OTL logfile created on: 14.2.2014 23:11:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eva\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,50 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 53,35% Memory free
3,35 Gb Paging File | 2,76 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 22,21 Gb Free Space | 55,52% Space Free | Partition Type: NTFS
Drive E: | 109,04 Gb Total Space | 81,50 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Computer Name: EVIK | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.02.14 23:10:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eva\Plocha\OTL.exe
PRC - [2014.02.14 16:34:52 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.01.30 08:12:44 | 004,460,176 | ---- | M] (H.D.S. Hungary) -- C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
PRC - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013.09.12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011.09.27 20:00:22 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Eva\Local Settings\Temp\RtkBtMnt.exe
PRC - [2011.07.07 12:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2011.07.07 12:59:18 | 002,111,752 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
PRC - [2010.03.06 17:46:14 | 000,286,720 | ---- | M] (BlazeVideo Company) -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014.02.14 16:34:51 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.02.14 01:08:12 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
MOD - [2014.02.14 00:53:02 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2014.02.14 00:52:59 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014.02.14 00:46:59 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014.02.14 00:46:46 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014.02.14 00:46:22 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014.02.14 00:41:29 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014.02.14 00:41:11 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2011.09.27 21:04:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2670.36974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.09.27 21:04:23 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2670.36984__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.09.27 21:04:23 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2670.36934__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.09.27 21:04:23 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2670.37000__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.09.27 21:04:23 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2670.37252__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011.09.27 21:04:23 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2670.37243__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.09.27 21:04:23 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2670.36998__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2011.09.27 21:04:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2670.36956__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.09.27 21:04:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2670.37113__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.09.27 21:04:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2670.37191__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.09.27 21:04:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2636.18437__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.09.27 21:04:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2636.18458__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.09.27 21:04:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2636.18458__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.09.27 21:04:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2636.18438__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.09.27 21:04:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2636.18457__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.09.27 21:04:21 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2636.18430__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.09.27 21:04:20 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2636.18430__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.09.27 21:04:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.09.27 21:04:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2636.18428__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.09.27 21:04:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2636.18485__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.09.27 21:04:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2636.18442__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011.09.27 21:04:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2636.18438__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.09.27 21:04:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2636.18438__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.09.27 21:04:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2636.18443__90ba9c70f846762e\DEM.OS.dll
MOD - [2011.09.27 21:04:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2636.18441__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.09.27 21:04:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.09.27 21:04:19 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2636.18438__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.09.27 21:04:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2636.18435__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.09.27 21:04:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2636.18437__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.09.27 21:04:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2636.18442__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.09.27 21:04:18 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2636.18443__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2011.09.27 21:04:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2636.18442__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.09.27 21:04:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2642.27815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.09.27 21:04:17 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2636.18451__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.09.27 21:04:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2636.18440__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.09.27 21:04:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2636.18440__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.09.27 21:04:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2636.18451__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.09.27 21:04:17 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2636.18437__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.09.27 21:04:16 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2636.18429__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2011.09.27 21:04:16 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011.09.27 21:04:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2670.37327__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.09.27 21:04:04 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2670.37259_cs_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2011.09.27 21:04:03 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2670.36929__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.09.27 21:04:02 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2670.36967__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.09.27 21:04:02 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2670.37259__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.09.27 21:04:02 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2670.37270__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.09.27 21:04:02 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2670.37267__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.09.27 21:04:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2636.18439__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.09.27 21:04:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2636.18435__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.09.27 21:04:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2636.18458__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.09.27 21:04:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2636.18440__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.09.27 21:04:02 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2636.18433__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.09.27 21:04:01 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2670.36932__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.09.27 21:04:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2636.18437__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.09.27 21:04:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2670.36933__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011.09.27 21:04:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2670.36930__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.09.27 21:04:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2670.37269__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.09.27 21:04:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.09.27 21:04:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2636.18452__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.07.07 12:59:34 | 000,010,504 | ---- | M] () -- C:\Program Files\Raxco\PerfectDisk\PDVmGuestPS.dll
MOD - [2011.06.15 23:14:48 | 000,331,776 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2011.05.28 21:04:58 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.03.29 17:56:26 | 000,024,576 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\RemoteControl\AF9100EXRC.dll
MOD - [2009.02.11 22:30:02 | 000,190,976 | ---- | M] () -- C:\WINDOWS\system32\WgaLogon.dll
MOD - [2008.12.30 12:40:30 | 000,073,728 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\VersionInfo.dll
MOD - [2008.12.30 12:40:26 | 000,106,496 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\mlutil.dll
MOD - [2008.12.30 12:40:26 | 000,032,768 | ---- | M] () -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\MMKeyboardHook.dll
MOD - [2007.03.22 15:30:30 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007.03.02 10:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014.02.14 16:34:51 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.02.07 06:17:26 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.07.07 12:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011.07.07 12:59:18 | 002,111,752 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014.02.14 21:54:17 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - [2013.09.17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013.09.17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013.09.17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2012.11.17 09:32:59 | 000,145,152 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV - [2011.09.27 23:42:58 | 000,081,152 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2011.09.27 23:42:58 | 000,066,432 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2011.09.27 23:42:58 | 000,046,080 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2011.06.30 11:08:24 | 000,066,320 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV - [2011.06.30 11:07:32 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010.04.02 13:18:52 | 002,105,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.09.20 20:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007.07.22 13:41:06 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.05.10 17:28:00 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.04.26 16:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.04.26 16:23:06 | 000,210,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.04.26 16:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1214440339-1677128483-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1214440339-1677128483-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1214440339-1677128483-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014.02.14 00:25:36 | 000,000,000 | ---D | M]
[2011.10.07 16:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eva\Data aplikací\Mozilla\Extensions
[2014.02.07 16:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default\extensions
[2014.02.07 16:45:44 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.02.14 16:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.02.14 16:34:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.09.28 11:23:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Eva\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.3.0.26_0\
CHR - Extension: No name found = C:\Documents and Settings\Eva\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.3.2.10_0\
O1 HOSTS File: ([2014.02.14 22:28:39 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1214440339-1677128483-725345543-1003\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1677128483-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Hard Disk Sentinel] C:\Program Files\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1214440339-1677128483-725345543-1003..\Run: [BlazeServoTool] C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe (BlazeVideo Company)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1677128483-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96DF0AF9-D36B-4949-82D1-E91A908B6338}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Eva\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eva\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.27 16:16:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( )
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.02.14 23:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eva\Plocha\OTL.exe
[2014.02.14 21:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eva\Plocha\RK_Quarantine
[2014.02.14 21:44:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eva\Nabídka Start\Programy\Nástroje pro správu
[2014.02.14 20:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Raxco
[2014.02.14 20:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Raxco
[2014.02.14 19:49:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eva\Recent
[2014.02.14 19:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2014.02.14 17:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\HD Tune
[2014.02.14 17:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2014.02.14 17:04:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.14 17:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eva\Plocha\CrystalDiskInfo5_0_0
[2014.02.14 16:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.02.14 16:53:02 | 000,000,000 | ---D | C] -- C:\rsit
[2014.02.14 16:36:17 | 000,000,000 | ---D | C] -- C:\FRST
[2014.02.14 16:36:03 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Documents and Settings\Eva\Plocha\FRSTLauncher.exe
[2014.02.14 16:35:50 | 001,141,248 | ---- | C] (Farbar) -- C:\Documents and Settings\Eva\Plocha\FRST.exe
[2014.02.14 16:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.02.14 15:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eva\Data aplikací\Malwarebytes
[2014.02.14 15:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2014.02.14 14:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Hard Disk Sentinel
[2014.02.14 14:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Disk Sentinel
[2014.02.14 14:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Simpli Software
[2014.02.14 14:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Simpli Software
[2014.02.14 14:14:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2014.02.14 00:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014.02.14 00:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
[2014.02.14 00:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2014.02.13 23:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eva\Local Settings\Data aplikací\Avg2013
[2014.02.07 15:58:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.02.14 23:13:39 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.02.14 23:13:15 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.02.14 23:10:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eva\Plocha\OTL.exe
[2014.02.14 23:01:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.02.14 21:54:17 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\TrueSight.sys
[2014.02.14 21:53:29 | 003,813,376 | ---- | M] () -- C:\Documents and Settings\Eva\Plocha\RogueKiller.exe
[2014.02.14 21:24:07 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\PDBootState
[2014.02.14 21:03:39 | 000,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\PerfectDisk 12.lnk
[2014.02.14 19:12:17 | 000,064,195 | ---- | M] () -- C:\Documents and Settings\Eva\Plocha\screen.JPG
[2014.02.14 17:53:04 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\Eva\Plocha\HD Tune.lnk
[2014.02.14 17:03:22 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Eva\Plocha\adwcleaner.exe
[2014.02.14 17:02:43 | 001,496,172 | ---- | M] () -- C:\Documents and Settings\Eva\Plocha\CrystalDiskInfo5_0_0.zip
[2014.02.14 16:42:31 | 000,005,200 | ---- | M] () -- C:\Documents and Settings\Eva\Plocha\Addition.rar
[2014.02.14 16:36:04 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Documents and Settings\Eva\Plocha\FRSTLauncher.exe
[2014.02.14 16:36:01 | 001,141,248 | ---- | M] (Farbar) -- C:\Documents and Settings\Eva\Plocha\FRST.exe
[2014.02.14 14:43:54 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Eva\Plocha\Hard Disk Sentinel.lnk
[2014.02.14 14:36:55 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Eva\Plocha\HD Tach.lnk
[2014.02.14 00:53:30 | 000,433,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.02.14 00:53:30 | 000,429,764 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.02.14 00:53:30 | 000,078,752 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.02.14 00:53:30 | 000,068,148 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.02.13 22:16:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.02.07 15:46:57 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Eva\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.02.07 06:17:24 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014.02.07 06:17:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.02.06 04:38:36 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014.02.06 00:08:34 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014.02.06 00:08:34 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014.02.06 00:08:34 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014.02.06 00:08:34 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014.02.06 00:08:34 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014.02.06 00:08:34 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014.02.06 00:08:34 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014.02.06 00:08:34 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014.02.06 00:08:34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014.02.06 00:08:34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014.02.06 00:08:34 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014.02.06 00:08:34 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014.02.06 00:08:34 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014.02.06 00:08:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014.02.06 00:08:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014.02.06 00:08:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014.02.06 00:08:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014.02.06 00:08:33 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014.02.06 00:08:33 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014.02.06 00:08:33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014.02.06 00:08:33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014.02.06 00:08:33 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014.02.06 00:08:33 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014.02.06 00:08:33 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014.02.06 00:08:33 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014.02.06 00:08:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014.02.06 00:08:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014.02.06 00:08:33 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014.02.06 00:08:33 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014.02.05 23:24:06 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014.02.05 23:24:06 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014.02.05 23:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.02.14 23:13:39 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.02.14 21:54:17 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\TrueSight.sys
[2014.02.14 21:53:25 | 003,813,376 | ---- | C] () -- C:\Documents and Settings\Eva\Plocha\RogueKiller.exe
[2014.02.14 21:24:05 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\PDBootState
[2014.02.14 20:53:51 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\PerfectDisk 12.lnk
[2014.02.14 20:53:51 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\PerfectDisk 12.lnk
[2014.02.14 19:12:17 | 000,064,195 | ---- | C] () -- C:\Documents and Settings\Eva\Plocha\screen.JPG
[2014.02.14 17:53:04 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\Eva\Plocha\HD Tune.lnk
[2014.02.14 17:03:18 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Eva\Plocha\adwcleaner.exe
[2014.02.14 17:02:08 | 001,496,172 | ---- | C] () -- C:\Documents and Settings\Eva\Plocha\CrystalDiskInfo5_0_0.zip
[2014.02.14 16:42:30 | 000,005,200 | ---- | C] () -- C:\Documents and Settings\Eva\Plocha\Addition.rar
[2014.02.14 14:43:54 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Eva\Plocha\Hard Disk Sentinel.lnk
[2014.02.14 14:36:55 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Eva\Plocha\HD Tach.lnk
[2012.11.17 09:34:35 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2012.11.17 09:31:39 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012.03.02 17:14:04 | 000,001,019 | ---- | C] () -- C:\WINDOWS\level.ini
[2011.09.28 02:18:57 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Eva\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2011.09.27 21:00:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014.02.07 15:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG
[2012.11.17 09:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BlazeVideo
[2011.09.27 20:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Broadcom
[2013.01.06 09:05:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2014.02.14 00:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2014.02.13 23:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2012.11.17 09:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Plugins
[2014.02.07 16:16:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014.02.07 16:16:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013.01.11 15:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\TuneUp Software
[2014.02.07 16:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\AVG
[2011.09.27 22:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\driveridentifier
[2013.01.06 08:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\ESET
[2012.06.20 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\Foxit Software
[2013.01.06 09:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\TuneUp Software
[2014.02.09 08:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG
========== Purity Check ==========
========== Custom Scans ==========
< >
[2011.09.27 16:14:20 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011.09.27 16:21:15 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.02.22 18:44:41 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 14:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 14:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 14:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 23:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 21:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 23:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 10:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.25 15:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 14:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 14:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 14:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 14:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 22:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 14:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 14:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 14:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.10.08 14:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\Adobe
[2011.09.27 21:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\ATI
[2014.02.07 16:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\AVG
[2011.09.27 22:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\driveridentifier
[2013.01.06 08:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\ESET
[2012.06.20 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\Foxit Software
[2011.09.27 16:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\Identities
[2011.09.27 20:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\InstallShield
[2011.09.27 21:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\Macromedia
[2014.02.14 15:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\Malwarebytes
[2013.01.06 08:38:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Eva\Data aplikací\Microsoft
[2011.10.07 16:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\Mozilla
[2012.04.08 07:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\Skype
[2013.01.06 09:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\TuneUp Software
[2014.02.09 09:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\vlc
[2011.09.28 01:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2011.09.27 21:03:11 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{0F68007B-602B-9167-890E-9605254F601A}\ARPPRODUCTICON.exe
[2011.09.27 21:03:30 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{1690DE95-2630-ED45-8810-BBED37BE84E8}\ARPPRODUCTICON.exe
[2011.09.27 21:03:22 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{2029F196-9B0C-13C1-947F-B2FE9661C78E}\ARPPRODUCTICON.exe
[2011.09.27 21:03:44 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{24F52E5B-49C6-9BD3-3779-46C2DAF60857}\ARPPRODUCTICON.exe
[2011.09.27 21:03:08 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{26A513C9-3F79-AA03-95DC-B74DD68E43BF}\ARPPRODUCTICON.exe
[2011.09.27 21:02:47 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{34ED728D-ECE5-4A0D-9963-B54B318D0932}\ARPPRODUCTICON.exe
[2011.09.27 21:03:05 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{686B06BF-8DE2-ACB9-11A2-2B30F7CDD804}\ARPPRODUCTICON.exe
[2011.09.27 21:03:35 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{6E1BF086-B3AD-10BA-9CCC-71628D7C7273}\ARPPRODUCTICON.exe
[2011.09.27 21:03:14 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{77914AF4-F99F-4850-53FE-720E51592BBC}\ARPPRODUCTICON.exe
[2011.09.27 21:03:16 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{9933CB08-C64C-ED3D-4EDB-09E439BD841D}\ARPPRODUCTICON.exe
[2011.09.27 21:03:33 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{A29551F9-1A30-C2F2-FA5A-BD06FAACE7E3}\ARPPRODUCTICON.exe
[2011.09.27 21:03:00 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{AD05FDBB-B9E8-5016-735E-ABC4C38D6056}\ARPPRODUCTICON.exe
[2011.09.27 21:03:03 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{B77E80D8-37C1-CB84-0600-7F2FEC7002E0}\ARPPRODUCTICON.exe
[2011.09.27 21:03:19 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{CE9F7EF3-5403-0589-BFCA-D7B2537BA1F0}\ARPPRODUCTICON.exe
[2011.09.27 21:03:25 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{DDE58180-358F-4094-A833-0A9F7DC66B5B}\ARPPRODUCTICON.exe
[2011.09.27 21:03:41 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{DFDF8188-3E33-A37F-D260-520FFC47FCAF}\ARPPRODUCTICON.exe
[2011.09.27 21:03:38 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{E240065A-C7AF-D338-1951-DF7F3B394AD7}\ARPPRODUCTICON.exe
[2011.09.27 21:03:47 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{EA3777BD-A492-472A-79FA-F1F445AC44E9}\ARPPRODUCTICON.exe
[2011.09.27 21:03:28 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{F2A2B112-4769-EF5E-E703-92DA6F7FA87C}\ARPPRODUCTICON.exe
[2011.09.27 21:03:50 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Eva\Data aplikací\Microsoft\Installer\{FBB8C789-7B8B-981E-5DF7-35A0D6908DD9}\ARPPRODUCTICON.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011.09.27 18:04:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.09.27 18:04:33 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.09.27 18:04:33 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.02.14 00:46:09 | 085,946,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MRT.exe
[2014.02.14 21:24:07 | 000,000,020 | ---- | M] () -- C:\WINDOWS\system32\PDBootState
[2014.02.14 00:53:30 | 000,078,752 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2014.02.14 00:53:30 | 000,068,148 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2014.02.14 00:53:30 | 000,429,764 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2014.02.14 00:53:30 | 000,433,192 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2014.02.14 00:53:30 | 000,980,888 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2014.02.14 21:54:17 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\TrueSight.sys
[2014.02.13 22:16:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"BlazeServoTool" = "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" -- [2010.03.06 17:46:14 | 000,286,720 | ---- | M] (BlazeVideo Company)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.02.14 23:13:39 | 000,000,512 | ---- | M] () MD5=D5F2EE50BD2D24DA06127FF8AF6726FA -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2014.01.08 16:07:10 | 000,019,497 | ---- | M] () -- \Documents and Settings\Eva\Local Settings\Temp\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2011.09.21 09:11:50 | 000,106,496 | ---- | M] () -- \Program Files\Driver Identifier\DriverUploader.exe
[2004.08.17 14:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 23:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 23:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2011.09.16 13:37:48 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2011.09.16 13:43:24 | 000,009,622 | ---- | M] () -- \WINDOWS\system32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
< *minodlogin* /s >
< *tnod* /s >
[2008.04.30 04:54:28 | 000,003,128 | ---- | M] () -- \Program Files\BlazeVideo\BlazeDTV 6.0\Skins\DTV\PlayListNode.bmp
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2004.08.17 14:44:16 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2014.02.14 00:52:58 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.01.12 19:45:27 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.14 01:07:45 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.14 01:05:08 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
[2013.08.26 06:03:50 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.26 06:01:22 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 06:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2007.06.27 17:29:04 | 000,131,072 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\system.runtime.serialization.formatters.soap.dll
[2001.10.25 15:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.10.25 15:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2001.10.25 15:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2001.10.25 15:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< End of report >
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zpomalený notebook, malware
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Armwrestler
- Návštěvník
- Příspěvky: 15
- Registrován: 12 čer 2009 09:17
-
Armwrestler
- Návštěvník
- Příspěvky: 15
- Registrován: 12 čer 2009 09:17
Re: Zpomalený notebook, malware
OTL Extras logfile created on: 14.2.2014 23:11:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eva\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,50 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 53,35% Memory free
3,35 Gb Paging File | 2,76 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 22,21 Gb Free Space | 55,52% Space Free | Partition Type: NTFS
Drive E: | 109,04 Gb Total Space | 81,50 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Computer Name: EVIK | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0F68007B-602B-9167-890E-9605254F601A}" = Catalyst Control Center Localization French
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program
"{1690DE95-2630-ED45-8810-BBED37BE84E8}" = Catalyst Control Center Localization Polish
"{2029F196-9B0C-13C1-947F-B2FE9661C78E}" = Catalyst Control Center Localization Korean
"{24F52E5B-49C6-9BD3-3779-46C2DAF60857}" = Catalyst Control Center Localization Turkish
"{26A513C9-3F79-AA03-95DC-B74DD68E43BF}" = Catalyst Control Center Localization Finnish
"{30E208BD-6CD0-E457-800E-C2800CCBABA2}" = Catalyst Control Center Localization Danish
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 3.5
"{490C412C-8F1F-4351-9E11-C950159DC86F}" = ESET NOD32 Antivirus
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{686B06BF-8DE2-ACB9-11A2-2B30F7CDD804}" = Catalyst Control Center Localization Spanish
"{6E1BF086-B3AD-10BA-9CCC-71628D7C7273}" = Catalyst Control Center Localization Russian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77914AF4-F99F-4850-53FE-720E51592BBC}" = Catalyst Control Center Localization Hungarian
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{9933CB08-C64C-ED3D-4EDB-09E439BD841D}" = Catalyst Control Center Localization Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A29551F9-1A30-C2F2-FA5A-BD06FAACE7E3}" = Catalyst Control Center Localization Portuguese
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D5B54A-9792-404F-AE8B-BDA961EBA58E}" = PerfectDisk 12 Professional
"{AD05FDBB-B9E8-5016-735E-ABC4C38D6056}" = Catalyst Control Center Localization German
"{B3332FCA-3B51-4053-8C2D-9F7ACFE6065A}" = Wocarson Windows Genuine Advantage Validation v1.9.9.1 Cracked V2
"{B55E38C9-E223-80AE-BBDC-745E805BC231}" = ccc-core-static
"{B77E80D8-37C1-CB84-0600-7F2FEC7002E0}" = Catalyst Control Center Localization Greek
"{BEEF89ED-5579-6568-AE02-7FD699A1752D}" = Catalyst Control Center Core Implementation
"{BF48B59A-A3A3-2552-382A-203FAC012063}" = Catalyst Control Center Localization Czech
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C57DCBB6-ED10-E22D-40D7-676E476470F3}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9F7EF3-5403-0589-BFCA-D7B2537BA1F0}" = Catalyst Control Center Localization Japanese
"{DC70F756-7DE9-50B0-2E6A-69D3C26FAC11}" = ccc-utility
"{DDE58180-358F-4094-A833-0A9F7DC66B5B}" = Catalyst Control Center Localization Dutch
"{DFDF8188-3E33-A37F-D260-520FFC47FCAF}" = Catalyst Control Center Localization Thai
"{E240065A-C7AF-D338-1951-DF7F3B394AD7}" = Catalyst Control Center Localization Swedish
"{EA3777BD-A492-472A-79FA-F1F445AC44E9}" = Catalyst Control Center Localization Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A2B112-4769-EF5E-E703-92DA6F7FA87C}" = Catalyst Control Center Localization Norwegian
"{FBB8C789-7B8B-981E-5DF7-35A0D6908DD9}" = Catalyst Control Center Localization Chinese Traditional
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"BlazeDTV 6.0_is1" = BlazeDTV 6.0
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy CD-DA Extractor 6.2" = Easy CD-DA Extractor 6.2
"Foxit Reader_is1" = Foxit Reader 5.1
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"HD Tach_is1" = HD Tach version 3
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.7.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 27.0.1 (x86 cs)" = Mozilla Firefox 27.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.6
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.3.2013 13:00:18 | Computer Name = EVIK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SupportCenter.exe, verze 4.0.0.1, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 8.5.2013 0:40:15 | Computer Name = EVIK | Source = Application Error | ID = 1004
Description = Chybující aplikace avgnsx.exe, verze 13.0.0.2780, chybující modul
ntdll.dll, verze 5.1.2600.6055, adresa chyby 0x00011689.
Error - 19.5.2013 23:31:28 | Computer Name = EVIK | Source = crypt32 | ID = 131075
Description = Načtení automatické aktualizace souboru CAB kořenového seznamu jiného
výrobce z: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.
Error - 28.7.2013 2:23:58 | Computer Name = EVIK | Source = Application Error | ID = 1000
Description = Chybující aplikace tuneuputilitiesapp32.exe, verze 12.0.4000.108,
chybující modul tuneuputilitiesapp32.exe, verze 12.0.4000.108, adresa chyby 0x00025df2.
Error - 31.8.2013 20:45:05 | Computer Name = EVIK | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Chyba
27054. CA_Error27054: SetupAction(0xC0070642): Instalace selhala.
Error - 15.1.2014 13:04:54 | Computer Name = EVIK | Source = Application Error | ID = 1000
Description = Chybující aplikace mcuicnt.exe, verze 5.9.2.0, chybující modul ieframe.dll,
verze 8.0.6001.23543, adresa chyby 0x00126f20.
Error - 7.2.2014 10:35:01 | Computer Name = EVIK | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.
Error - 13.2.2014 18:48:58 | Computer Name = EVIK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace explorer.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 14.2.2014 17:21:14 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:18 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:22 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:26 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:30 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:34 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 18:02:13 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 18:02:18 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 18:02:22 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 18:02:26 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eva\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,50 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 53,35% Memory free
3,35 Gb Paging File | 2,76 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 22,21 Gb Free Space | 55,52% Space Free | Partition Type: NTFS
Drive E: | 109,04 Gb Total Space | 81,50 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Computer Name: EVIK | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0F68007B-602B-9167-890E-9605254F601A}" = Catalyst Control Center Localization French
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program
"{1690DE95-2630-ED45-8810-BBED37BE84E8}" = Catalyst Control Center Localization Polish
"{2029F196-9B0C-13C1-947F-B2FE9661C78E}" = Catalyst Control Center Localization Korean
"{24F52E5B-49C6-9BD3-3779-46C2DAF60857}" = Catalyst Control Center Localization Turkish
"{26A513C9-3F79-AA03-95DC-B74DD68E43BF}" = Catalyst Control Center Localization Finnish
"{30E208BD-6CD0-E457-800E-C2800CCBABA2}" = Catalyst Control Center Localization Danish
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 3.5
"{490C412C-8F1F-4351-9E11-C950159DC86F}" = ESET NOD32 Antivirus
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{686B06BF-8DE2-ACB9-11A2-2B30F7CDD804}" = Catalyst Control Center Localization Spanish
"{6E1BF086-B3AD-10BA-9CCC-71628D7C7273}" = Catalyst Control Center Localization Russian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77914AF4-F99F-4850-53FE-720E51592BBC}" = Catalyst Control Center Localization Hungarian
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{9933CB08-C64C-ED3D-4EDB-09E439BD841D}" = Catalyst Control Center Localization Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A29551F9-1A30-C2F2-FA5A-BD06FAACE7E3}" = Catalyst Control Center Localization Portuguese
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D5B54A-9792-404F-AE8B-BDA961EBA58E}" = PerfectDisk 12 Professional
"{AD05FDBB-B9E8-5016-735E-ABC4C38D6056}" = Catalyst Control Center Localization German
"{B3332FCA-3B51-4053-8C2D-9F7ACFE6065A}" = Wocarson Windows Genuine Advantage Validation v1.9.9.1 Cracked V2
"{B55E38C9-E223-80AE-BBDC-745E805BC231}" = ccc-core-static
"{B77E80D8-37C1-CB84-0600-7F2FEC7002E0}" = Catalyst Control Center Localization Greek
"{BEEF89ED-5579-6568-AE02-7FD699A1752D}" = Catalyst Control Center Core Implementation
"{BF48B59A-A3A3-2552-382A-203FAC012063}" = Catalyst Control Center Localization Czech
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C57DCBB6-ED10-E22D-40D7-676E476470F3}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9F7EF3-5403-0589-BFCA-D7B2537BA1F0}" = Catalyst Control Center Localization Japanese
"{DC70F756-7DE9-50B0-2E6A-69D3C26FAC11}" = ccc-utility
"{DDE58180-358F-4094-A833-0A9F7DC66B5B}" = Catalyst Control Center Localization Dutch
"{DFDF8188-3E33-A37F-D260-520FFC47FCAF}" = Catalyst Control Center Localization Thai
"{E240065A-C7AF-D338-1951-DF7F3B394AD7}" = Catalyst Control Center Localization Swedish
"{EA3777BD-A492-472A-79FA-F1F445AC44E9}" = Catalyst Control Center Localization Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A2B112-4769-EF5E-E703-92DA6F7FA87C}" = Catalyst Control Center Localization Norwegian
"{FBB8C789-7B8B-981E-5DF7-35A0D6908DD9}" = Catalyst Control Center Localization Chinese Traditional
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"BlazeDTV 6.0_is1" = BlazeDTV 6.0
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy CD-DA Extractor 6.2" = Easy CD-DA Extractor 6.2
"Foxit Reader_is1" = Foxit Reader 5.1
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"HD Tach_is1" = HD Tach version 3
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.7.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 27.0.1 (x86 cs)" = Mozilla Firefox 27.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.6
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.3.2013 13:00:18 | Computer Name = EVIK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SupportCenter.exe, verze 4.0.0.1, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 8.5.2013 0:40:15 | Computer Name = EVIK | Source = Application Error | ID = 1004
Description = Chybující aplikace avgnsx.exe, verze 13.0.0.2780, chybující modul
ntdll.dll, verze 5.1.2600.6055, adresa chyby 0x00011689.
Error - 19.5.2013 23:31:28 | Computer Name = EVIK | Source = crypt32 | ID = 131075
Description = Načtení automatické aktualizace souboru CAB kořenového seznamu jiného
výrobce z: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.
Error - 28.7.2013 2:23:58 | Computer Name = EVIK | Source = Application Error | ID = 1000
Description = Chybující aplikace tuneuputilitiesapp32.exe, verze 12.0.4000.108,
chybující modul tuneuputilitiesapp32.exe, verze 12.0.4000.108, adresa chyby 0x00025df2.
Error - 31.8.2013 20:45:05 | Computer Name = EVIK | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Chyba
27054. CA_Error27054: SetupAction(0xC0070642): Instalace selhala.
Error - 15.1.2014 13:04:54 | Computer Name = EVIK | Source = Application Error | ID = 1000
Description = Chybující aplikace mcuicnt.exe, verze 5.9.2.0, chybující modul ieframe.dll,
verze 8.0.6001.23543, adresa chyby 0x00126f20.
Error - 7.2.2014 10:35:01 | Computer Name = EVIK | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.
Error - 13.2.2014 18:48:58 | Computer Name = EVIK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace explorer.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 14.2.2014 17:21:14 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:18 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:22 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:26 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:30 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 17:21:34 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 18:02:13 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 18:02:18 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 18:02:22 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
Error - 14.2.2014 18:02:26 | Computer Name = EVIK | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
< End of report >
-
Armwrestler
- Návštěvník
- Příspěvky: 15
- Registrován: 12 čer 2009 09:17
Re: Zpomalený notebook, malware
Asi to bude HDD, nebo něco.
Po naběhnutí windows, když po tom něco chci, tak se to zasekne a HDD dělá pořád dokola
tr trrrr tr tr -------------------
tr trrrr tr tr -------------------
tr trrrr tr tr -------------------
třeba minutu a pak nejednou začne jet normálně trrrrrrrrrrrrrrrrrr rachotí jak by hdd měl a jede to v cajku.
Pak dám start-vypnout a zase půl minutý naprosto přesná sekvence tr trrrr tr tr ---------------------
Proč to dělá jen po startu win a před vypínáním?
Po naběhnutí windows, když po tom něco chci, tak se to zasekne a HDD dělá pořád dokola
tr trrrr tr tr -------------------
tr trrrr tr tr -------------------
tr trrrr tr tr -------------------
třeba minutu a pak nejednou začne jet normálně trrrrrrrrrrrrrrrrrr rachotí jak by hdd měl a jede to v cajku.
Pak dám start-vypnout a zase půl minutý naprosto přesná sekvence tr trrrr tr tr ---------------------
Proč to dělá jen po startu win a před vypínáním?
Re: Zpomalený notebook, malware
Treba jsou ty soubory, ktere maji tyto cinnosti na starost, prave v te casti disku, ktery neni v poradku.Armwrestler píše:Proč to dělá jen po startu win a před vypínáním?
Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTLDo spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
:services
AdobeFlashPlayerUpdateSvc
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\Documents and Settings\Eva\Data aplikací\AVG
C:\Documents and Settings\All Users\Data aplikací\AVG
C:\Documents and Settings\All Users\Data aplikací\Norton
:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1214440339-1677128483-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O3 - HKU\S-1-5-21-1214440339-1677128483-725345543-1003\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1677128483-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No CLSID value found.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
[2014.02.13 23:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eva\Local Settings\Data aplikací\Avg2013
[2014.02.09 08:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG
[22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Hard Disk Sentinel"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"=-
Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Armwrestler
- Návštěvník
- Příspěvky: 15
- Registrován: 12 čer 2009 09:17
Re: Zpomalený notebook, malware
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Eva
->Temp folder emptied: 83847385 bytes
->Temporary Internet Files folder emptied: 1262237 bytes
->FireFox cache emptied: 79985799 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 741 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 27715531 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1881160 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32274030 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 253796260 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 459,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Eva
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\TuningIndex folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\StartUp Manager folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\Speed Optimizer folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\Dashboard folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\Backups folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014 folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012\TuningIndex folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012\StartUp Manager folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012\Dashboard folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012\Backups folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012 folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL\CrashDumps folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG\AWL2014 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG\AWL2012 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG\AWL\Program Statistics folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG\AWL folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D}\C9F9CDFA7D158DB9B97DD5E1A7E88A30 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D} folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\LocalDumps folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton folder moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
C:\Documents and Settings\Eva\Local Settings\Data aplikací\Avg2013 folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL2014\Backups folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL2014 folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL2012\Backups folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL2012 folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL\CrashDumps folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP118.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP146.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP175.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP237.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32D.tmp\System.Xml.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP412.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP42F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP439.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP54F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5EC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP62F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP636.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP645.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP661.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA87.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI11.tmp deleted successfully.
C:\WINDOWS\Installer\MSI68.tmp deleted successfully.
C:\WINDOWS\Installer\MSI6A.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hard Disk Sentinel deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BlazeServoTool deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 02152014_133838
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Eva
->Temp folder emptied: 83847385 bytes
->Temporary Internet Files folder emptied: 1262237 bytes
->FireFox cache emptied: 79985799 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 741 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 27715531 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1881160 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32274030 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 253796260 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 459,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Eva
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\TuningIndex folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\StartUp Manager folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\Speed Optimizer folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\Dashboard folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014\Backups folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2014 folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012\TuningIndex folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012\StartUp Manager folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012\Dashboard folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012\Backups folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL2012 folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL\CrashDumps folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG\AWL folder moved successfully.
C:\Documents and Settings\Eva\Data aplikací\AVG folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG\AWL2014 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG\AWL2012 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG\AWL\Program Statistics folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG\AWL folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D}\C9F9CDFA7D158DB9B97DD5E1A7E88A30 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D} folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\LocalDumps folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton folder moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
C:\Documents and Settings\Eva\Local Settings\Data aplikací\Avg2013 folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL2014\Backups folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL2014 folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL2012\Backups folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL2012 folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL\CrashDumps folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG\AWL folder moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\AVG folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP118.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP146.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP175.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP237.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32D.tmp\System.Xml.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP412.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP42F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP439.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP54F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5EC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP62F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP636.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP645.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP661.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA87.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI11.tmp deleted successfully.
C:\WINDOWS\Installer\MSI68.tmp deleted successfully.
C:\WINDOWS\Installer\MSI6A.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hard Disk Sentinel deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BlazeServoTool deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 02152014_133838
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Re: Zpomalený notebook, malware
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Armwrestler
- Návštěvník
- Příspěvky: 15
- Registrován: 12 čer 2009 09:17
Re: Zpomalený notebook, malware
ComboFix 14-02-14.01 - Eva 15.02.2014 14:15:17.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1534.812 [GMT 1:00]
Spuštěný z: c:\documents and settings\Eva\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Eva\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\11b7e02ef280531d.fb
c:\windows\system32\Cache\213aac747e14472d.fb
c:\windows\system32\Cache\244ff923f2e781be.fb
c:\windows\system32\Cache\264d5d4f10bc8118.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\52f2a54ba7a53c2b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\76c21006f0155672.fb
c:\windows\system32\Cache\7802463ca8bf63c5.fb
c:\windows\system32\Cache\78526d62c4150c5b.fb
c:\windows\system32\Cache\7bc1ade1b8c24c76.fb
c:\windows\system32\Cache\805c8f535d2cf896.fb
c:\windows\system32\Cache\84971a602f25312f.fb
c:\windows\system32\Cache\92f7730780cfe899.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Desktop_.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-15 do 2014-02-15 )))))))))))))))))))))))))))))))
.
.
2014-02-15 12:38 . 2014-02-15 12:38 -------- d-----w- C:\_OTL
2014-02-14 22:13 . 2014-02-14 22:13 512 ----a-w- C:\PhysicalMBR.bin
2014-02-14 20:54 . 2014-02-14 20:54 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-02-14 19:53 . 2014-02-14 19:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Raxco
2014-02-14 19:53 . 2014-02-14 19:53 -------- d-----w- c:\program files\Common Files\Raxco
2014-02-14 18:46 . 2014-02-14 19:53 -------- d-----w- c:\program files\Raxco
2014-02-14 16:53 . 2014-02-14 16:53 -------- d-----w- c:\program files\HD Tune
2014-02-14 16:04 . 2014-02-14 16:11 -------- d-----w- C:\AdwCleaner
2014-02-14 15:53 . 2014-02-14 21:51 -------- d-----w- c:\program files\trend micro
2014-02-14 15:53 . 2014-02-14 15:53 -------- d-----w- C:\rsit
2014-02-14 15:36 . 2014-02-14 15:39 -------- d-----w- C:\FRST
2014-02-14 14:06 . 2014-02-14 14:06 -------- d-----w- c:\documents and settings\Eva\Data aplikací\Malwarebytes
2014-02-14 14:06 . 2014-02-14 14:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-02-14 13:43 . 2014-02-14 13:58 -------- d-----w- c:\program files\Hard Disk Sentinel
2014-02-14 13:36 . 2014-02-14 13:36 -------- d-----w- c:\program files\Simpli Software
2014-02-14 13:14 . 2014-02-14 13:14 -------- d-----w- c:\windows\system32\LogFiles
2014-02-13 23:25 . 2014-02-13 23:25 -------- d-----w- c:\program files\ESET
2014-02-13 23:25 . 2014-02-13 23:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2014-02-07 14:58 . 2014-02-07 15:16 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-07 05:17 . 2013-02-22 17:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-07 05:17 . 2011-10-07 15:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 03:38 . 2004-08-17 13:49 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:08 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:08 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:08 . 2004-08-17 13:49 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2004-08-17 13:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2004-08-17 13:49 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21 . 2001-10-25 14:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [20.8.2013 11:50 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.8.2013 11:50 118768]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.9.2013 12:06 1337752]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [30.6.2011 11:08 66320]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [17.11.2012 9:31 145152]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-15 14:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{1793FE32-120E-4D33-8BE9-19EF4AD165F6}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{3063357E-821C-4A7D-B49A-F61EA772BF9B}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{3A6EE5C3-7A28-452B-832D-08FE74C7EEAD}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{546958A5-5C48-48BE-9396-599811623E60}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{B41AD4BE-25BA-4A51-A0BB-FC1584E316F1}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-02-15 14:22:23
ComboFix-quarantined-files.txt 2014-02-15 13:22
.
Před spuštěním: Volných bajtů: 24 491 446 272
Po spuštění: Volných bajtů: 24 439 365 632
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A5F45228CCC43DEF95E5D33A8E24A0FE
413FC2A0C716421B3158746D63736515
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1534.812 [GMT 1:00]
Spuštěný z: c:\documents and settings\Eva\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Eva\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\11b7e02ef280531d.fb
c:\windows\system32\Cache\213aac747e14472d.fb
c:\windows\system32\Cache\244ff923f2e781be.fb
c:\windows\system32\Cache\264d5d4f10bc8118.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\52f2a54ba7a53c2b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\76c21006f0155672.fb
c:\windows\system32\Cache\7802463ca8bf63c5.fb
c:\windows\system32\Cache\78526d62c4150c5b.fb
c:\windows\system32\Cache\7bc1ade1b8c24c76.fb
c:\windows\system32\Cache\805c8f535d2cf896.fb
c:\windows\system32\Cache\84971a602f25312f.fb
c:\windows\system32\Cache\92f7730780cfe899.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Desktop_.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-15 do 2014-02-15 )))))))))))))))))))))))))))))))
.
.
2014-02-15 12:38 . 2014-02-15 12:38 -------- d-----w- C:\_OTL
2014-02-14 22:13 . 2014-02-14 22:13 512 ----a-w- C:\PhysicalMBR.bin
2014-02-14 20:54 . 2014-02-14 20:54 26624 ----a-w- c:\windows\system32\TrueSight.sys
2014-02-14 19:53 . 2014-02-14 19:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Raxco
2014-02-14 19:53 . 2014-02-14 19:53 -------- d-----w- c:\program files\Common Files\Raxco
2014-02-14 18:46 . 2014-02-14 19:53 -------- d-----w- c:\program files\Raxco
2014-02-14 16:53 . 2014-02-14 16:53 -------- d-----w- c:\program files\HD Tune
2014-02-14 16:04 . 2014-02-14 16:11 -------- d-----w- C:\AdwCleaner
2014-02-14 15:53 . 2014-02-14 21:51 -------- d-----w- c:\program files\trend micro
2014-02-14 15:53 . 2014-02-14 15:53 -------- d-----w- C:\rsit
2014-02-14 15:36 . 2014-02-14 15:39 -------- d-----w- C:\FRST
2014-02-14 14:06 . 2014-02-14 14:06 -------- d-----w- c:\documents and settings\Eva\Data aplikací\Malwarebytes
2014-02-14 14:06 . 2014-02-14 14:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-02-14 13:43 . 2014-02-14 13:58 -------- d-----w- c:\program files\Hard Disk Sentinel
2014-02-14 13:36 . 2014-02-14 13:36 -------- d-----w- c:\program files\Simpli Software
2014-02-14 13:14 . 2014-02-14 13:14 -------- d-----w- c:\windows\system32\LogFiles
2014-02-13 23:25 . 2014-02-13 23:25 -------- d-----w- c:\program files\ESET
2014-02-13 23:25 . 2014-02-13 23:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2014-02-07 14:58 . 2014-02-07 15:16 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-07 05:17 . 2013-02-22 17:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-07 05:17 . 2011-10-07 15:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 03:38 . 2004-08-17 13:49 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:08 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:08 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:08 . 2004-08-17 13:49 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2004-08-17 13:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2004-08-17 13:49 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21 . 2001-10-25 14:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [20.8.2013 11:50 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.8.2013 11:50 118768]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.9.2013 12:06 1337752]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [30.6.2011 11:08 66320]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [17.11.2012 9:31 145152]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Eva\Data aplikací\Mozilla\Firefox\Profiles\fauwjx73.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-15 14:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{1793FE32-120E-4D33-8BE9-19EF4AD165F6}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{3063357E-821C-4A7D-B49A-F61EA772BF9B}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{3A6EE5C3-7A28-452B-832D-08FE74C7EEAD}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{546958A5-5C48-48BE-9396-599811623E60}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{B41AD4BE-25BA-4A51-A0BB-FC1584E316F1}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1214440339-1677128483-725345543-1003_Classes\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-02-15 14:22:23
ComboFix-quarantined-files.txt 2014-02-15 13:22
.
Před spuštěním: Volných bajtů: 24 491 446 272
Po spuštění: Volných bajtů: 24 439 365 632
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A5F45228CCC43DEF95E5D33A8E24A0FE
413FC2A0C716421B3158746D63736515
Re: Zpomalený notebook, malware
Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat. vyosek píše:
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustteKliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
Znovu defragmentujte disk(y)Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak napiste, jak je na tom pc.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Armwrestler
- Návštěvník
- Příspěvky: 15
- Registrován: 12 čer 2009 09:17
Re: Zpomalený notebook, malware
Bohužel se zdá, že beze změny. Zejména po startu se to na různě dlouhé časové úseky zasekává.
Přikládám screen shot z defragmentace.
Tedy verdikt zřejmě zní, že je problém v HDD a asi časem odejde úplně, že?
Asi budu muset sehnat nový a rovnou na to hodit win 7.
Přikládám screen shot z defragmentace.
Tedy verdikt zřejmě zní, že je problém v HDD a asi časem odejde úplně, že?
Asi budu muset sehnat nový a rovnou na to hodit win 7.
- asdf.JPG (59.29 KiB) Zobrazeno 386 x
Re: Zpomalený notebook, malware
Na havet je pc cisty, takze to fakt vypada na ten disk. Mozna by docasne pomohl format a nova instalace, system by se tem poskozenym mistum vyhnul. Ale nemusi to pomoct, nebo jen na chvili, tezko rict. Je mi lito 
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
Armwrestler
- Návštěvník
- Příspěvky: 15
- Registrován: 12 čer 2009 09:17
Re: Zpomalený notebook, malware
Nedá se svítit, i tak moc dík za pomoc. Nemáte tady nějaký systém odměn jako buy me a beer nebo tak něco? 
Re: Zpomalený notebook, malware
Nemate vubec zac!
Mame http://forum.viry.cz/viewtopic.php?f=7&t=78175 Za pripadny prispevek dekujeme 
Mejte se a treba zase nekdy
Mame
http://forum.viry.cz/viewtopic.php?f=7&t=78175 Za pripadny prispevek dekujeme Mejte se a treba zase nekdy
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?