensions.ni.dll
MOD - [2012.07.17 19:13:58 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Google.GData.Client\66229d09723b93dbb7f05c3a589f7ae3\Google.GData.Client.ni.dll
MOD - [2012.07.17 19:13:58 | 000,105,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Google.GData.Contac#\53ada782b7e98a484614e2583a945c3d\Google.GData.Contacts.ni.dll
MOD - [2012.07.17 19:13:57 | 000,494,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\LinqBridge\8e68abdc1764097dc76c03e41d097668\LinqBridge.ni.dll
MOD - [2012.07.17 19:13:56 | 001,472,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\145d8fa11133dfdb2b6443c80cef864e\Newtonsoft.Json.Net20.ni.dll
MOD - [2012.07.17 19:13:54 | 000,835,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Google.Apis\59f033dd1e36b1e193a9a14cf4bc91c8\Google.Apis.ni.dll
MOD - [2012.07.17 19:13:46 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll
MOD - [2012.07.17 19:13:43 | 000,512,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\df46938a127bc041e3ae295f1b7116dc\System.Data.SQLite.ni.dll
MOD - [2012.07.17 19:13:41 | 000,116,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Collecti#\a6137c4dbfbbb5dd72a739d7ed8406f8\MailClient.Collections.ni.dll
MOD - [2012.07.17 18:27:04 | 001,840,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
MOD - [2012.07.17 17:57:12 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
MOD - [2012.07.17 17:57:04 | 000,997,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
MOD - [2012.07.17 17:57:01 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
MOD - [2012.07.17 17:56:57 | 001,800,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
MOD - [2012.07.17 17:56:02 | 001,711,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
MOD - [2012.07.17 17:55:54 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
MOD - [2012.07.17 17:55:53 | 000,676,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
MOD - [2012.07.17 17:55:49 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2012.07.17 15:55:40 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2012.07.17 15:55:33 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2012.07.17 15:55:17 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2012.07.17 15:55:00 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
MOD - [2012.07.17 15:53:56 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2012.07.17 15:53:48 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2012.06.15 16:29:52 | 013,455,360 | ---- | M] () -- C:\Program Files\Centrum Mail\MailClient.exe
MOD - [2012.06.12 14:55:46 | 000,565,248 | ---- | M] () -- C:\Program Files\Centrum Mail\cs\MailClient.resources.dll
MOD - [2012.06.12 14:55:44 | 000,032,768 | ---- | M] () -- C:\Program Files\Centrum Mail\cs\HtmlEditorControl.resources.dll
MOD - [2012.02.23 19:33:12 | 000,590,336 | ---- | M] () -- C:\Program Files\Centrum Mail\SQLite\x86\sqlite3.dll
MOD - [2012.02.23 19:32:34 | 000,452,096 | ---- | M] () -- C:\Program Files\Centrum Mail\Hunspellx86.dll
MOD - [2008.04.14 08:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013.04.12 08:49:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.13 10:01:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.11 12:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.04.14 08:52:28 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008.04.14 08:52:28 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UNDPX2A.SYS -- (UNDPX2A)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Gonycz\LOCALS~1\Temp\pxtoqpob.sys -- (pxtoqpob)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Setup Files\Ms7181v150\NTIOLib.sys -- (NTIOLib_1_0_6)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Gonycz\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Gonycz\LOCALS~1\Temp\Safe To Delete 3_0_5_2\AMDPCI.sys -- (AMDPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.01.06 18:36:57 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2013.01.06 18:36:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012.11.18 14:15:20 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2012.11.18 14:15:20 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2012.07.15 19:50:21 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.06.11 12:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2010.02.11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.10.12 15:21:54 | 000,100,736 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.09.18 01:08:00 | 000,607,496 | ---- | M] (Eugene Gavrilov) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kx.sys -- (kxwdmdrv)
DRV - [2009.09.10 14:55:52 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.03.01 18:31:14 | 000,062,848 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2400.sys -- (RT2400)
DRV - [2001.08.17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 08:49:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.07.15 19:12:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gonycz\Data aplikací\Mozilla\Extensions
[2013.05.03 19:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\extensions
[2013.05.03 07:18:13 | 000,000,000 | ---D | M] (ccoonntoinuUEtossavea) -- C:\Documents and Settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\extensions\auigebgve@aobo.com
[2013.05.03 10:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.12 08:49:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 08:49:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.27 09:35:02 | 000,002,421 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2013.02.27 09:35:02 | 000,000,851 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.02.27 09:35:02 | 000,001,580 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.02.27 09:35:02 | 000,000,867 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.02.27 09:35:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Seznam (Enabled)
CHR - default_search_provider: search_url = http://search.seznam.cz/?q={searchTerms}
CHR - default_search_provider: suggest_url = http:///suggest.fulltext.seznam.cz/?dict=fulltext_ff&phrase={searchTerms}&encoding={inputEncoding}&response_encoding=utf-8
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gonycz\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - Extension: SEO Profesional Toolbar = C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\adecfhccdknoobplgempjhbojlbpahhn\1.3.0_0\
CHR - Extension: Scroll Bar 1 (Blue) = C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec\1.0_0\
CHR - Extension: Disk Google = C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: ccoonntoinuUEtossavea = C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dbdhkbpldeekecbfnckgcjccmbllaimd\1\
CHR - Extension: PageSpeed Insights (by Google) = C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.2.3_0\
CHR - Extension: PHP Code Editor = C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lgglafkdjaokcebgpphkkliojmjbmicm\0.9_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013.05.05 08:52:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [kX Mixer] C:\Program Files\kX Audio Driver\3550\kxmixer.exe (Eugene Gavrilov)
O4 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005..\Run: [proxzy0229] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe ()
O4 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005..\Run: [Screen Saver Pro 3.1] C:\Documents and Settings\Gonycz\Data aplikací\ScreenSaverPro.scr (FrontRange Solutions)
O4 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Přizpůsobit Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF Nástrojová lišta - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Uložit formuláře - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Vyplnit formulář - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86996986-2DF9-4088-A446-6C8E01845350}: NameServer = 62.129.50.20,85.135.32.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B0F0E5-1AC6-405C-96B0-4072B3D1F944}: NameServer = 62.129.50.20,85.135.32.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe ()
O20 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe ()
O20 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.15 18:42:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.12.06 19:06:50 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.05.06 18:23:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gonycz\Plocha\OTL.exe
[2013.05.06 09:34:00 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\ScreenSaverPro.scr
[2013.05.06 09:23:16 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\17.exe
[2013.05.06 04:45:34 | 000,123,489 | -HS- | C] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\3.exe
[2013.05.06 04:45:31 | 000,125,458 | -HS- | C] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\2.exe
[2013.05.05 17:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gonycz\Plocha\gmer
[2013.05.05 17:05:46 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Gonycz\Plocha\aswMBR.exe
[2013.05.05 08:56:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.05.05 08:52:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.05.05 08:19:34 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\7.exe
[2013.05.04 11:07:39 | 000,123,489 | -HS- | C] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\EF.exe
[2013.05.04 11:07:36 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\EE.exe
[2013.05.04 10:53:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.05.04 10:52:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.04 10:52:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.04 10:52:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.04 10:52:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.04 10:51:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.04 10:51:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gonycz\Nabídka Start\Programy\Nástroje pro správu
[2013.05.04 10:51:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gonycz\Dokumenty\Filmy
[2013.05.04 10:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.04 10:49:40 | 005,065,726 | R--- | C] (Swearware) -- C:\Documents and Settings\Gonycz\Plocha\ComboFix.exe
[2013.05.04 10:47:24 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Gonycz\Plocha\rkill.com
[2013.05.04 06:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2013.05.04 06:33:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2013.05.03 20:44:35 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2013.05.03 20:44:35 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2013.05.03 19:13:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gonycz\Recent
[2013.05.03 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gonycz\Plocha\RK_Quarantine
[2013.05.03 13:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gonycz\Plocha\mbar-1.05.0.1001
[2013.05.03 13:37:35 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\temp.bin
[2013.05.03 12:16:33 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gonycz\Plocha\mbam-setup-1.70.0.1100.exe
[2013.05.03 11:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\Sun
[2013.05.03 10:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gonycz\Data aplikací\Malwarebytes
[2013.05.03 10:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2013.05.03 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2013.05.03 10:58:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.05.03 10:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.03 10:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.03 10:22:48 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.05.03 10:22:48 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.05.03 10:22:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.05.03 10:22:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.05.03 10:22:45 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.05.02 22:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2013.05.02 22:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\StarApp
[2013.05.02 21:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.05.02 21:05:20 | 000,000,000 | ---D | C] -- C:\rsit
[2013.05.02 20:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gonycz\Plocha\placené obrázky
[2013.05.02 18:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gonycz\Plocha\erotickeprodukty.cz
[2013.05.01 10:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gonycz\Nabídka Start\Programy\Fishtank Interactive
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.05.06 18:35:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.05.06 18:23:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gonycz\Plocha\OTL.exe
[2013.05.06 18:02:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.06 18:02:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.06 18:01:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.06 12:29:53 | 000,526,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.06 12:29:53 | 000,523,316 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2013.05.06 12:29:53 | 000,107,152 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2013.05.06 12:29:53 | 000,091,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.06 09:34:21 | 000,043,020 | ---- | M] () -- C:\Documents and Settings\Gonycz\Data aplikací\1.exe
[2013.05.06 09:33:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.06 09:23:16 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\17.exe
[2013.05.06 09:23:07 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\temp.bin
[2013.05.06 09:23:07 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\ScreenSaverPro.scr
[2013.05.06 09:19:49 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.06 06:18:47 | 000,125,458 | -HS- | M] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\2.exe
[2013.05.06 04:45:34 | 000,123,489 | -HS- | M] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\3.exe
[2013.05.05 20:42:13 | 952,541,088 | ---- | M] () -- C:\Documents and Settings\Gonycz\Plocha\Všemocný-2011-CZ-dabing.avi
[2013.05.05 17:11:15 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Gonycz\Plocha\MBR.dat
[2013.05.05 17:09:44 | 000,368,554 | ---- | M] () -- C:\Documents and Settings\Gonycz\Plocha\gmer.zip
[2013.05.05 17:05:47 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Gonycz\Plocha\aswMBR.exe
[2013.05.05 08:52:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.05 08:39:47 | 000,001,204 | ---- | M] () -- C:\CF-Submit.htm
[2013.05.05 08:19:34 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\7.exe
[2013.05.04 11:07:39 | 000,123,489 | -HS- | M] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\EF.exe
[2013.05.04 11:07:36 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\EE.exe
[2013.05.04 10:53:56 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2013.05.04 10:49:48 | 005,065,726 | R--- | M] (Swearware) -- C:\Documents and Settings\Gonycz\Plocha\ComboFix.exe
[2013.05.04 10:47:31 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Gonycz\Plocha\rkill.com
[2013.05.04 07:13:59 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2013.05.03 16:56:41 | 000,628,743 | ---- | M] () -- C:\Documents and Settings\Gonycz\Plocha\adwcleaner.exe
[2013.05.03 15:06:19 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Gonycz\Plocha\RogueKiller.exe
[2013.05.03 12:16:34 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gonycz\Plocha\mbam-setup-1.70.0.1100.exe
[2013.05.03 11:01:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2013.05.03 10:22:32 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013.05.03 10:22:32 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.05.03 10:22:32 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.05.03 10:22:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.05.03 10:22:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.05.03 10:22:32 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.05.03 10:22:32 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.05.02 21:05:15 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Gonycz\Plocha\RSIT.exe
[2013.05.02 11:16:41 | 000,591,477 | ---- | M] () -- C:\Documents and Settings\Gonycz\Plocha\brozuza-jak-psat-uspesne-texty.pdf
[2013.05.01 15:23:07 | 007,194,760 | ---- | M] () -- C:\Documents and Settings\Gonycz\Plocha\kxdrv3550-x86-full.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.06 18:35:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.05.06 09:34:21 | 000,043,020 | ---- | C] () -- C:\Documents and Settings\Gonycz\Data aplikací\1.exe
[2013.05.05 18:56:10 | 952,541,088 | ---- | C] () -- C:\Documents and Settings\Gonycz\Plocha\Všemocný-2011-CZ-dabing.avi
[2013.05.05 17:11:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Gonycz\Plocha\MBR.dat
[2013.05.05 17:09:41 | 000,368,554 | ---- | C] () -- C:\Documents and Settings\Gonycz\Plocha\gmer.zip
[2013.05.05 08:39:47 | 000,001,204 | ---- | C] () -- C:\CF-Submit.htm
[2013.05.04 10:53:56 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2013.05.04 10:53:52 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2013.05.04 10:52:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.04 10:52:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.04 10:52:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.04 10:52:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.04 10:52:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.04 06:51:06 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
[2013.05.03 16:56:40 | 000,628,743 | ---- | C] () -- C:\Documents and Settings\Gonycz\Plocha\adwcleaner.exe
[2013.05.03 15:06:19 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Gonycz\Plocha\RogueKiller.exe
[2013.05.03 10:58:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2013.05.02 21:05:15 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Gonycz\Plocha\RSIT.exe
[2013.05.02 11:16:37 | 000,591,477 | ---- | C] () -- C:\Documents and Settings\Gonycz\Plocha\brozuza-jak-psat-uspesne-texty.pdf
[2013.05.01 15:22:37 | 007,194,760 | ---- | C] () -- C:\Documents and Settings\Gonycz\Plocha\kxdrv3550-x86-full.exe
[2013.04.26 15:39:56 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2013.04.26 15:39:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2013.03.05 14:17:16 | 000,033,794 | ---- | C] () -- C:\Documents and Settings\Gonycz\Nabídka Start.rar
[2013.02.22 11:29:28 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2013.01.20 23:36:06 | 000,481,811 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1085031214-261478967-1801674531-1005-0.dat
[2013.01.20 23:36:05 | 000,124,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
[2013.01.09 15:45:30 | 000,068,509 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2013.01.09 15:45:30 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2013.01.06 18:36:57 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2013.01.06 18:36:57 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2013.01.05 20:49:20 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2013.01.05 20:49:19 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012.10.19 06:19:47 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gonycz\Data aplikací\$_hpcst$.hpc
[2012.09.30 09:17:27 | 000,001,078 | ---- | C] () -- C:\Documents and Settings\Gonycz\Data aplikací\base64.cer
[2012.08.16 08:20:15 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2012.07.24 18:37:21 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.07.17 20:55:45 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.17 15:50:27 | 000,416,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2012.07.15 20:32:15 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.07.15 20:31:08 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.15 19:03:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012.07.15 18:59:54 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012.07.15 18:43:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.15 18:38:44 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.07.15 18:38:04 | 000,058,716 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012.07.15 18:38:04 | 000,014,691 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2012.07.15 18:38:03 | 000,018,097 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012.06.03 10:44:48 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\staropen.sys

========== ZeroAccess Check ==========

[2012.07.17 15:48:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008.04.14 08:51:42 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.07.15 19:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
[2012.07.24 18:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2012.11.18 09:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GARMIN
[2013.01.20 09:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2012.10.13 14:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\KONAMI
[2013.02.20 21:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Particles
[2012.11.24 23:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2013.02.02 18:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RELOADED
[2013.01.26 19:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RoboForm
[2013.05.02 22:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\StarApp
[2013.05.03 16:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2013.01.05 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2013.02.05 12:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Affilorama
[2013.03.08 20:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\AnvSoft
[2012.10.04 20:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Canneverbe Limited
[2013.03.09 22:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\cef-cache
[2013.05.06 16:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Centrum Mail
[2013.03.08 19:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Christofer Persson
[2013.03.03 10:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\DAEMON Tools Lite
[2012.11.18 14:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\ERGOM
[2013.04.29 19:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\FileZilla
[2012.11.18 14:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\GARMIN
[2012.08.12 12:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\IN-MEDIAKG
[2012.08.12 12:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\mresreg
[2012.11.24 23:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Nokia
[2013.04.05 19:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Notepad++
[2013.03.09 22:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Party
[2012.11.24 23:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\PC Suite
[2013.01.05 20:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\PunkBuster
[2013.02.10 08:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\StokedBigAir
[2012.09.01 13:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Targeted Email Finder
[2013.02.20 21:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\TFS2
[2013.01.05 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Ubisoft
[2013.02.21 10:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\uTorrent
[2012.12.02 13:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\YCanPDF

========== Purity Check ==========



========== Custom Scans ==========

< >
[2012.07.15 18:40:08 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012.07.15 18:44:54 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.02.05 07:46:52 | 000,000,936 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.02.05 07:46:53 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.02.12 09:18:34 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\erdnt\cache\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\system32\dllcache\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.05.03 10:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Adobe
[2013.02.05 12:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Affilorama
[2013.03.08 20:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\AnvSoft
[2013.03.11 05:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Apple Computer
[2012.07.17 15:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\ATI
[2012.10.04 20:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Canneverbe Limited
[2013.03.09 22:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\cef-cache
[2013.05.06 16:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Centrum Mail
[2013.03.08 19:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Christofer Persson
[2013.03.03 10:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\DAEMON Tools Lite
[2013.03.08 19:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\dvdcss
[2012.11.18 14:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\ERGOM
[2013.04.29 19:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\FileZilla
[2012.11.18 14:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\GARMIN
[2012.07.27 10:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\HpUpdate
[2012.07.15 18:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Identities
[2012.08.12 12:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\IN-MEDIAKG
[2012.07.15 18:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Macromedia
[2013.05.03 10:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Malwarebytes
[2013.05.01 16:15:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Microsoft
[2012.09.05 20:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Mozilla
[2012.08.12 12:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\mresreg
[2012.11.24 23:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Nokia
[2013.04.05 19:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Notepad++
[2013.03.09 22:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Party
[2012.11.24 23:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\PC Suite
[2013.01.05 20:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\PunkBuster
[2013.02.10 08:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\StokedBigAir
[2012.07.22 12:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Sun
[2012.09.01 13:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Targeted Email Finder
[2013.02.20 21:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\TFS2
[2013.01.05 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\Ubisoft
[2013.02.21 10:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\uTorrent
[2013.05.06 08:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\vlc
[2012.07.17 14:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\WinRAR
[2012.12.02 13:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gonycz\Data aplikací\YCanPDF

< %APPDATA%\*.exe /s >
[2013.05.06 09:34:21 | 000,043,020 | ---- | M] () -- C:\Documents and Settings\Gonycz\Data aplikací\1.exe
[2013.05.06 09:23:16 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\17.exe
[2013.05.06 06:18:47 | 000,125,458 | -HS- | M] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\2.exe
[2013.05.06 04:45:34 | 000,123,489 | -HS- | M] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\3.exe
[2013.05.05 08:19:34 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\7.exe
[2013.05.04 11:07:36 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\EE.exe
[2013.05.04 11:07:39 | 000,123,489 | -HS- | M] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\EF.exe
[2013.05.01 10:17:45 | 000,040,960 | R--- | M] () -- C:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Installer\{797D1DB3-BA0F-4A2D-9F99-5D2C09D0A7FE}\_7D65E701E2A0_4D18_86F7_E1CB6AA922DD.exe
[2011.02.24 17:07:45 | 000,835,440 | R--- | M] () -- C:\Documents and Settings\Gonycz\Data aplikací\PunkBuster\pbsetup\pbsvc.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2013.05.06 18:01:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.05.06 18:02:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.06 18:02:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2012.07.15 20:30:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.07.15 20:30:29 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.07.15 20:30:29 | 000,499,712 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.05.06 12:29:53 | 000,107,152 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2013.05.06 12:29:53 | 000,091,850 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2013.05.06 12:29:53 | 000,523,316 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2013.05.06 12:29:53 | 000,526,058 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2013.05.06 12:29:51 | 001,268,148 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"H/PC Connection Agent" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -- [2006.11.13 16:50:20 | 001,289,000 | ---- | M] (Microsoft Corporation)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Screen Saver Pro 3.1" = C:\Documents and Settings\Gonycz\Data aplikací\ScreenSaverPro.scr -- [2013.05.06 09:23:07 | 000,128,512 | ---- | M] (FrontRange Solutions)
"proxzy0229" = C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe -- [2013.05.06 09:34:21 | 000,043,020 | RHS- | M] ()
"proxzy0229" = C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe -- [2013.05.06 09:34:21 | 000,043,020 | RHS- | M] ()

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.04.12 08:49:56 | 000,920,472 | ---- | M] (Mozilla Corporation) MD5=6F5386A655598F71BAAB2D6B63A69D6A -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) MD5=4E9592BB2C100E571F82640E59E9ECD5 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.05.06 18:35:30 | 000,000,512 | ---- | M] () MD5=BE46113B040E73D437A0C16C2FC7E8C3 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012.10.14 17:36:42 | 000,083,530 | ---- | M] () -- \Documents and Settings\Gonycz\Data aplikací\uTorrent\Assassins Creed Brotherhood [MULTI5][PCDVD][CRACK][WwW.GamesTorrents.CoM].torrent
[2012.11.04 08:05:32 | 000,042,156 | ---- | M] () -- \Documents and Settings\Gonycz\Data aplikací\uTorrent\The Amazing Spiderman [English][PCDVD][CRACK][STEAM UNLOCKED][WwW.GamesTorrents.CoM].torrent
[2012.11.04 08:03:50 | 000,131,536 | ---- | M] () -- \Documents and Settings\Gonycz\Data aplikací\uTorrent\XCOM Enemy Unknown [MULTI9][PCDVD][FULL UNLOCKED][NO CRACK][ALI213][WwW.GamesTorrents.CoM].torrent
[2012.11.04 08:03:50 | 000,131,536 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\PC hry\xcom-enemy-unknown-multi9pcdvdfull-unlockedno-crackali213wwwgamestorrentsco..torrent
[2012.10.14 17:36:42 | 000,083,530 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\PC hry\new\Assassins.Creed.Brotherhood.%5BMULTI5%5D%5BPCDVD%5D%5BCRACK%5D%5BWwW.GamesTorrents.CoM%5D.t7217.torrent
[2012.10.14 18:18:14 | 000,080,961 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\PC hry\new\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15.%2B.PROPER.CRACK.c4707.torrent
[2013.01.26 19:07:37 | 024,331,238 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Linkbulding\Registrace do katalogu\AI-RoboForm-Enterprise-v7.8.5.7-Crack.rar
[2010.07.22 21:48:40 | 000,087,536 | ---- | M] () -- \Hry\Garshasp\media\beta\fx\particle\texture\crack.dds
[2010.05.19 19:25:24 | 000,119,102 | ---- | M] () -- \Hry\Garshasp\media\beta\scene\kooze\Crack__.mesh
[2010.05.19 19:25:24 | 000,013,668 | ---- | M] () -- \Hry\Garshasp\media\beta\scene\kooze\Crack___mesh.skeleton

< *keygen* /s >
[2012.07.15 19:13:44 | 005,584,147 | ---- | M] () -- \Documents and Settings\Gonycz\Dokumenty\Stažené soubory\winrar_4-00_32bit_and_64bit_full-version_keygen.zip

< *loader* /s >
[2012.07.26 21:17:04 | 000,001,918 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
[2012.08.09 12:19:34 | 704,954,368 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\FILMY\Tvrda.Hra.3.Juniorska.Liga.2008.DVDRip.XviD.CZ.Upload.by.CRAIG-JONES.Of.sMs.Uploaders.Uploads.avi
[2013.03.14 21:53:12 | 000,006,611 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\placené themes\Themes výber\iMagMag\admin\assets\js\of-medialibrary-uploader.js
[2013.03.14 21:53:14 | 000,006,263 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\placené themes\Themes výber\iMagMag\admin\functions\functions.mediauploader.php
[2013.03.14 21:53:20 | 000,010,326 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\placené themes\Themes výber\iMagMag\images\camera-loader.gif
[2013.03.14 21:53:12 | 000,006,611 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\placené themes\Themes výber\iMagMag\iMagMag\admin\assets\js\of-medialibrary-uploader.js
[2013.03.14 21:53:14 | 000,006,263 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\placené themes\Themes výber\iMagMag\iMagMag\admin\functions\functions.mediauploader.php
[2013.03.14 21:53:20 | 000,010,326 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\placené themes\Themes výber\iMagMag\iMagMag\images\camera-loader.gif
[2012.01.13 21:05:45 | 000,033,097 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Všechny weby\Web ele cigareta\web\wp-includes\script-loader.php
[2012.01.13 21:05:55 | 000,001,940 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Všechny weby\Web ele cigareta\web\wp-includes\template-loader.php
[2010.08.04 21:42:20 | 000,032,349 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Všechny weby\Web fitness\wordpress-3.0.1-cs_CZ\wordpress\wp-includes\script-loader.php
[2010.08.04 21:42:22 | 000,001,893 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Všechny weby\Web fitness\wordpress-3.0.1-cs_CZ\wordpress\wp-includes\template-loader.php
[2012.07.31 04:57:00 | 000,000,847 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Wordpress all\Wordpress pluginy\contact-form-7\images\ajax-loader.gif
[2012.08.11 18:35:45 | 000,000,847 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Wordpress all\Wordpress pluginy\Chat upraveny\contact-form-7\images\ajax-loader.gif
[2013.02.15 17:56:02 | 000,000,673 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Wordpress all\Wordpress pluginy\nextgen-gallery\images\ajax-loader.gif
[2013.02.15 17:56:02 | 000,006,820 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Wordpress all\Wordpress pluginy\nextgen-gallery\images\loader.gif
[2012.05.10 13:13:12 | 000,000,911 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Wordpress all\Wordpress pluginy\woocommerce\assets\images\ajax-loader.gif
[2012.04.29 11:45:30 | 000,035,936 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Wordpress all\wordpress\wp-includes\script-loader.php
[2012.04.29 11:45:30 | 000,001,893 | ---- | M] () -- \Documents and Settings\Gonycz\Plocha\Wordpress\Wordpress all\wordpress\wp-includes\template-loader.php
[2003.09.15 15:02:00 | 000,169,384 | ---- | M] () -- \Hry\Counter-Strike 1.6\cstrike\models\qloader.mdl
[2003.09.15 14:55:50 | 000,352,548 | ---- | M] () -- \Hry\Counter-Strike 1.6\valve\models\loader.mdl
[2003.09.15 14:56:04 | 000,012,764 | ---- | M] () -- \Hry\Counter-Strike 1.6\valve\sound\ambience\loader_hydra1.wav
[2003.09.15 14:56:04 | 000,012,164 | ---- | M] () -- \Hry\Counter-Strike 1.6\valve\sound\ambience\loader_step1.wav
[2004.02.03 10:27:56 | 000,113,664 | ---- | M] () -- \Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2009.10.06 05:08:30 | 000,145,082 | ---- | M] () -- \Program Files\HP\HP Deskjet 2050 J510 series\Bin\HelpViewer\Resources\Loader.gif
[2011.07.18 23:33:32 | 000,008,787 | ---- | M] () -- \Program Files\Notepad++\user.manual\sites\all\modules\fancy_login\images\ajax-loader.gif
[2010.01.29 07:43:52 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.11.18 09:36:37 | 000,329,056 | ---- | M] () -- \Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2_loader.dll
[2012.11.18 09:36:38 | 000,293,376 | ---- | M] () -- \Program Files\Ubisoft\Ubisoft Game Launcher\uplay_r1_loader.dll
[3 \Program Files\Ubisoft\Ubisoft Game Launcher\*.tmp files -> \Program Files\Ubisoft\Ubisoft Game Launcher\*.tmp -> ]
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:373E1720

< End of report >
Nahoru
Gonycz
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 29 led 2011 20:25

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#57 Příspěvek od Gonycz »

OTL Extras logfile created on: 6.5.2013 18:33:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gonycz\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,53% Memory free
3,85 Gb Paging File | 2,11 Gb Available in Paging File | 54,82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127,99 Gb Total Space | 33,29 Gb Free Space | 26,01% Space Free | Partition Type: NTFS
Drive D: | 337,77 Gb Total Space | 57,49 Gb Free Space | 17,02% Space Free | Partition Type: NTFS
Drive G: | 1153,12 Gb Total Space | 1106,12 Gb Free Space | 95,92% Space Free | Partition Type: NTFS
Drive H: | 244,14 Gb Total Space | 243,55 Gb Free Space | 99,76% Space Free | Partition Type: NTFS

Computer Name: GONY | User Name: Gonycz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1085031214-261478967-1801674531-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP -- (Hewlett-Packard Co.)
"C:\Hry\Pro Evolution Soccer 2011\pes2011.exe" = C:\Hry\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programy\uTorrent\uTorrent.exe" = C:\Programy\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Hry\Counter-Strike 1.6\hl.exe" = C:\Hry\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Hry\ANNO 1404\Anno4.exe" = C:\Hry\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- ()
"C:\Hry\ANNO 1404\tools\Anno4Web.exe" = C:\Hry\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Web ANNO 1404 -- ()
"C:\Hry\ANNO 1404\tools\Benchmark.exe" = C:\Hry\ANNO 1404\tools\Benchmark.exe:*:Enabled:Anno 1404 Setup Benchmark -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{11BFB898-71E5-488A-A8FF-0E462667FB72}" = Soldier of Fortune Payback
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA96E54-9D16-4CA5-AA9E-B0FA93356865}" = Centrum Mail
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 3.2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{518A54AE-002F-406F-BB48-620676AB9960}" = Anno 1404
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{797D1DB3-BA0F-4A2D-9F99-5D2C09D0A7FE}" = Car Tycoon
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Nápověda
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACDEA81-4773-41AB-8B33-79573D560827}" = CDBurnerXP
"{9D0FB354-3D85-483A-A899-99FB3084942D}" = Garmin MapSource
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F51ACD8B-44FD-4780-874A-5B951643E355}" = Základní software zařízení HP Deskjet 2050 J510 series
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Rybicky 2 - Na nove adrese}_is1" = Rybičky 2 - Na nové adrese 1.0
"1st Subscription Manager_is1" = 1st Subscription Manager
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-8-5-7 (All Users)
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"aTube Catcher" = aTube Catcher
"CCleaner" = CCleaner
"Counter-Strike 1.6" = Counter-Strike 1.6
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fighting Force" = Fighting Force
"FileZilla Client" = FileZilla Client 3.6.0.2
"Google Chrome" = Google Chrome
"HP Photo & Imaging" = HP Image Zone 4.7
"ie8" = Windows Internet Explorer 8
"Kubik SMS DreamCom_is1" = Kubik SMS DreamCom 5.80
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mozilla Firefox 20.0.1 (x86 cs)" = Mozilla Firefox 20.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.93
"Star Wars Knights of the Old Republic" = Star Wars Knights of the Old Republic
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-261478967-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"518496c506da956e" = RegTool2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.10.2012 2:14:09 | Computer Name = GONY | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 - Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb ... 2/5/00.asp

Error - 1.12.2012 9:58:09 | Computer Name = GONY | Source = MsiInstaller | ID = 10005
Description = Produkt: Aktualizace ovladače pro aplikaci Centrum zařízení Windows
Mobile - Vybraná aktualizace nebude nainstalována, protože je určena pouze pro
systém Windows Vista a novější systémy Windows.

Error - 25.12.2012 3:07:45 | Computer Name = GONY | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 4.1.2013 3:36:12 | Computer Name = GONY | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 5.1.2013 5:59:07 | Computer Name = GONY | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 9.3.2013 16:25:41 | Computer Name = GONY | Source = Application Error | ID = 1000
Description = Chybující aplikace pprekop.exe, verze 4.2.0.172, chybující modul ole32.dll,
verze 5.1.2600.2182, adresa chyby 0x10017bed.

Error - 24.3.2013 15:18:35 | Computer Name = GONY | Source = Chrome | ID = 1
Description =

Error - 7.4.2013 10:35:01 | Computer Name = GONY | Source = Chrome | ID = 1
Description =

[ Application Events ]
Error - 14.10.2012 2:14:09 | Computer Name = GONY | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 - Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb ... 2/5/00.asp

Error - 1.12.2012 9:58:09 | Computer Name = GONY | Source = MsiInstaller | ID = 10005
Description = Produkt: Aktualizace ovladače pro aplikaci Centrum zařízení Windows
Mobile - Vybraná aktualizace nebude nainstalována, protože je určena pouze pro
systém Windows Vista a novější systémy Windows.

Error - 25.12.2012 3:07:45 | Computer Name = GONY | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 4.1.2013 3:36:12 | Computer Name = GONY | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 5.1.2013 5:59:07 | Computer Name = GONY | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 9.3.2013 16:25:41 | Computer Name = GONY | Source = Application Error | ID = 1000
Description = Chybující aplikace pprekop.exe, verze 4.2.0.172, chybující modul ole32.dll,
verze 5.1.2600.2182, adresa chyby 0x10017bed.

Error - 24.3.2013 15:18:35 | Computer Name = GONY | Source = Chrome | ID = 1
Description =

Error - 7.4.2013 10:35:01 | Computer Name = GONY | Source = Chrome | ID = 1
Description =

[ System Events ]
Error - 5.5.2013 2:48:51 | Computer Name = GONY | Source = Service Control Manager | ID = 7031
Description = Služba Správa služby IIS byla nečekaně ukončena. Stalo se to 5 krát.
Následující opravná akce bude spuštěna za 1 milisekund: Spustit nakonfigurovaný
program pro obnovení.

Error - 5.5.2013 2:48:51 | Computer Name = GONY | Source = Service Control Manager | ID = 7034
Description = Služba Publikování na webu byla neočekávaně ukončena. Tento stav nastal
již 5krát.

Error - 5.5.2013 11:26:48 | Computer Name = GONY | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.

Error - 5.5.2013 11:26:57 | Computer Name = GONY | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.

Error - 5.5.2013 11:55:45 | Computer Name = GONY | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.

Error - 5.5.2013 12:00:12 | Computer Name = GONY | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.

Error - 5.5.2013 12:00:18 | Computer Name = GONY | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.

Error - 5.5.2013 14:36:37 | Computer Name = GONY | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby stisvc.

Error - 6.5.2013 5:17:42 | Computer Name = GONY | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.

Error - 6.5.2013 5:42:21 | Computer Name = GONY | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.


< End of report >
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#58 Příspěvek od vyosek »

:arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :otl
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UNDPX2A.SYS -- (UNDPX2A)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Gonycz\LOCALS~1\Temp\pxtoqpob.sys -- (pxtoqpob)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Setup Files\Ms7181v150\NTIOLib.sys -- (NTIOLib_1_0_6)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Gonycz\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Gonycz\LOCALS~1\Temp\Safe To Delete 3_0_5_2\AMDPCI.sys -- (AMDPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdLLD.sys -- (AmdLLD)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1085031214-261478967-1801674531-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
CHR - default_search_provider: suggest_url = http:///suggest.fulltext.seznam.cz/?dict=fulltext_ff&phrase={searchTerms}&encoding={inputEncoding}&response_encoding=utf-8
O4 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005..\Run: [proxzy0229] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe ()
O20 - HKU\S-1-5-21-1085031214-261478967-1801674531-1005 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe ()
[2013.05.06 09:34:00 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\ScreenSaverPro.scr
[2013.05.06 09:23:16 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\17.exe
[2013.05.06 04:45:34 | 000,123,489 | -HS- | C] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\3.exe
[2013.05.06 04:45:31 | 000,125,458 | -HS- | C] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\2.exe
[2013.05.05 08:19:34 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\7.exe
[2013.05.04 11:07:39 | 000,123,489 | -HS- | C] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\EF.exe
[2013.05.04 11:07:36 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\EE.exe
[2013.05.03 13:37:35 | 000,128,512 | ---- | C] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\temp.bin
[2013.05.06 09:19:49 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
[2013.05.06 09:34:21 | 000,043,020 | ---- | M] () -- C:\Documents and Settings\Gonycz\Data aplikací\1.exe
[2013.05.06 09:23:16 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\17.exe
[2013.05.06 06:18:47 | 000,125,458 | -HS- | M] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\2.exe
[2013.05.06 04:45:34 | 000,123,489 | -HS- | M] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\3.exe
[2013.05.05 08:19:34 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\7.exe
[2013.05.04 11:07:36 | 000,128,512 | ---- | M] (FrontRange Solutions) -- C:\Documents and Settings\Gonycz\Data aplikací\EE.exe
[2013.05.04 11:07:39 | 000,123,489 | -HS- | M] (House) -- C:\Documents and Settings\Gonycz\Data aplikací\EF.exe
[2013.05.01 10:17:45 | 000,040,960 | R--- | M] () -- C:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Installer\{797D1DB3-BA0F-4A2D-9F99-5D2C09D0A7FE}\_7D65E701E2A0_4D18_86F7_E1CB6AA922DD.exe
[2013.05.06 18:01:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.05.06 18:02:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.06 18:02:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:373E1720

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vaicix"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"=-
"5910:TCP"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Screen Saver Pro 3.1"=-
"proxzy0229"=-
"proxzy0229"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Driver Setup"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Microsoft Driver Setup"=-

:files
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
c:\windows\yndrive32.exe
C:\Documents and Settings\Gonycz\Data aplikací\*.exe
C:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe
C:\RECYCLER
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Gonycz
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 29 led 2011 20:25

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#59 Příspěvek od Gonycz »

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service UNDPX2A stopped successfully!
Service UNDPX2A deleted successfully!
File C:\WINDOWS\system32\drivers\UNDPX2A.SYS not found.
Error: No service named pxtoqpob was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pxtoqpob deleted successfully.
File C:\DOCUME~1\Gonycz\LOCALS~1\Temp\pxtoqpob.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service NTIOLib_1_0_6 stopped successfully!
Service NTIOLib_1_0_6 deleted successfully!
File C:\Program Files\Setup Files\Ms7181v150\NTIOLib.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Error: No service named aswMBR was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMBR deleted successfully.
File C:\DOCUME~1\Gonycz\LOCALS~1\Temp\aswMBR.sys not found.
Service AMDPCI stopped successfully!
Service AMDPCI deleted successfully!
File C:\DOCUME~1\Gonycz\LOCALS~1\Temp\Safe To Delete 3_0_5_2\AMDPCI.sys not found.
Service AmdLLD stopped successfully!
Service AmdLLD deleted successfully!
File system32\DRIVERS\AmdLLD.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-1085031214-261478967-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1085031214-261478967-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-261478967-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_USERS\S-1-5-21-1085031214-261478967-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Run\\proxzy0229 deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-261478967-1801674531-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe not found.
C:\Documents and Settings\Gonycz\Data aplikací\ScreenSaverPro.scr moved successfully.
C:\Documents and Settings\Gonycz\Data aplikací\17.exe moved successfully.
C:\Documents and Settings\Gonycz\Data aplikací\3.exe moved successfully.
C:\Documents and Settings\Gonycz\Data aplikací\2.exe moved successfully.
C:\Documents and Settings\Gonycz\Data aplikací\7.exe moved successfully.
C:\Documents and Settings\Gonycz\Data aplikací\EF.exe moved successfully.
C:\Documents and Settings\Gonycz\Data aplikací\EE.exe moved successfully.
C:\Documents and Settings\Gonycz\Data aplikací\temp.bin moved successfully.
C:\Documents and Settings\Gonycz\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37.tmp folder deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp deleted successfully.
C:\Documents and Settings\Gonycz\Data aplikací\1.exe moved successfully.
File C:\Documents and Settings\Gonycz\Data aplikací\17.exe not found.
File C:\Documents and Settings\Gonycz\Data aplikací\2.exe not found.
File C:\Documents and Settings\Gonycz\Data aplikací\3.exe not found.
File C:\Documents and Settings\Gonycz\Data aplikací\7.exe not found.
File C:\Documents and Settings\Gonycz\Data aplikací\EE.exe not found.
File C:\Documents and Settings\Gonycz\Data aplikací\EF.exe not found.
C:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Installer\{797D1DB3-BA0F-4A2D-9F99-5D2C09D0A7FE}\_7D65E701E2A0_4D18_86F7_E1CB6AA922DD.exe moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:373E1720 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Vaicix deleted successfully.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Screen Saver Pro 3.1 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\proxzy0229 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\proxzy0229 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft Driver Setup not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\\Microsoft Driver Setup not found.
========== FILES ==========
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk moved successfully.
File\Folder c:\windows\yndrive32.exe not found.
File\Folder C:\Documents and Settings\Gonycz\Data aplikací\*.exe not found.
File\Folder C:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe not found.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc9 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc8 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc73 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc72 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc30 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc29 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc27 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc24 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc20.Final_FULL\SEO.Administrator.v3.0.Final_FULL folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc20.Final_FULL folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc18.1021\mbar\Languages folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc18.1021\mbar\imageformats folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc18.1021\mbar\Data\Configuration folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc18.1021\mbar\Data folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc18.1021\mbar folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc18.1021 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc17.1009\mbar\Languages folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc17.1009\mbar\imageformats folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc17.1009\mbar\Data\Configuration folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc17.1009\mbar\Data folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc17.1009\mbar folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005\Dc17.1009 folder moved successfully.
C:\RECYCLER\S-1-5-21-1085031214-261478967-1801674531-1005 folder moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259 folder moved successfully.
C:\RECYCLER folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gonycz
->Temp folder emptied: 11799189 bytes
->Temporary Internet Files folder emptied: 47558344 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 170198173 bytes
->Google Chrome cache emptied: 469536580 bytes
->Flash cache emptied: 4632 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3414 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 667,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Gonycz
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Gonycz
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05062013_200028

Files\Folders moved on Reboot...
C:\Documents and Settings\Gonycz\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\Documents and Settings\Gonycz\Local Settings\Temp\~DF1ACD.tmp not found!
File\Folder C:\Documents and Settings\Gonycz\Local Settings\Temp\~DFC690.tmp not found!
File\Folder C:\Documents and Settings\Gonycz\Local Settings\Temp\~DFC6A6.tmp not found!
File\Folder C:\Documents and Settings\Gonycz\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu počítač se pomalý a nestabilní

#60 Příspěvek od vyosek »

Tak co PC, nastala nejaka zmena?
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“