Dobrý den, už sem tenhle virus měl v počítači častokrát, a pomohlo jen ho celý smazat. Nevěděl jsem si rady. Teď ho mám zase a našel jsem vaši stránku. Počítač se mi začíná opět sekat, využití všech procesů je nad 20 000kB a nakonec to skončí tím že nepůjde rozjet a bude padat. Prošetřeno AVG a Ad-warem nepomohlo. Děkuji moc za pomoc.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bartman at 2010-04-07 17:35:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (15%) free of 153 GB
Total RAM: 2047 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:30, on 7.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bartman\Dokumenty\RSIT.exe
C:\Program Files\trend micro\Bartman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GIGABYTE Gamer HUD.lnk = ?
O4 - Startup: Registrace FIFA 10.lnk = C:\Program Files\EA Sports\FIFA 10\Support\EAregister.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: RailNotification - C:\WINDOWS\
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Faces of War Drivers Auto Removal (pr2akrnb) (pr2akrnb) - Cenega Czech - C:\WINDOWS\system32\pr2akrnb.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9589 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C125B866-6152-48BB-9720-4C62DB57C12C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-02 1602912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-04-02 2064224]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-09 1657376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"NokiaMusic FastStart"=C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2009-11-06 2090272]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2009-11-19 75048]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Bartman\Nabídka Start\Programy\Po spuštění
GIGABYTE Gamer HUD.lnk - C:\Documents and Settings\Bartman\Data aplikací\Microsoft\Installer\{1A3210EE-7494-4879-9270-A721ED7F9947}\HUD.exe1_1A3210EE749448799270A721ED7F9947.exe
Registrace FIFA 10.lnk - C:\Program Files\EA Sports\FIFA 10\Support\EAregister.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-17 12464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2010-01-14 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2010-01-14 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2010-01-14 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe"="C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe"="C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Disabled:WinDVD"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\base\bin\Settlers6.exe"="C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Vzestup říše"
"C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\extra1\bin\Settlers6.exe"="C:\Program Files\Ubisoft\THE SETTLERS - Vzestup říše\extra1\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Vzestup říše - Východní království"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Disabled:Microsoft® Motocross Madness 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34c7ee1-2143-11df-90ce-806d6172696f}]
shell\AutoRun\command - D:\ASUSACPI.exe
======File associations======
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 months======
2010-04-07 17:32:18 ----D---- C:\Program Files\trend micro
2010-04-07 17:32:17 ----D---- C:\rsit
2010-04-07 14:03:32 ----D---- C:\Program Files\Common Files\InterVideo
2010-04-07 14:03:17 ----D---- C:\Program Files\InterVideo
2010-04-07 10:43:35 ----D---- C:\Documents and Settings\Bartman\Data aplikací\CyberLink
2010-04-07 10:36:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2010-04-07 10:36:05 ----D---- C:\Program Files\Common Files\CyberLink
2010-04-07 10:35:28 ----D---- C:\Program Files\CyberLink
2010-04-07 10:34:57 ----A---- C:\WINDOWS\system32\msxml3a.dll
2010-04-07 10:34:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-04-06 17:43:06 ----D---- C:\Program Files\LEGO Media
2010-04-05 17:24:21 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-04-05 17:24:21 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-04-05 17:24:18 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-04-05 17:24:16 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-04-05 17:23:55 ----HD---- C:\WINDOWS\msdownld.tmp
2010-04-04 18:58:13 ----D---- C:\Program Files\Cenega Czech
2010-04-02 19:06:14 ----D---- C:\Program Files\Moje farma
2010-03-31 21:33:05 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Mount&Blade Warband
2010-03-30 15:28:35 ----D---- C:\Documents and Settings\Bartman\Data aplikací\LucasArts
2010-03-30 15:08:27 ----D---- C:\Program Files\LucasArts
2010-03-27 18:41:49 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Ice Age 2
2010-03-27 18:37:03 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-03-27 18:20:35 ----D---- C:\Program Files\Sierra
2010-03-24 17:28:42 ----D---- C:\Program Files\NAMCO BANDAI Games
2010-03-24 11:44:49 ----A---- C:\WINDOWS\AviSplitter.INI
2010-03-23 22:26:45 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Desktopicon
2010-03-23 22:26:35 ----A---- C:\WINDOWS\system32\vbzlib1.dll
2010-03-23 22:26:34 ----D---- C:\Program Files\DsNET Corp
2010-03-23 22:16:45 ----D---- C:\Program Files\Eurekr.com
2010-03-23 20:15:23 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Friday's games
2010-03-23 14:22:37 ----D---- C:\Documents and Settings\Bartman\Data aplikací\IObit
2010-03-23 14:22:36 ----D---- C:\Program Files\IObit
2010-03-23 13:39:45 ----D---- C:\Program Files\PlayLogic
2010-03-22 21:40:12 ----D---- C:\Program Files\Mount&Blade
2010-03-21 15:16:39 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Help
2010-03-21 14:50:53 ----D---- C:\Program Files\Microsoft Games
2010-03-20 19:54:02 ----D---- C:\Program Files\TopCD
2010-03-20 13:27:56 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Mount&Blade
2010-03-19 17:22:29 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Hardcore
2010-03-19 17:21:07 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Sawer
2010-03-19 10:19:37 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Juce VST Host
2010-03-18 22:12:40 ----A---- C:\WINDOWS\system32\rewire.dll
2010-03-18 22:12:29 ----D---- C:\Documents and Settings\Bartman\Data aplikací\OpenCandy
2010-03-18 22:11:35 ----D---- C:\Program Files\VstPlugins
2010-03-18 22:11:31 ----D---- C:\Program Files\Outsim
2010-03-18 22:09:18 ----D---- C:\Program Files\Image-Line
2010-03-18 14:45:23 ----D---- C:\Program Files\Ritual Entertainment
2010-03-17 09:38:15 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-15 17:34:50 ----D---- C:\Program Files\Ubisoft
2010-03-15 11:48:28 ----A---- C:\WINDOWS\game.ini
2010-03-15 11:43:03 ----SHD---- C:\WINDOWS\ftpcache
2010-03-13 23:48:44 ----A---- C:\WINDOWS\system32\BJI7DgliL1.txt
2010-03-13 23:12:56 ----D---- C:\Program Files\Activision
2010-03-13 18:04:55 ----A---- C:\Documents and Settings\Bartman\Data aplikací\myMPQ.ini
2010-03-12 19:01:34 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-11 20:30:09 ----D---- C:\Program Files\AML Products
2010-03-11 15:57:31 ----A---- C:\WINDOWS\system32\unrar.dll
2010-03-11 15:57:30 ----D---- C:\Program Files\K-Lite Codec Pack
2010-03-11 15:57:26 ----D---- C:\Program Files\AviSynth 2.5
2010-03-10 14:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 20:23:03 ----D---- C:\Documents and Settings\Bartman\Data aplikací\The Creative Assembly
2010-03-09 12:40:01 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-03-09 12:05:08 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-09 12:04:48 ----D---- C:\Program Files\Lavasoft
2010-03-09 12:04:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-03-08 19:55:14 ----D---- C:\Program Files\Phenomedia AG
2010-03-08 19:03:34 ----D---- C:\Program Files\phenomedia
2010-03-08 13:54:12 ----N---- C:\WINDOWS\system32\browserchoice.exe
======List of files/folders modified in the last 1 months======
2010-04-07 17:32:18 ----RD---- C:\Program Files
2010-04-07 17:18:44 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-07 17:12:41 ----SD---- C:\WINDOWS\Tasks
2010-04-07 17:01:46 ----D---- C:\WINDOWS\Temp
2010-04-07 17:00:10 ----D---- C:\Documents and Settings\Bartman\Data aplikací\uTorrent
2010-04-07 16:03:29 ----D---- C:\WINDOWS
2010-04-07 15:31:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-07 14:04:57 ----D---- C:\Program Files\InterVideo Information Service
2010-04-07 14:04:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-07 14:04:02 ----SHD---- C:\WINDOWS\Installer
2010-04-07 14:03:55 ----HD---- C:\Config.Msi
2010-04-07 14:03:32 ----D---- C:\Program Files\Common Files
2010-04-07 13:23:43 ----D---- C:\WINDOWS\system32
2010-04-07 10:43:11 ----HD---- C:\WINDOWS\inf
2010-04-07 07:27:42 ----D---- C:\WINDOWS\Prefetch
2010-04-05 20:29:16 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Skype
2010-04-05 20:27:55 ----D---- C:\Documents and Settings\Bartman\Data aplikací\skypePM
2010-04-05 17:24:22 ----D---- C:\WINDOWS\system32\DirectX
2010-04-05 08:38:03 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-04-04 23:47:49 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-04 22:16:00 ----D---- C:\Program Files\Kalypso
2010-04-04 19:02:42 ----D---- C:\WINDOWS\system32\drivers
2010-04-03 22:27:08 ----RSD---- C:\WINDOWS\assembly
2010-04-03 22:24:58 ----D---- C:\WINDOWS\WinSxS
2010-04-03 12:19:38 ----D---- C:\WINDOWS\system32\config
2010-04-03 12:19:37 ----D---- C:\WINDOWS\security
2010-04-03 12:19:37 ----D---- C:\WINDOWS\Debug
2010-04-03 12:19:37 ----D---- C:\Program Files\HP
2010-04-03 12:19:37 ----D---- C:\Program Files\HighGrow
2010-04-03 12:19:30 ----D---- C:\WINDOWS\twain_32
2010-03-31 20:30:57 ----D---- C:\Program Files\Deep Silver
2010-03-31 10:57:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 10:57:28 ----D---- C:\Program Files\Internet Explorer
2010-03-31 10:57:14 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-28 20:54:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-27 16:47:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-23 09:22:08 ----N---- C:\WINDOWS\Starcraft Gen.exe
2010-03-23 09:22:04 ----A---- C:\WINDOWS\system32\j6MNEi67bN.txt
2010-03-22 16:34:29 ----A---- C:\WINDOWS\system32\J11cl1Lken.txt
2010-03-22 16:34:23 ----SD---- C:\Documents and Settings\Bartman\Data aplikací\Microsoft
2010-03-20 19:16:45 ----D---- C:\Program Files\Electronic Arts
2010-03-19 10:32:00 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-17 14:19:05 ----D---- C:\Program Files\Disney Interactive Studios
2010-03-17 14:19:05 ----A---- C:\WINDOWS\disney.ini
2010-03-17 14:18:47 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Disney Interactive Studios
2010-03-17 11:18:09 ----HD---- C:\$AVG
2010-03-16 15:41:46 ----D---- C:\Program Files\Ashampoo
2010-03-15 11:45:47 ----D---- C:\Program Files\Common Files\InstallShield
2010-03-13 11:03:32 ----D---- C:\Documents and Settings\Bartman\Data aplikací\Tropico 3
2010-03-12 19:04:15 ----D---- C:\Program Files\Nokia
2010-03-12 19:01:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-12 19:00:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
2010-03-10 17:30:09 ----A---- C:\WINDOWS\disneysy.ini
2010-03-10 14:01:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-03-10 14:00:57 ----D---- C:\Program Files\Movie Maker
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-17 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-17 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-17 242696]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/07 10:36:19]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-27 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-02-27 25888]
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2010-01-14 62848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2010-01-14 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2010-01-14 32384]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2010-01-14 30464]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2010-01-14 17152]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2010-01-14 9472]
S3 a2lfj641;a2lfj641; C:\WINDOWS\system32\drivers\a2lfj641.sys []
S3 a8x6w379;a8x6w379; C:\WINDOWS\system32\drivers\a8x6w379.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2010-01-14 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2010-01-14 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2010-01-14 133632]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-17 916760]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-02 1265264]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-06 75064]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
S2 pr2akrnb;Faces of War Drivers Auto Removal (pr2akrnb); C:\WINDOWS\system32\pr2akrnb.exe [2007-04-19 407168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2010-01-14 14848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2010-01-14 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Sekání PC, velké využití paměti
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Sekání PC, velké využití paměti
Zdravím, tohle fixni v HJT :
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\Bartman.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Nero BackItUp Scheduler 4.0
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Nakonec použij Mbam z mého podpisu.
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\Bartman.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Nero BackItUp Scheduler 4.0
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Nakonec použij Mbam z mého podpisu.
Re: Sekání PC, velké využití paměti
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 3966
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7.4.2010 21:59:34
mbam-log-2010-04-07 (21-59-34).txt
Typ skenu: Rychlý sken
Skenované objekty: 101882
Uplynulý čas: 6 minuta(y), 53 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{f490c0e4-af17-4878-b035-5a9a6d919042} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\PotDll.PotGo (Trojan.Agent) -> No action taken.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\j6MNEi67bN.txt (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Bib101Jll7.txt (Trojan.Inject) -> No action taken.
C:\WINDOWS\system32\BJI7DgliL1.txt (Trojan.Inject) -> No action taken.
C:\WINDOWS\system32\J11cl1Lken.txt (Trojan.Inject) -> No action taken.
C:\WINDOWS\system32\igfiNE6fIC.txt (Trojan.Inject) -> No action taken.
www.malwarebytes.org
Verze databáze: 3966
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7.4.2010 21:59:34
mbam-log-2010-04-07 (21-59-34).txt
Typ skenu: Rychlý sken
Skenované objekty: 101882
Uplynulý čas: 6 minuta(y), 53 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{f490c0e4-af17-4878-b035-5a9a6d919042} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\PotDll.PotGo (Trojan.Agent) -> No action taken.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\j6MNEi67bN.txt (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Bib101Jll7.txt (Trojan.Inject) -> No action taken.
C:\WINDOWS\system32\BJI7DgliL1.txt (Trojan.Inject) -> No action taken.
C:\WINDOWS\system32\J11cl1Lken.txt (Trojan.Inject) -> No action taken.
C:\WINDOWS\system32\igfiNE6fIC.txt (Trojan.Inject) -> No action taken.
Re: Sekání PC, velké využití paměti
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 3966
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7.4.2010 22:18:31
mbam-log-2010-04-07 (22-18-31).txt
Typ skenu: Rychlý sken
Skenované objekty: 102121
Uplynulý čas: 2 minuta(y), 48 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{f490c0e4-af17-4878-b035-5a9a6d919042} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PotDll.PotGo (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\j6MNEi67bN.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Bib101Jll7.txt (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BJI7DgliL1.txt (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\J11cl1Lken.txt (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igfiNE6fIC.txt (Trojan.Inject) -> Quarantined and deleted successfully.
www.malwarebytes.org
Verze databáze: 3966
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7.4.2010 22:18:31
mbam-log-2010-04-07 (22-18-31).txt
Typ skenu: Rychlý sken
Skenované objekty: 102121
Uplynulý čas: 2 minuta(y), 48 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{f490c0e4-af17-4878-b035-5a9a6d919042} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PotDll.PotGo (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\j6MNEi67bN.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Bib101Jll7.txt (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BJI7DgliL1.txt (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\J11cl1Lken.txt (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igfiNE6fIC.txt (Trojan.Inject) -> Quarantined and deleted successfully.
Re: Sekání PC, velké využití paměti
Neměl jsi podle návodu počkat s mazáním na mě ?
Nyní použijeme větší kalibr tak že tentokrát důkladně číst, protože netoleruje chyby.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Nyní použijeme větší kalibr tak že tentokrát důkladně číst, protože netoleruje chyby.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Re: Sekání PC, velké využití paměti
Něco to smázlo ale ty hodnoty sou furt stejné
ComboFix 10-04-07.04 - Bartman 08.04.2010 14:22:49.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1566 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bartman\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bartman\Data aplikací\Microsoft\jusched.exe
c:\documents and settings\Bartman\Data aplikací\Microsoft\Run.exe
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-08 do 2010-04-08 )))))))))))))))))))))))))))))))
.
2010-04-07 19:51 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 19:51 . 2010-04-07 19:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 19:51 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 19:47 . 2010-04-07 19:47 -------- d-----w- c:\program files\CCleaner
2010-04-07 15:32 . 2010-04-07 19:44 -------- d-----w- c:\program files\trend micro
2010-04-07 15:32 . 2010-04-07 15:32 -------- d-----w- C:\rsit
2010-04-07 12:03 . 2010-04-07 12:03 -------- d-----w- c:\program files\Common Files\InterVideo
2010-04-07 12:03 . 2010-04-07 12:03 -------- d-----w- c:\program files\InterVideo
2010-04-07 08:36 . 2010-04-07 08:36 -------- d-----w- c:\program files\Common Files\CyberLink
2010-04-07 08:35 . 2010-04-07 08:36 -------- d-----w- c:\program files\CyberLink
2010-04-07 08:34 . 2010-04-07 11:23 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-06 15:43 . 2010-04-06 15:43 -------- d-----w- c:\program files\LEGO Media
2010-04-05 15:24 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-05 15:24 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-05 15:24 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-05 15:24 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-05 15:23 . 2010-04-05 15:24 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-04 16:58 . 2010-04-04 16:58 -------- d-----w- c:\program files\Cenega Czech
2010-04-02 17:06 . 2010-04-02 17:06 -------- d-----w- c:\program files\Moje farma
2010-03-30 13:08 . 2010-03-30 13:08 -------- d-----w- c:\program files\LucasArts
2010-03-27 16:37 . 2010-03-27 16:37 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-27 16:20 . 2010-03-27 16:20 -------- d-----w- c:\program files\Sierra
2010-03-24 15:28 . 2010-03-24 15:28 -------- d-----w- c:\program files\NAMCO BANDAI Games
2010-03-23 20:26 . 2010-03-23 20:26 -------- d-----w- c:\program files\DsNET Corp
2010-03-23 20:16 . 2010-03-23 20:16 -------- d-----w- c:\program files\Eurekr.com
2010-03-23 12:22 . 2010-03-23 12:22 -------- d-----w- c:\program files\IObit
2010-03-23 11:39 . 2010-03-23 11:39 -------- d-----w- c:\program files\PlayLogic
2010-03-22 19:40 . 2010-03-22 19:42 -------- d-----w- c:\program files\Mount&Blade
2010-03-21 12:50 . 2010-03-21 12:50 -------- d-----w- c:\program files\Microsoft Games
2010-03-20 17:54 . 2010-03-20 17:54 -------- d-----w- c:\program files\TopCD
2010-03-18 20:12 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-03-18 20:11 . 2010-03-18 20:12 -------- d-----w- c:\program files\VstPlugins
2010-03-18 20:11 . 2010-03-18 20:11 -------- d-----w- c:\program files\Outsim
2010-03-18 20:09 . 2010-03-18 20:12 -------- d-----w- c:\program files\Image-Line
2010-03-18 12:45 . 2010-03-18 12:45 -------- d-----w- c:\program files\Ritual Entertainment
2010-03-17 07:38 . 2010-03-17 07:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 15:34 . 2010-03-15 15:34 -------- d-----w- c:\program files\Ubisoft
2010-03-15 09:43 . 2010-03-15 09:43 -------- d-sh--w- c:\windows\ftpcache
2010-03-13 21:12 . 2010-03-15 09:46 -------- d-----w- c:\program files\Activision
2010-03-12 17:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-12 17:01 . 2010-03-12 17:01 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-11 18:30 . 2010-03-11 18:30 -------- d-----w- c:\program files\AML Products
2010-03-11 13:57 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-03-11 13:57 . 2010-04-03 10:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-11 13:57 . 2010-03-11 13:57 -------- d-----w- c:\program files\AviSynth 2.5
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 12:04 . 2010-03-02 13:47 -------- d-----w- c:\program files\InterVideo Information Service
2010-04-07 12:04 . 2010-02-24 13:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 06:38 . 2010-03-02 16:27 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-04 20:16 . 2010-02-26 15:08 -------- d-----w- c:\program files\Kalypso
2010-04-03 10:19 . 2010-03-07 14:41 -------- d-----w- c:\program files\HighGrow
2010-04-03 10:19 . 2010-03-02 10:46 -------- d-----w- c:\program files\HP
2010-03-31 18:30 . 2010-02-24 15:28 -------- d-----w- c:\program files\Deep Silver
2010-03-28 18:54 . 2008-04-14 11:00 95306 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 18:54 . 2008-04-14 11:00 470224 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 14:47 . 2010-02-24 13:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-23 07:22 . 2010-03-02 17:07 462848 ------w- c:\windows\Starcraft Gen.exe
2010-03-20 17:16 . 2010-03-04 14:40 -------- d-----w- c:\program files\Electronic Arts
2010-03-17 12:19 . 2010-02-25 18:07 -------- d-----w- c:\program files\Disney Interactive Studios
2010-03-17 07:38 . 2010-02-24 13:43 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 07:38 . 2010-02-24 13:43 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 07:37 . 2010-02-24 13:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 13:41 . 2010-02-24 18:49 -------- d-----w- c:\program files\Ashampoo
2010-03-15 09:45 . 2010-02-24 13:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-12 17:04 . 2010-03-01 19:58 -------- d-----w- c:\program files\Nokia
2010-03-09 10:06 . 2010-03-09 10:06 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-09 10:06 . 2010-03-09 10:40 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-09 10:05 . 2010-03-09 10:04 -------- d-----w- c:\program files\Lavasoft
2010-03-08 17:55 . 2010-03-08 17:55 -------- d-----w- c:\program files\Phenomedia AG
2010-03-08 17:03 . 2010-03-08 17:03 -------- d-----w- c:\program files\phenomedia
2010-03-07 14:47 . 2010-03-07 14:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-07 14:46 . 2010-03-07 14:46 -------- d-----r- c:\program files\Skype
2010-03-07 14:46 . 2010-03-07 14:46 -------- d-----w- c:\program files\Common Files\Skype
2010-03-07 10:52 . 2010-03-06 21:52 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-07 10:52 . 2010-03-06 21:52 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-06 21:52 . 2010-03-06 21:52 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-06 21:52 . 2010-03-06 21:52 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-06 16:04 . 2010-02-24 14:02 -------- d-----w- c:\program files\uTorrent
2010-03-04 14:06 . 2010-03-04 14:06 -------- d-----w- c:\program files\EA Sports
2010-03-03 10:42 . 2010-03-03 10:42 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-03 10:32 . 2010-03-03 10:22 -------- d-----w- c:\program files\Common Files\Nero
2010-03-03 10:32 . 2010-03-03 10:32 -------- d-----w- c:\program files\Windows Sidebar
2010-03-03 10:31 . 2010-03-03 10:22 -------- d-----w- c:\program files\Nero
2010-03-02 17:15 . 2010-03-02 17:15 473088 ------w- c:\windows\SC 2 Crack.exe
2010-03-02 13:47 . 2010-03-02 13:47 -------- d-----w- c:\program files\Common Files\Ulead
2010-03-02 11:06 . 2010-03-02 10:45 104257 ----a-w- c:\windows\hpoins04.dat
2010-03-02 11:04 . 2010-03-02 11:04 -------- d-----w- c:\program files\Common Files\HP
2010-03-02 11:02 . 2010-03-02 11:02 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-02 11:01 . 2010-03-02 11:01 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-01 20:06 . 2010-03-01 20:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-01 20:06 . 2010-03-01 20:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-01 20:04 . 2010-03-01 20:04 -------- d-----w- c:\program files\MSXML 6.0
2010-03-01 20:02 . 2010-03-01 20:02 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-03-01 20:02 . 2010-03-01 20:00 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-01 19:59 . 2010-03-01 19:59 -------- d-----w- c:\program files\DIFX
2010-03-01 14:05 . 2010-03-01 14:05 -------- d-----w- c:\program files\QuickTime
2010-03-01 14:04 . 2010-03-01 14:04 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 14:04 . 2010-03-01 14:04 -------- d-----w- c:\program files\Apple Software Update
2010-03-01 14:03 . 2010-03-01 14:03 -------- d-----w- c:\program files\Corel
2010-02-27 17:17 . 2010-02-27 17:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-27 17:17 . 2010-02-27 17:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-27 17:17 . 2010-02-24 15:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-27 17:12 . 2010-02-25 18:22 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-27 17:12 . 2010-02-25 18:22 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-27 16:38 . 2010-02-27 16:38 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-02-26 14:15 . 2010-02-26 14:09 -------- d--h--w- c:\program files\Zero G Registry
2010-02-26 13:51 . 2010-02-24 15:23 -------- d-----w- c:\program files\Microsoft Works
2010-02-25 18:23 . 2010-02-25 18:23 -------- d-----w- c:\program files\Empire Interactive
2010-02-25 13:28 . 2010-02-24 13:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-25 13:28 . 2010-02-24 13:11 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-25 13:27 . 2010-02-24 13:11 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-25 06:12 . 2010-01-14 15:02 919040 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 20:24 . 2010-02-24 20:14 -------- d-----w- c:\program files\1C
2010-02-24 20:22 . 2010-02-24 20:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 19:57 . 2010-02-24 19:57 -------- d-----w- c:\program files\PowerISO
2010-02-24 15:52 . 2010-02-24 15:52 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-24 15:52 . 2010-02-24 15:52 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-24 15:23 . 2010-02-24 13:14 -------- d-----w- c:\program files\MSBuild
2010-02-24 15:22 . 2010-02-24 15:22 -------- d-----w- c:\program files\Microsoft.NET
2010-02-24 15:21 . 2010-02-24 15:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-24 15:10 . 2010-02-24 15:10 -------- d-----w- c:\program files\Alcohol Soft
2010-02-24 14:49 . 2010-02-24 14:48 -------- d-----w- c:\program files\The KMPlayer
2010-02-24 14:44 . 2010-02-24 14:43 -------- d-----w- c:\program files\XP Codec Pack
2010-02-24 14:04 . 2010-02-24 14:04 -------- d-----w- c:\program files\GIGABYTE
2010-02-24 13:51 . 2010-02-24 13:51 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-24 13:51 . 2010-02-24 13:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-24 13:43 . 2010-02-24 13:43 -------- d-----w- c:\program files\AVG
2010-02-24 13:33 . 2010-02-24 13:33 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-24 13:33 . 2010-02-24 13:33 -------- d-----w- c:\program files\AvRack
2010-02-24 13:32 . 2010-02-24 13:32 -------- d-----w- c:\program files\AMD
2010-02-24 13:15 . 2010-02-24 13:15 -------- d-----w- c:\program files\microsoft frontpage
2010-02-24 13:14 . 2010-02-24 13:14 -------- d-----w- c:\program files\Reference Assemblies
2010-02-24 13:10 . 2010-02-24 13:10 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-24 13:07 . 2010-02-24 13:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-24 13:06 . 2010-02-24 13:06 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-24 13:06 . 2010-02-24 13:06 -------- d-----w- c:\program files\MSXML 4.0
2010-02-24 13:05 . 2010-02-24 13:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-12 10:03 . 2010-03-08 11:54 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-04 15:53 . 2010-03-09 10:06 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-21 13:53 . 2010-03-01 19:59 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-01-14 15:13 . 2001-10-24 11:25 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2010-01-14 15:07 . 2010-02-24 13:07 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2010-01-14 15:06 . 2010-02-24 13:06 581192 ----a-w- c:\windows\system32\winUsbCoinstaller.dll
2010-01-14 15:05 . 2010-02-24 13:06 44032 ----a-w- c:\windows\system32\msstrc.dll
2010-01-14 15:05 . 2010-02-24 13:06 1418240 ----a-w- c:\windows\system32\mssrch.dll
2010-01-14 15:05 . 2010-02-24 13:06 350208 ----a-w- c:\windows\system32\mssph.dll
.
------- Sigcheck -------
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2009-11-19 75048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
c:\documents and settings\Bartman\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GIGABYTE Gamer HUD.lnk - c:\documents and settings\Bartman\Data aplikacˇ\Microsoft\Installer\{1A3210EE-7494-4879-9270-A721ED7F9947}\HUD.exe1_1A3210EE749448799270A721ED7F9947.exe [2010-2-24 40960]
Registrace FIFA 10.lnk - c:\program files\EA Sports\FIFA 10\Support\EAregister.exe [2009-9-11 4374800]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2010-2-24 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 07:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Vzestup říše\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Vzestup říše\\extra1\\bin\\Settlers6.exe"=
"c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.3.2010 12:06 64288]
R0 pe3akrnb;Faces of War Environment Driver (pe3akrnb);c:\windows\system32\drivers\pe3akrnb.sys [19.4.2007 17:04 64896]
R0 ps6akrnb;Faces of War Synchronization Driver (ps6akrnb);c:\windows\system32\drivers\ps6akrnb.sys [19.4.2007 17:03 53128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24.2.2010 15:43 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24.2.2010 15:43 242696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/07 10:36];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.2.2010 17:08 691696]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 17:04 9472]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1265264]
S2 pr2akrnb;Faces of War Drivers Auto Removal (pr2akrnb);c:\windows\system32\pr2akrnb.exe svc --> c:\windows\system32\pr2akrnb.exe svc [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.1.2010 17:01 14848]
S4 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17.3.2010 9:37 916760]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17.3.2010 9:38 308064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-03-19 09:07]
2010-04-08 c:\windows\Tasks\User_Feed_Synchronization-{C125B866-6152-48BB-9720-4C62DB57C12C}.job
- c:\windows\system32\msfeedssync.exe [2010-01-14 15:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.tiscali.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-RailNotification - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 14:27
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Celkový čas: 2010-04-08 14:28:39
ComboFix-quarantined-files.txt 2010-04-08 12:28
Před spuštěním: Volných bajtů: 22 485 106 688
Po spuštění: Volných bajtů: 22 460 731 392
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3725C5DD26C6DBCF1C08431763053C3F
ComboFix 10-04-07.04 - Bartman 08.04.2010 14:22:49.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1566 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bartman\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bartman\Data aplikací\Microsoft\jusched.exe
c:\documents and settings\Bartman\Data aplikací\Microsoft\Run.exe
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-08 do 2010-04-08 )))))))))))))))))))))))))))))))
.
2010-04-07 19:51 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 19:51 . 2010-04-07 19:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 19:51 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 19:47 . 2010-04-07 19:47 -------- d-----w- c:\program files\CCleaner
2010-04-07 15:32 . 2010-04-07 19:44 -------- d-----w- c:\program files\trend micro
2010-04-07 15:32 . 2010-04-07 15:32 -------- d-----w- C:\rsit
2010-04-07 12:03 . 2010-04-07 12:03 -------- d-----w- c:\program files\Common Files\InterVideo
2010-04-07 12:03 . 2010-04-07 12:03 -------- d-----w- c:\program files\InterVideo
2010-04-07 08:36 . 2010-04-07 08:36 -------- d-----w- c:\program files\Common Files\CyberLink
2010-04-07 08:35 . 2010-04-07 08:36 -------- d-----w- c:\program files\CyberLink
2010-04-07 08:34 . 2010-04-07 11:23 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-06 15:43 . 2010-04-06 15:43 -------- d-----w- c:\program files\LEGO Media
2010-04-05 15:24 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-05 15:24 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-05 15:24 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-05 15:24 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-05 15:23 . 2010-04-05 15:24 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-04 16:58 . 2010-04-04 16:58 -------- d-----w- c:\program files\Cenega Czech
2010-04-02 17:06 . 2010-04-02 17:06 -------- d-----w- c:\program files\Moje farma
2010-03-30 13:08 . 2010-03-30 13:08 -------- d-----w- c:\program files\LucasArts
2010-03-27 16:37 . 2010-03-27 16:37 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-27 16:20 . 2010-03-27 16:20 -------- d-----w- c:\program files\Sierra
2010-03-24 15:28 . 2010-03-24 15:28 -------- d-----w- c:\program files\NAMCO BANDAI Games
2010-03-23 20:26 . 2010-03-23 20:26 -------- d-----w- c:\program files\DsNET Corp
2010-03-23 20:16 . 2010-03-23 20:16 -------- d-----w- c:\program files\Eurekr.com
2010-03-23 12:22 . 2010-03-23 12:22 -------- d-----w- c:\program files\IObit
2010-03-23 11:39 . 2010-03-23 11:39 -------- d-----w- c:\program files\PlayLogic
2010-03-22 19:40 . 2010-03-22 19:42 -------- d-----w- c:\program files\Mount&Blade
2010-03-21 12:50 . 2010-03-21 12:50 -------- d-----w- c:\program files\Microsoft Games
2010-03-20 17:54 . 2010-03-20 17:54 -------- d-----w- c:\program files\TopCD
2010-03-18 20:12 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-03-18 20:11 . 2010-03-18 20:12 -------- d-----w- c:\program files\VstPlugins
2010-03-18 20:11 . 2010-03-18 20:11 -------- d-----w- c:\program files\Outsim
2010-03-18 20:09 . 2010-03-18 20:12 -------- d-----w- c:\program files\Image-Line
2010-03-18 12:45 . 2010-03-18 12:45 -------- d-----w- c:\program files\Ritual Entertainment
2010-03-17 07:38 . 2010-03-17 07:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 15:34 . 2010-03-15 15:34 -------- d-----w- c:\program files\Ubisoft
2010-03-15 09:43 . 2010-03-15 09:43 -------- d-sh--w- c:\windows\ftpcache
2010-03-13 21:12 . 2010-03-15 09:46 -------- d-----w- c:\program files\Activision
2010-03-12 17:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-12 17:01 . 2010-03-12 17:01 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-11 18:30 . 2010-03-11 18:30 -------- d-----w- c:\program files\AML Products
2010-03-11 13:57 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-03-11 13:57 . 2010-04-03 10:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-11 13:57 . 2010-03-11 13:57 -------- d-----w- c:\program files\AviSynth 2.5
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 12:04 . 2010-03-02 13:47 -------- d-----w- c:\program files\InterVideo Information Service
2010-04-07 12:04 . 2010-02-24 13:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 06:38 . 2010-03-02 16:27 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-04 20:16 . 2010-02-26 15:08 -------- d-----w- c:\program files\Kalypso
2010-04-03 10:19 . 2010-03-07 14:41 -------- d-----w- c:\program files\HighGrow
2010-04-03 10:19 . 2010-03-02 10:46 -------- d-----w- c:\program files\HP
2010-03-31 18:30 . 2010-02-24 15:28 -------- d-----w- c:\program files\Deep Silver
2010-03-28 18:54 . 2008-04-14 11:00 95306 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 18:54 . 2008-04-14 11:00 470224 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 14:47 . 2010-02-24 13:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-23 07:22 . 2010-03-02 17:07 462848 ------w- c:\windows\Starcraft Gen.exe
2010-03-20 17:16 . 2010-03-04 14:40 -------- d-----w- c:\program files\Electronic Arts
2010-03-17 12:19 . 2010-02-25 18:07 -------- d-----w- c:\program files\Disney Interactive Studios
2010-03-17 07:38 . 2010-02-24 13:43 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 07:38 . 2010-02-24 13:43 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 07:37 . 2010-02-24 13:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 13:41 . 2010-02-24 18:49 -------- d-----w- c:\program files\Ashampoo
2010-03-15 09:45 . 2010-02-24 13:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-12 17:04 . 2010-03-01 19:58 -------- d-----w- c:\program files\Nokia
2010-03-09 10:06 . 2010-03-09 10:06 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-09 10:06 . 2010-03-09 10:40 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-09 10:05 . 2010-03-09 10:04 -------- d-----w- c:\program files\Lavasoft
2010-03-08 17:55 . 2010-03-08 17:55 -------- d-----w- c:\program files\Phenomedia AG
2010-03-08 17:03 . 2010-03-08 17:03 -------- d-----w- c:\program files\phenomedia
2010-03-07 14:47 . 2010-03-07 14:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-07 14:46 . 2010-03-07 14:46 -------- d-----r- c:\program files\Skype
2010-03-07 14:46 . 2010-03-07 14:46 -------- d-----w- c:\program files\Common Files\Skype
2010-03-07 10:52 . 2010-03-06 21:52 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-07 10:52 . 2010-03-06 21:52 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-06 21:52 . 2010-03-06 21:52 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-06 21:52 . 2010-03-06 21:52 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-06 16:04 . 2010-02-24 14:02 -------- d-----w- c:\program files\uTorrent
2010-03-04 14:06 . 2010-03-04 14:06 -------- d-----w- c:\program files\EA Sports
2010-03-03 10:42 . 2010-03-03 10:42 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-03 10:32 . 2010-03-03 10:22 -------- d-----w- c:\program files\Common Files\Nero
2010-03-03 10:32 . 2010-03-03 10:32 -------- d-----w- c:\program files\Windows Sidebar
2010-03-03 10:31 . 2010-03-03 10:22 -------- d-----w- c:\program files\Nero
2010-03-02 17:15 . 2010-03-02 17:15 473088 ------w- c:\windows\SC 2 Crack.exe
2010-03-02 13:47 . 2010-03-02 13:47 -------- d-----w- c:\program files\Common Files\Ulead
2010-03-02 11:06 . 2010-03-02 10:45 104257 ----a-w- c:\windows\hpoins04.dat
2010-03-02 11:04 . 2010-03-02 11:04 -------- d-----w- c:\program files\Common Files\HP
2010-03-02 11:02 . 2010-03-02 11:02 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-02 11:01 . 2010-03-02 11:01 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-01 20:06 . 2010-03-01 20:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-01 20:06 . 2010-03-01 20:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-01 20:04 . 2010-03-01 20:04 -------- d-----w- c:\program files\MSXML 6.0
2010-03-01 20:02 . 2010-03-01 20:02 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-03-01 20:02 . 2010-03-01 20:00 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-01 19:59 . 2010-03-01 19:59 -------- d-----w- c:\program files\DIFX
2010-03-01 14:05 . 2010-03-01 14:05 -------- d-----w- c:\program files\QuickTime
2010-03-01 14:04 . 2010-03-01 14:04 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 14:04 . 2010-03-01 14:04 -------- d-----w- c:\program files\Apple Software Update
2010-03-01 14:03 . 2010-03-01 14:03 -------- d-----w- c:\program files\Corel
2010-02-27 17:17 . 2010-02-27 17:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-27 17:17 . 2010-02-27 17:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-27 17:17 . 2010-02-24 15:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-27 17:12 . 2010-02-25 18:22 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-27 17:12 . 2010-02-25 18:22 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-27 16:38 . 2010-02-27 16:38 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-02-26 14:15 . 2010-02-26 14:09 -------- d--h--w- c:\program files\Zero G Registry
2010-02-26 13:51 . 2010-02-24 15:23 -------- d-----w- c:\program files\Microsoft Works
2010-02-25 18:23 . 2010-02-25 18:23 -------- d-----w- c:\program files\Empire Interactive
2010-02-25 13:28 . 2010-02-24 13:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-25 13:28 . 2010-02-24 13:11 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-25 13:27 . 2010-02-24 13:11 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-25 06:12 . 2010-01-14 15:02 919040 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 20:24 . 2010-02-24 20:14 -------- d-----w- c:\program files\1C
2010-02-24 20:22 . 2010-02-24 20:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 19:57 . 2010-02-24 19:57 -------- d-----w- c:\program files\PowerISO
2010-02-24 15:52 . 2010-02-24 15:52 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-24 15:52 . 2010-02-24 15:52 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-24 15:23 . 2010-02-24 13:14 -------- d-----w- c:\program files\MSBuild
2010-02-24 15:22 . 2010-02-24 15:22 -------- d-----w- c:\program files\Microsoft.NET
2010-02-24 15:21 . 2010-02-24 15:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-24 15:10 . 2010-02-24 15:10 -------- d-----w- c:\program files\Alcohol Soft
2010-02-24 14:49 . 2010-02-24 14:48 -------- d-----w- c:\program files\The KMPlayer
2010-02-24 14:44 . 2010-02-24 14:43 -------- d-----w- c:\program files\XP Codec Pack
2010-02-24 14:04 . 2010-02-24 14:04 -------- d-----w- c:\program files\GIGABYTE
2010-02-24 13:51 . 2010-02-24 13:51 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-24 13:51 . 2010-02-24 13:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-24 13:43 . 2010-02-24 13:43 -------- d-----w- c:\program files\AVG
2010-02-24 13:33 . 2010-02-24 13:33 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-24 13:33 . 2010-02-24 13:33 -------- d-----w- c:\program files\AvRack
2010-02-24 13:32 . 2010-02-24 13:32 -------- d-----w- c:\program files\AMD
2010-02-24 13:15 . 2010-02-24 13:15 -------- d-----w- c:\program files\microsoft frontpage
2010-02-24 13:14 . 2010-02-24 13:14 -------- d-----w- c:\program files\Reference Assemblies
2010-02-24 13:10 . 2010-02-24 13:10 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-24 13:07 . 2010-02-24 13:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-24 13:06 . 2010-02-24 13:06 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-24 13:06 . 2010-02-24 13:06 -------- d-----w- c:\program files\MSXML 4.0
2010-02-24 13:05 . 2010-02-24 13:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-12 10:03 . 2010-03-08 11:54 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-04 15:53 . 2010-03-09 10:06 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-21 13:53 . 2010-03-01 19:59 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-01-14 15:13 . 2001-10-24 11:25 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2010-01-14 15:07 . 2010-02-24 13:07 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2010-01-14 15:06 . 2010-02-24 13:06 581192 ----a-w- c:\windows\system32\winUsbCoinstaller.dll
2010-01-14 15:05 . 2010-02-24 13:06 44032 ----a-w- c:\windows\system32\msstrc.dll
2010-01-14 15:05 . 2010-02-24 13:06 1418240 ----a-w- c:\windows\system32\mssrch.dll
2010-01-14 15:05 . 2010-02-24 13:06 350208 ----a-w- c:\windows\system32\mssph.dll
.
------- Sigcheck -------
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2009-11-19 75048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
c:\documents and settings\Bartman\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GIGABYTE Gamer HUD.lnk - c:\documents and settings\Bartman\Data aplikacˇ\Microsoft\Installer\{1A3210EE-7494-4879-9270-A721ED7F9947}\HUD.exe1_1A3210EE749448799270A721ED7F9947.exe [2010-2-24 40960]
Registrace FIFA 10.lnk - c:\program files\EA Sports\FIFA 10\Support\EAregister.exe [2009-9-11 4374800]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2010-2-24 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 07:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Vzestup říše\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Vzestup říše\\extra1\\bin\\Settlers6.exe"=
"c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.3.2010 12:06 64288]
R0 pe3akrnb;Faces of War Environment Driver (pe3akrnb);c:\windows\system32\drivers\pe3akrnb.sys [19.4.2007 17:04 64896]
R0 ps6akrnb;Faces of War Synchronization Driver (ps6akrnb);c:\windows\system32\drivers\ps6akrnb.sys [19.4.2007 17:03 53128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24.2.2010 15:43 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24.2.2010 15:43 242696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/07 10:36];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.2.2010 17:08 691696]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 17:04 9472]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1265264]
S2 pr2akrnb;Faces of War Drivers Auto Removal (pr2akrnb);c:\windows\system32\pr2akrnb.exe svc --> c:\windows\system32\pr2akrnb.exe svc [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.1.2010 17:01 14848]
S4 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17.3.2010 9:37 916760]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17.3.2010 9:38 308064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-03-19 09:07]
2010-04-08 c:\windows\Tasks\User_Feed_Synchronization-{C125B866-6152-48BB-9720-4C62DB57C12C}.job
- c:\windows\system32\msfeedssync.exe [2010-01-14 15:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.tiscali.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Notify-RailNotification - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 14:27
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Celkový čas: 2010-04-08 14:28:39
ComboFix-quarantined-files.txt 2010-04-08 12:28
Před spuštěním: Volných bajtů: 22 485 106 688
Po spuštění: Volných bajtů: 22 460 731 392
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3725C5DD26C6DBCF1C08431763053C3F
Re: Sekání PC, velké využití paměti
No když vidím co si tam cpeš tak se ani nedivím že PC zlobí.
Tohle :
c:\windows\system32\sfcfiles.dll
otestuj na VIRUSTOTAL
(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor
trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)
Tohle :
c:\windows\system32\sfcfiles.dll
otestuj na VIRUSTOTAL
(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor
trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)
Re: Sekání PC, velké využití paměti
Exception
Please report failure as: ErrorTime= "Apr 08 19:20:05"
Nejde mi to, načte do stovky a konec, zkusím za chvíly
Please report failure as: ErrorTime= "Apr 08 19:20:05"
Nejde mi to, načte do stovky a konec, zkusím za chvíly
Re: Sekání PC, velké využití paměti
Tak jo snad by to mělo být vše
ff876311f58c86ec3e1a24f585949c25
ff876311f58c86ec3e1a24f585949c25
Re: Sekání PC, velké využití paměti
srbino píše:Tak jo snad by to mělo být vše
ff876311f58c86ec3e1a24f585949c25
Tohle přece není odkaz na výsledek testu, musí to vypadat asi takhle :
http://www.virustotal.com/cs/analisis/b ... 1269965166
Re: Sekání PC, velké využití paměti
vždyť to stačí vložit do hledání součtů http://www.virustotal.com/analisis/c759 ... 1270750349
Jinak počítač je natom čím dál hůř už se celý zpomaluje
Jinak počítač je natom čím dál hůř už se celý zpomaluje
Re: Sekání PC, velké využití paměti
Zkus odinstalovat AVG, pokud by odinstalace selhala použij AVG Remover
Nainstaluj jiný free antivir třeba AVAST 5
Defragmentuj disku buď integrovaným windows nástrojem,
nebo jinou aplikací, například Defragglerem
Pak dej vědět jestli to zabralo.
Nainstaluj jiný free antivir třeba AVAST 5
Defragmentuj disku buď integrovaným windows nástrojem,
nebo jinou aplikací, například Defragglerem
Pak dej vědět jestli to zabralo.
Re: Sekání PC, velké využití paměti
defragmentace nepomohla ovšem avast našel dva viry. PC zatím jede, kdyby se cokoliv dělo ozvu se.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:30, on 9.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\trend micro\Bartman.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: GIGABYTE Gamer HUD.lnk = ?
O4 - Startup: Registrace FIFA 10.lnk = C:\Program Files\EA Sports\FIFA 10\Support\EAregister.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Faces of War Drivers Auto Removal (pr2akrnb) (pr2akrnb) - Cenega Czech - C:\WINDOWS\system32\pr2akrnb.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7215 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:30, on 9.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\trend micro\Bartman.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: GIGABYTE Gamer HUD.lnk = ?
O4 - Startup: Registrace FIFA 10.lnk = C:\Program Files\EA Sports\FIFA 10\Support\EAregister.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Faces of War Drivers Auto Removal (pr2akrnb) (pr2akrnb) - Cenega Czech - C:\WINDOWS\system32\pr2akrnb.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7215 bytes
Re: Sekání PC, velké využití paměti
Dobře ale ještě tohle fixni v HJT :
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Nero BackItUp Scheduler 4.0
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Nero BackItUp Scheduler 4.0
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
c:\windows\msdownld.tmp
c:\windows\Starcraft Gen.exe
c:\windows\SC 2 Crack.exe
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Přispějete na provoz fóra?