Zpomalený notebook, malware

Zpráva

Armwrestler · #1 Příspěvek od **Armwrestler** » 14 úno 2014 16:32

Dobrý den,
prosím Vás o kontrologu logu.
Notebook začal být extrémně pomalý, hlavně po startu, když se načtou aplikace, tak například trvá cca minutu a víc, než se otevře tento počítač, šílenost. Místa na HDD je dost, projel jsem to Nodem - nic, pak Malwarebytes Anti-Malware, ten našel 3 věci.
Nalezené klíče v registru: 1
HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Nebyla provedena žádná instrukce.
Nalezené soubory: 2
C:\Documents and Settings\Eva\Dokumenty\Dojení\Stažené soubory\rcpsetup_dcnew_300_pd.exe (PUP.Optional.RegCleanerPro) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> Nebyla provedena žádná instrukce.

Po restartu stejná písnička.
Majitelka (máti) stahuje z ulož.to kdeco (i viry), aniž by byl antivirák, takže předpokládám další svinstvo.

Ještě dodávám, že jsem to projel CCcleanerem, HD tach, HD sentinel, zdá se ok.

Přikládám log z hijack this, díky, že mrknete:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:49, on 14.2.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Eva\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eva\Dokumenty\Stažené soubory\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 4255 bytes

Ještě doplňuju o FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Eva (administrator) on EVIK on 14-02-2014 16:38:23
Running from C:\Documents and Settings\Eva\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(H.D.S. Hungary) C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
(BlazeVideo Company) C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
(Realtek Semiconductor Corp.) C:\Documents and Settings\Eva\Local Settings\Temp\RtkBtMnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Eva\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16342528 2007-05-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [Hard Disk Sentinel] - C:\Program Files\Hard Disk Sentinel\HDSentinel.exe [4460176 2014-01-30] (H.D.S. Hungary)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: C:\WINDOWS\system32\WgaLogon.dll ()
HKU\S-1-5-21-1214440339-1677128483-725345543-1003\...\Run: [BlazeServoTool] - C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [286720 2010-03-06] (BlazeVideo Company)
HKU\S-1-5-21-1214440339-1677128483-725345543-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17FC ... 2013-01-06 09:21:28&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default
FF user.js: detected! => C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default\user.js
FF Homepage: hxxp://www.seznam.cz/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-02-14]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\Eva\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-03-06]

========================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-09-20] (Broadcom Corp.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [66432 2011-09-27] (ENE Technology Inc.)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118768 2013-09-17] (ESET)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [46080 2011-09-27] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [81152 2011-09-27] (ENE Technology Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210816 2007-04-26] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2007-04-26] (Conexant Systems, Inc.)
S3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [145152 2012-11-17] (ITE )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-14 16:38 - 2014-02-14 16:38 - 00009075 _____ () C:\Documents and Settings\Eva\Plocha\FRST.txt
2014-02-14 16:36 - 2014-02-14 16:38 - 00000000 ____D () C:\FRST
2014-02-14 16:36 - 2014-02-14 16:36 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Eva\Plocha\FRSTLauncher.exe
2014-02-14 16:35 - 2014-02-14 16:36 - 01141248 _____ (Farbar) C:\Documents and Settings\Eva\Plocha\FRST.exe
2014-02-14 15:06 - 2014-02-14 15:06 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-02-14 15:06 - 2014-02-14 15:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 15:06 - 2014-02-14 15:06 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\Malwarebytes
2014-02-14 15:06 - 2014-02-14 15:06 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-02-14 15:06 - 2014-02-14 15:06 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-14 15:06 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-14 14:43 - 2014-02-14 14:58 - 00000000 ____D () C:\Program Files\Hard Disk Sentinel
2014-02-14 14:43 - 2014-02-14 14:43 - 00000690 _____ () C:\Documents and Settings\Eva\Plocha\Hard Disk Sentinel.lnk
2014-02-14 14:43 - 2014-02-14 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Hard Disk Sentinel
2014-02-14 14:36 - 2014-02-14 14:36 - 00000821 _____ () C:\Documents and Settings\Eva\Plocha\HD Tach.lnk
2014-02-14 14:36 - 2014-02-14 14:36 - 00000000 ____D () C:\Program Files\Simpli Software
2014-02-14 14:36 - 2014-02-14 14:36 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Simpli Software
2014-02-14 14:14 - 2014-02-14 14:14 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-02-14 00:58 - 2014-02-14 00:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-14 00:44 - 2014-02-14 00:58 - 00003318 _____ () C:\WINDOWS\updspapi.log
2014-02-14 00:43 - 2014-02-14 00:44 - 00024010 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-14 00:41 - 2014-02-14 00:42 - 00016962 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-14 00:25 - 2014-02-14 00:25 - 00000000 ____D () C:\Program Files\ESET
2014-02-14 00:25 - 2014-02-14 00:25 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
2014-02-14 00:25 - 2014-02-14 00:25 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ESET
2014-02-14 00:15 - 2014-02-14 00:58 - 00037904 _____ () C:\WINDOWS\KB2916036.log
2014-02-13 23:57 - 2014-02-13 23:58 - 00000000 ____D () C:\Documents and Settings\Eva\Local Settings\Data aplikací\Avg2013
2014-02-07 16:44 - 2014-02-14 00:07 - 00004347 _____ () C:\WINDOWS\setupapi.log
2014-02-07 15:58 - 2014-02-07 16:16 - 00000000 __SHD () C:\Documents and Settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-07 15:47 - 2014-02-14 00:58 - 00070333 _____ () C:\WINDOWS\iis6.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00036395 _____ () C:\WINDOWS\FaxSetup.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00029110 _____ () C:\WINDOWS\ocgen.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00021243 _____ () C:\WINDOWS\tsoc.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00017166 _____ () C:\WINDOWS\msmqinst.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00012821 _____ () C:\WINDOWS\comsetup.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00009073 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00007002 _____ () C:\WINDOWS\netfxocm.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00003201 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00002512 _____ () C:\WINDOWS\ocmsn.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00002174 _____ () C:\WINDOWS\msgsocm.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00001555 _____ () C:\WINDOWS\tabletoc.log
2014-02-07 15:47 - 2014-02-14 00:58 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-07 15:47 - 2014-02-14 00:44 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-07 15:47 - 2014-02-07 15:47 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-07 15:47 - 2014-02-07 15:47 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-01-15 19:14 - 2014-01-15 19:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$

==================== One Month Modified Files and Folders =======

2014-02-14 16:38 - 2014-02-14 16:38 - 00009075 _____ () C:\Documents and Settings\Eva\Plocha\FRST.txt
2014-02-14 16:38 - 2014-02-14 16:36 - 00000000 ____D () C:\FRST
2014-02-14 16:38 - 2011-09-27 16:22 - 00000000 ____D () C:\Documents and Settings\Eva\Plocha
2014-02-14 16:37 - 2013-01-06 08:24 - 00000000 ____D () C:\Documents and Settings\Eva\Dokumenty\Stažené soubory
2014-02-14 16:37 - 2011-09-27 16:22 - 00000000 ___HD () C:\Documents and Settings\Eva\Local Settings\Data aplikací
2014-02-14 16:36 - 2014-02-14 16:36 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Eva\Plocha\FRSTLauncher.exe
2014-02-14 16:36 - 2014-02-14 16:35 - 01141248 _____ (Farbar) C:\Documents and Settings\Eva\Plocha\FRST.exe
2014-02-14 16:34 - 2013-11-17 07:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 16:19 - 2011-09-27 16:15 - 02413064 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-14 16:13 - 2013-02-22 18:44 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-14 16:09 - 2011-09-27 18:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-14 16:08 - 2011-09-27 23:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2014-02-14 16:08 - 2011-09-27 18:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-14 16:08 - 2011-09-27 16:21 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-14 16:07 - 2011-09-27 21:05 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-02-14 16:07 - 2011-09-27 16:22 - 00000178 ___SH () C:\Documents and Settings\Eva\ntuser.ini
2014-02-14 16:07 - 2011-09-27 16:21 - 00032632 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-14 15:06 - 2014-02-14 15:06 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-02-14 15:06 - 2014-02-14 15:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 15:06 - 2014-02-14 15:06 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\Malwarebytes
2014-02-14 15:06 - 2014-02-14 15:06 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-02-14 15:06 - 2014-02-14 15:06 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-14 15:06 - 2011-09-27 18:06 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-02-14 15:06 - 2011-09-27 18:06 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-02-14 15:06 - 2011-09-27 18:05 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-02-14 15:06 - 2011-09-27 16:22 - 00000000 __RHD () C:\Documents and Settings\Eva\Data aplikací
2014-02-14 14:58 - 2014-02-14 14:43 - 00000000 ____D () C:\Program Files\Hard Disk Sentinel
2014-02-14 14:43 - 2014-02-14 14:43 - 00000690 _____ () C:\Documents and Settings\Eva\Plocha\Hard Disk Sentinel.lnk
2014-02-14 14:43 - 2014-02-14 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Hard Disk Sentinel
2014-02-14 14:36 - 2014-02-14 14:36 - 00000821 _____ () C:\Documents and Settings\Eva\Plocha\HD Tach.lnk
2014-02-14 14:36 - 2014-02-14 14:36 - 00000000 ____D () C:\Program Files\Simpli Software
2014-02-14 14:36 - 2014-02-14 14:36 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Simpli Software
2014-02-14 14:14 - 2014-02-14 14:14 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-02-14 01:35 - 2013-01-06 09:39 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-02-14 01:09 - 2011-09-27 20:59 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-14 00:58 - 2014-02-14 00:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-14 00:58 - 2014-02-14 00:44 - 00003318 _____ () C:\WINDOWS\updspapi.log
2014-02-14 00:58 - 2014-02-14 00:15 - 00037904 _____ () C:\WINDOWS\KB2916036.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00070333 _____ () C:\WINDOWS\iis6.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00036395 _____ () C:\WINDOWS\FaxSetup.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00029110 _____ () C:\WINDOWS\ocgen.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00021243 _____ () C:\WINDOWS\tsoc.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00017166 _____ () C:\WINDOWS\msmqinst.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00012821 _____ () C:\WINDOWS\comsetup.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00009073 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00007002 _____ () C:\WINDOWS\netfxocm.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00003201 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00002512 _____ () C:\WINDOWS\ocmsn.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00002174 _____ () C:\WINDOWS\msgsocm.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00001555 _____ () C:\WINDOWS\tabletoc.log
2014-02-14 00:58 - 2014-02-07 15:47 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-14 00:53 - 2011-09-27 18:06 - 00980888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-14 00:48 - 2013-08-25 20:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-14 00:46 - 2011-09-27 23:12 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-14 00:44 - 2014-02-14 00:43 - 00024010 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-14 00:44 - 2014-02-07 15:47 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-14 00:44 - 2011-09-27 23:32 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-14 00:42 - 2014-02-14 00:41 - 00016962 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-14 00:25 - 2014-02-14 00:25 - 00000000 ____D () C:\Program Files\ESET
2014-02-14 00:25 - 2014-02-14 00:25 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
2014-02-14 00:25 - 2014-02-14 00:25 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ESET
2014-02-14 00:07 - 2014-02-07 16:44 - 00004347 _____ () C:\WINDOWS\setupapi.log
2014-02-13 23:58 - 2014-02-13 23:57 - 00000000 ____D () C:\Documents and Settings\Eva\Local Settings\Data aplikací\Avg2013
2014-02-13 23:58 - 2013-01-06 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-02-13 22:16 - 2001-10-25 15:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-09 10:46 - 2011-09-27 16:22 - 00000000 ____D () C:\Documents and Settings\Eva
2014-02-09 09:59 - 2011-10-07 17:17 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\vlc
2014-02-09 08:53 - 2013-01-09 18:43 - 00000000 ____D () C:\Documents and Settings\LocalService\Data aplikací\AVG
2014-02-07 16:52 - 2011-09-27 16:22 - 00000000 ___RD () C:\Documents and Settings\Eva\Nabídka Start
2014-02-07 16:44 - 2011-09-27 17:59 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-02-07 16:16 - 2014-02-07 15:58 - 00000000 __SHD () C:\Documents and Settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-07 16:16 - 2013-01-06 09:36 - 00000000 __SHD () C:\Documents and Settings\All Users\Data aplikací\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-02-07 16:03 - 2013-01-06 09:39 - 00000000 ____D () C:\Documents and Settings\Eva\Data aplikací\AVG
2014-02-07 15:59 - 2013-01-06 09:37 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AVG
2014-02-07 15:47 - 2014-02-07 15:47 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-07 15:47 - 2014-02-07 15:47 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-02-07 15:46 - 2011-10-08 16:44 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Norton
2014-02-07 15:46 - 2011-09-28 02:18 - 00012288 _____ () C:\Documents and Settings\Eva\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-07 15:45 - 2011-10-08 16:44 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-07 15:45 - 2011-09-27 18:06 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2014-02-07 06:17 - 2013-02-22 18:44 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-07 06:17 - 2011-10-07 16:45 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-06 04:38 - 2009-03-08 03:34 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-06 04:38 - 2004-08-17 14:49 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 00:08 - 2012-06-17 19:22 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-06 00:08 - 2011-09-27 23:32 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-06 00:08 - 2011-09-27 23:32 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-06 00:08 - 2011-09-27 23:32 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-06 00:08 - 2011-09-27 23:32 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-06 00:08 - 2011-09-27 23:32 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-06 00:08 - 2011-09-27 23:32 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-06 00:08 - 2011-09-27 23:32 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-06 00:08 - 2009-03-08 13:09 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-06 00:08 - 2009-03-08 03:41 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-06 00:08 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 00:08 - 2009-03-08 03:34 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-06 00:08 - 2009-03-08 03:34 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-06 00:08 - 2009-03-08 03:34 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-06 00:08 - 2009-03-08 03:34 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-06 00:08 - 2009-03-08 03:34 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-06 00:08 - 2009-03-08 03:33 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-06 00:08 - 2009-03-08 03:33 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-06 00:08 - 2009-03-08 03:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-06 00:08 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 00:08 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 00:08 - 2009-03-08 03:32 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-06 00:08 - 2009-03-08 03:31 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-06 00:08 - 2009-03-08 03:31 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-06 00:08 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 00:08 - 2004-08-17 14:49 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 00:08 - 2004-08-17 14:49 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 23:24 - 2009-03-08 03:32 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-05 23:24 - 2004-08-17 14:49 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 23:24 - 2004-08-17 14:44 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-01 13:47 - 2011-09-27 16:22 - 00000000 ___RD () C:\Documents and Settings\Eva\Dokumenty
2014-01-26 15:01 - 2013-01-27 16:28 - 00000000 ____D () C:\Documents and Settings\Eva\Plocha\Učební materiály a písemky
2014-01-18 18:53 - 2011-09-27 16:13 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-01-15 19:14 - 2014-01-15 19:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$

Some content of TEMP:
====================
C:\Documents and Settings\Eva\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\Eva\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Eva\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\Eva\Local Settings\Temp\UNINSTALL.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2004-08-17 14:49] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2004-08-17 14:49] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-17 14:44] - [2008-04-14 06:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:40 GB) (Free:22.95 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:109.04 GB) (Free:81.5 GB) NTFS

Available physical RAM: 665.82 MB
Total physical RAM: 1534.04 MB
Percentage of memory in use: 56%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 149 GB) (Disk ID: 2560255F)
Partition 1: (Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=109 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET NOD32 Antivirus 7.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Internet Security 2013 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Eva\Plocha" je 53 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"="C:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe:*:Enabled:Instaltor AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **Márty84** » 14 úno 2014 16:44

Zdravim

S MBAM byla provedena kompletni kontrola, nebo jen rychla?

Kazdopadne nalezy nechte odstranit, pokud se tak jeste nestalo.

HJT uz se nekolik let nepouziva jako zakladni skener.

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

Armwrestler · #3 Příspěvek od **Armwrestler** » 14 úno 2014 16:55

Zdravím Vás,
vždy dávám kompletní checky.
Nález jsem odstranil, ale po restartu zase slow.
Příkladám log a děkuju:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Eva at 2014-02-14 16:53:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (57%) free of 41 GB
Total RAM: 1534 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:53:05, on 14.2.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Eva\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eva\Plocha\FRSTLauncher.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Eva\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Eva.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 4635 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-09-12 5110672]
"Hard Disk Sentinel"=C:\Program Files\Hard Disk Sentinel\HDSentinel.exe [2014-01-30 4460176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BlazeServoTool"=C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [2010-03-06 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-04-02 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-11 190976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"VIDC.X264"=x264vfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2014-02-14 16:53:03 ----D---- C:\Program Files\trend micro
2014-02-14 16:53:02 ----D---- C:\rsit
2014-02-14 16:36:17 ----D---- C:\FRST
2014-02-14 15:06:47 ----D---- C:\Documents and Settings\Eva\Data aplikací\Malwarebytes
2014-02-14 15:06:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-14 15:06:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 15:06:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-02-14 14:43:24 ----D---- C:\Program Files\Hard Disk Sentinel
2014-02-14 14:36:54 ----D---- C:\Program Files\Simpli Software
2014-02-14 14:14:09 ----D---- C:\WINDOWS\system32\LogFiles
2014-02-14 00:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$
2014-02-14 00:25:23 ----D---- C:\Program Files\ESET
2014-02-14 00:25:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2014-02-13 23:56:10 ----SHD---- C:\Config.Msi
2014-02-07 15:58:44 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-07 15:47:22 ----A---- C:\WINDOWS\imsins.BAK
2014-01-15 19:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$

======List of files/folders modified in the last 1 month======

2014-02-14 16:53:03 ----RD---- C:\Program Files
2014-02-14 16:38:58 ----D---- C:\WINDOWS
2014-02-14 16:38:03 ----D---- C:\WINDOWS\Temp
2014-02-14 16:36:24 ----D---- C:\WINDOWS\Prefetch
2014-02-14 16:34:53 ----D---- C:\Program Files\Mozilla Firefox
2014-02-14 16:31:46 ----D---- C:\WINDOWS\system32\drivers
2014-02-14 16:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2014-02-14 16:07:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-02-14 16:07:01 ----D---- C:\WINDOWS\system32
2014-02-14 01:09:09 ----D---- C:\WINDOWS\Microsoft.NET
2014-02-14 01:09:05 ----RSD---- C:\WINDOWS\assembly
2014-02-14 00:58:10 ----HD---- C:\WINDOWS\inf
2014-02-14 00:58:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-14 00:56:54 ----SHD---- C:\WINDOWS\Installer
2014-02-14 00:53:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-14 00:52:50 ----D---- C:\WINDOWS\WinSxS
2014-02-14 00:48:46 ----D---- C:\WINDOWS\system32\MRT
2014-02-14 00:46:28 ----D---- C:\WINDOWS\Debug
2014-02-14 00:46:09 ----A---- C:\WINDOWS\system32\MRT.exe
2014-02-14 00:44:42 ----D---- C:\Program Files\Internet Explorer
2014-02-14 00:44:22 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-14 00:44:06 ----D---- C:\WINDOWS\ie8updates
2014-02-14 00:02:47 ----D---- C:\Program Files\Common Files
2014-02-13 23:58:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-02-09 09:59:47 ----D---- C:\Documents and Settings\Eva\Data aplikací\vlc
2014-02-07 16:44:55 ----D---- C:\WINDOWS\system32\inetsrv
2014-02-07 16:16:19 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-02-07 16:03:14 ----D---- C:\Documents and Settings\Eva\Data aplikací\AVG
2014-02-07 15:59:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG
2014-02-07 15:46:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2014-02-07 15:45:46 ----SD---- C:\WINDOWS\Tasks
2014-02-07 15:45:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2014-02-07 15:36:09 ----D---- C:\WINDOWS\SoftwareDistribution
2014-02-07 06:17:24 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-06 04:38:36 ----A---- C:\WINDOWS\system32\wininet.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\occache.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\mstime.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\mshtmled.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\licmgr10.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\jsproxy.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\url.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-02-06 00:08:33 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\corpol.dll
2014-02-05 23:24:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2014-01-18 18:53:23 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 184664]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2013-09-17 118768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-04-02 2105344]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-22 161792]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-09-20 1123328]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2011-09-27 66432]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2011-09-27 46080]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2011-09-27 81152]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-26 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-26 210816]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-26 731136]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 IT9135BDA;IT9135 BDA Devices; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [2012-11-17 145152]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-04-02 471040]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-07 257928]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-21 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **Márty84** » 14 úno 2014 16:59

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte ho. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

Armwrestler · #5 Příspěvek od **Armwrestler** » 14 úno 2014 17:04

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2014/02/14 17:04:01

-- Controller Map ----------------------------------------------------------
+ Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVDRAM GSA-T20N
+ Intel(R) 82801GBM/GHM (ICH7-M Family) Serial ATA Storage Controller - 27C4 [ATA]
+ Primární kanál IDE (0)
- Hitachi HTS541616J9SA00
- Sekundární kanál IDE (1)
- ENE PCI Memory Stick Card Reader Controller [SCSI]
- ENE PCI SmartMedia / xD Card Reader Controller [SCSI]
- ENE PCI Secure Digital / MMC Card Reader Controller [SCSI]

-- Disk List ---------------------------------------------------------------
(1) Hitachi HTS541616J9SA00 : 160,0 GB [0/1/0, pd1]

----------------------------------------------------------------------------
(1) Hitachi HTS541616J9SA00
----------------------------------------------------------------------------
Model : Hitachi HTS541616J9SA00
Firmware : SB4OC70P
Serial Number : SB2451SJKJ5NRE
Disk Size : 160,0 GB (8,4/137,4/160,0)
Buffer Size : 7516 KB
Queue Depth : 32
# of Sectors : 312581808
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA/ATAPI-7 T13 1532D version 1
Transfer Mode : SATA/150
Power On Hours : 4040 hod.
Power On Count : 3636 krát
Temparature : 41 C (105 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _86 _86 _62 0000004C002E Počet chyb čtení
02 100 100 _40 000000000000 Průchodnost disku
03 238 238 _33 000D00000001 Čas na roztočení ploten
04 _98 _98 __0 000000000E3D Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 _67 000000000000 Počet chybných hledání
08 100 100 _40 000000000000 Čas potřebný na vyhledání
09 _91 _91 __0 000000000FC8 Hodin v činnosti
0A 100 100 _60 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _98 _98 __0 000000000E34 Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000003C Počet vypnutí disku
C1 _89 _89 __0 00000001AE3A Počet cyklů načítání/vymazání
C2 134 134 __0 0034000C0029 Teplota
C4 100 100 __0 000000000007 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000001 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 253 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 045A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 5342 3234 534A 534A 4B4A 354E 5245
020: 0003 3AB8 0004 5342 344F 3050 3050 4869 7461 6368
030: 6920 4854 5335 3431 3631 3953 3953 4130 3020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 0F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0702 0702 0000 005E 0040
080: 00FC 001A 746B 7F69 6163 3D49 3D49 6163 203F 0029
090: 0000 4080 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 9EB0 12A1 0000 0000 0000 0000 0000 8848 5000 CCA5
110: 1FF1 A1BA 0000 0000 0000 0000 0000 0000 0000 4000
120: 4000 0000 0000 0000 0000 0000 0000 0000 0009 000B
130: 0041 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 4001 0000
150: 8000 0000 344A 0000 0000 4235 4235 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 8000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 2FA5

Armwrestler · #6 Příspěvek od **Armwrestler** » 14 úno 2014 17:15

Asi jsem to tam nechtěte cleannul, posílám oba logy:

# AdwCleaner v3.018 - Report created 14/02/2014 at 17:06:53
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Eva - EVIK
# Running from : C:\Documents and Settings\Eva\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Eva\Data aplikací\Systweak
File Deleted : C:\DOCUME~1\Eva\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Eva\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1966 octets] - [14/02/2014 17:05:00]
AdwCleaner[S0].txt - [1915 octets] - [14/02/2014 17:06:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1975 octets] ##########

# AdwCleaner v3.018 - Report created 14/02/2014 at 17:09:49
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Eva - EVIK
# Running from : C:\Documents and Settings\Eva\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Eva\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1966 octets] - [14/02/2014 17:05:00]
AdwCleaner[R1].txt - [850 octets] - [14/02/2014 17:09:49]
AdwCleaner[S0].txt - [2055 octets] - [14/02/2014 17:06:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [969 octets] ##########

#7 Příspěvek od **Márty84** » 14 úno 2014 17:40

Udelejte kontrolu programem HD Tune
Stahnete http://www.slunecnice.cz/sw/hd-tune/ , nainstalujte a spustte (pokud vam pri instalaci nabidne nejaky doplnek, odmitnete ho!)
V tom okne kliknete na posledni zalozku - Error Scan (pokud bude zatrzeny quick scan, tak zatrzitko zruste) a kliknete na Start.
Kontrola bude nejakou dobu trvat. Dejte vedet, jestli tam bylo nejake cervene policko.
Taky se podivejte na zalozku Health a opiste mi (vyfotte), co se tam pise. Melo by tam byt OK http://www.google.cz/imgres?um=1&hl=cs& ... s:20,i:143

Armwrestler · #8 Příspěvek od **Armwrestler** » 14 úno 2014 19:14

Jedno červené políčko v druhé řadé v pravé polovině.
Přikládám screen shot

: screen.JPG (62.69 KiB) Zobrazeno 950 x

#9 Příspěvek od **Márty84** » 14 úno 2014 19:41

Disk na tom neni nejlepe, i to muze byt pricina problemu. Uvidime po vycisteni.

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Armwrestler · #10 Příspěvek od **Armwrestler** » 14 úno 2014 21:58

Zkoušel jsem i defragmentovat, windowsýckou utilitou i Perfectdiskem, ale asi beze změny. Po startu je to hrozně zasekaný, ale pak jak se to rozjede, tak už se to celkem dá.. ten disk by to asi mohl být, protože když pak kliknu na start - vypnout, tak se to zaseká cca na 20 sekund, pokaždý.
log:

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Eva [Práva správce]
Mód : Kontrola -- Datum : 02/14/2014 21:55:41
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x10001FFD)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541616J9SA00 +++++
--- User ---
[MBR] d5f2ee50bd2d24da06127ff8af6726fa
[BSP] e8dbcc9b52cfa6067641262992345c99 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40962 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83891430 | Size: 111654 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_02142014_215541.txt >>

#11 Příspěvek od **Márty84** » 14 úno 2014 22:23

Tohle defragmentace neopravi. Nejdrive to docistime a pak budem vedet.

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

Armwrestler · #12 Příspěvek od **Armwrestler** » 14 úno 2014 22:30

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Eva [Práva správce]
Mód : Odebrat -- Datum : 02/14/2014 22:27:33
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x10001FFD)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541616J9SA00 +++++
--- User ---
[MBR] d5f2ee50bd2d24da06127ff8af6726fa
[BSP] e8dbcc9b52cfa6067641262992345c99 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40962 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83891430 | Size: 111654 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_02142014_222733.txt >>
RKreport[0]_D_02142014_222551.txt;RKreport[0]_S_02142014_215541.txt;RKreport[0]_S_02142014_222703.txt

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Eva [Práva správce]
Mód : Oprava HOSTS -- Datum : 02/14/2014 22:28:39
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[0]_H_02142014_222839.txt >>
RKreport[0]_D_02142014_222551.txt;RKreport[0]_D_02142014_222733.txt;RKreport[0]_S_02142014_215541.txt
RKreport[0]_S_02142014_222703.txt

#13 Příspěvek od **Márty84** » 14 úno 2014 22:45

Dejte novy log z RSIT

Armwrestler · #14 Příspěvek od **Armwrestler** » 14 úno 2014 22:52

Logfile of random's system information tool 1.09 (written by random/random)
Run by Eva at 2014-02-14 22:51:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (56%) free of 41 GB
Total RAM: 1534 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:51:14, on 14.2.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\Eva\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Eva\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Eva.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe

--
End of file - 4980 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-09-12 5110672]
"Hard Disk Sentinel"=C:\Program Files\Hard Disk Sentinel\HDSentinel.exe [2014-01-30 4460176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BlazeServoTool"=C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [2010-03-06 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-04-02 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-11 190976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"VIDC.X264"=x264vfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2014-02-14 21:54:17 ----A---- C:\WINDOWS\system32\TrueSight.sys
2014-02-14 20:53:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Raxco
2014-02-14 20:53:48 ----D---- C:\Program Files\Common Files\Raxco
2014-02-14 19:46:55 ----D---- C:\Program Files\Raxco
2014-02-14 17:53:03 ----D---- C:\Program Files\HD Tune
2014-02-14 17:04:59 ----D---- C:\AdwCleaner
2014-02-14 16:53:03 ----D---- C:\Program Files\trend micro
2014-02-14 16:53:02 ----D---- C:\rsit
2014-02-14 16:36:17 ----D---- C:\FRST
2014-02-14 16:34:30 ----D---- C:\Program Files\Mozilla Firefox
2014-02-14 15:06:47 ----D---- C:\Documents and Settings\Eva\Data aplikací\Malwarebytes
2014-02-14 15:06:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-14 15:06:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-14 15:06:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-02-14 14:43:24 ----D---- C:\Program Files\Hard Disk Sentinel
2014-02-14 14:36:54 ----D---- C:\Program Files\Simpli Software
2014-02-14 14:14:09 ----D---- C:\WINDOWS\system32\LogFiles
2014-02-14 00:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$
2014-02-14 00:25:23 ----D---- C:\Program Files\ESET
2014-02-14 00:25:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2014-02-07 15:58:44 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-15 19:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$

======List of files/folders modified in the last 1 month======

2014-02-14 22:27:01 ----D---- C:\WINDOWS\system32\drivers
2014-02-14 22:16:35 ----D---- C:\WINDOWS\Temp
2014-02-14 21:54:33 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-14 21:54:17 ----D---- C:\WINDOWS\system32
2014-02-14 21:46:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-02-14 21:08:42 ----SHD---- C:\WINDOWS\Installer
2014-02-14 20:53:56 ----D---- C:\WINDOWS
2014-02-14 20:53:48 ----D---- C:\Program Files\Common Files
2014-02-14 20:34:50 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-02-14 19:49:20 ----D---- C:\WINDOWS\Debug
2014-02-14 19:46:55 ----RD---- C:\Program Files
2014-02-14 16:36:24 ----D---- C:\WINDOWS\Prefetch
2014-02-14 16:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2014-02-14 01:09:09 ----D---- C:\WINDOWS\Microsoft.NET
2014-02-14 01:09:05 ----RSD---- C:\WINDOWS\assembly
2014-02-14 00:58:10 ----HD---- C:\WINDOWS\inf
2014-02-14 00:58:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-14 00:53:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-14 00:52:50 ----D---- C:\WINDOWS\WinSxS
2014-02-14 00:48:46 ----D---- C:\WINDOWS\system32\MRT
2014-02-14 00:46:09 ----A---- C:\WINDOWS\system32\MRT.exe
2014-02-14 00:44:42 ----D---- C:\Program Files\Internet Explorer
2014-02-14 00:44:06 ----D---- C:\WINDOWS\ie8updates
2014-02-13 23:58:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-02-09 09:59:47 ----D---- C:\Documents and Settings\Eva\Data aplikací\vlc
2014-02-07 16:44:55 ----D---- C:\WINDOWS\system32\inetsrv
2014-02-07 16:16:19 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-02-07 16:03:14 ----D---- C:\Documents and Settings\Eva\Data aplikací\AVG
2014-02-07 15:59:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG
2014-02-07 15:46:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2014-02-07 15:45:46 ----SD---- C:\WINDOWS\Tasks
2014-02-07 15:45:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2014-02-07 15:36:09 ----D---- C:\WINDOWS\SoftwareDistribution
2014-02-07 06:17:24 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-06 04:38:36 ----A---- C:\WINDOWS\system32\wininet.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\occache.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\mstime.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\mshtmled.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\licmgr10.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\jsproxy.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\url.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-02-06 00:08:33 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\corpol.dll
2014-02-05 23:24:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2014-01-18 18:53:23 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 184664]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2013-09-17 118768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2011-06-30 138768]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PDFSFilter;PDFsFilter; C:\WINDOWS\system32\DRIVERS\PDFsFilter.sys [2011-06-30 66320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-04-02 2105344]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-22 161792]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-09-20 1123328]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2011-09-27 66432]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2011-09-27 46080]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2011-09-27 81152]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-26 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-26 210816]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-26 731136]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 IT9135BDA;IT9135 BDA Devices; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [2012-11-17 145152]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TrueSight;TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-04-02 471040]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2011-07-07 1252616]
R3 PDEngine;PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2011-07-07 2111752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-07 257928]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-14 118896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#15 Příspěvek od **Márty84** » 14 úno 2014 22:55

Stale tam bezi MBAM. Bud ho odinstalujte, nebo vypnete, jinak bude dochazet ke kolizi s Esetem.

Jeste jeden sken a budem mazat.

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

VIRY.CZ

Zpomalený notebook, malware

Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware

Re: Zpomalený notebook, malware