Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventívne - RSIT

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
666andrew
Návštěvník
Návštěvník
Příspěvky: 146
Registrován: 09 říj 2009 14:16

Re: Preventívne - RSIT

#31 Příspěvek od 666andrew »

Inštalácia ukázala, že nie je pripojená, preto nemôže pokračovať. :?:
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívne - RSIT

#32 Příspěvek od vyosek »

Takze od ctecky vede jen kabel ke zdroji :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
666andrew
Návštěvník
Návštěvník
Příspěvky: 146
Registrován: 09 říj 2009 14:16

Re: Preventívne - RSIT

#33 Příspěvek od 666andrew »

Hej.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívne - RSIT

#34 Příspěvek od vyosek »

Poprosim nekoho z kolegu co se lepe vyznaji v HW
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívne - RSIT

#35 Příspěvek od vyosek »

Kterou z nich mate http://emea.apacer.com/en/products/Card_Readers.htm :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
666andrew
Návštěvník
Návštěvník
Příspěvky: 146
Registrován: 09 říj 2009 14:16

Re: Preventívne - RSIT

#36 Příspěvek od 666andrew »

Túto - http://emea.apacer.com/en/products/Inte ... _specs.htm
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívne - RSIT

#37 Příspěvek od vyosek »

:arrow: Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    :reg
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /sub
  • Kliknete na Look
  • Tlacitko Look se zmeni na Scanning a zsedne
  • Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
  • Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
666andrew
Návštěvník
Návštěvník
Příspěvky: 146
Registrován: 09 říj 2009 14:16

Re: Preventívne - RSIT

#38 Příspěvek od 666andrew »

Bohužial, dal som na vlastné riziko obnovu systému, pretože mi každých 10 minút padal internet. Myslím, že to bolo tiež tým, pretože pripojenie bolo dobré po celý čas, mám to overené.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívne - RSIT

#39 Příspěvek od vyosek »

:arrow: Takze ctecka ted videt je :???:

:arrow: Dejte tedy novy log z RSIT
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
666andrew
Návštěvník
Návštěvník
Příspěvky: 146
Registrován: 09 říj 2009 14:16

Re: Preventívne - RSIT

#40 Příspěvek od 666andrew »

Áno, teraz už je vidieť. Tu je ten log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Maros at 2011-09-19 22:13:30
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 123 GB (52%) free of 238 GB
Total RAM: 4094 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:13:34, on 19. 9. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Users\Maros\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\MTA San Andreas 1.1\Multi Theft Auto.exe
C:\Program Files\trend micro\Maros.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Maros\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3021412433-211472960-2263810628-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3021412433-211472960-2263810628-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8343 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
"C:\Program Files\NetLimiter 3\nlsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2324
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d984a6b8-e470-4a60-90b3-650a8af5c9f3 -SystemEventPortName:HostProcess-b7c0b9c8-e41c-496c-958a-5f65e4788227 -IoCancelEventPortName:HostProcess-06e5d9d5-4448-4818-a01f-d2853a706a9e -NonStateChangingEventPortName:HostProcess-6303b72d-c39c-4c4b-bdc1-b613633b35fc -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:dff1e03c-37c1-43b3-8a22-4f4e69c55637
"C:\Windows\RAVCpl64.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\PixArt\PAC207\Monitor.exe"
"C:\Users\Maros\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe" /crashhandler
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\MTA San Andreas 1.1\Multi Theft Auto.exe"
"C:\IMPORTANT\GTASanAndreas\gta_sa.exe"
taskeng.exe {30FEDDE4-E8E2-4367-8AA8-00C4A5F41DBC}
C:\Windows\system32\wbem\wmiprvse.exe
taskhost.exe $(Arg0)
"C:\Users\Maros\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-18 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-07-03 6430208]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Clownfish"= []
"Google Update"=C:\Users\Maros\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Maros\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe [2008-05-30 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
C:\Program Files\NetLimiter 3\NLClientApp.exe [2011-03-21 2910208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2011-07-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2008-06-25 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2011-05-18 149280]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-07-05 421888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-09-19 22:12:25 ----D---- C:\rsit
2011-09-18 13:22:41 ----D---- C:\Program Files (x86)\FileHippo.com
2011-09-17 12:28:27 ----D---- C:\ProgramData\Omnius for SE
2011-09-17 12:27:43 ----D---- C:\Program Files (x86)\Omnius for SE
2011-09-09 13:09:31 ----D---- C:\ProgramData\Apple Computer
2011-09-09 11:17:11 ----D---- C:\Users\Maros\AppData\Roaming\NVIDIA
2011-09-08 22:18:01 ----D---- C:\Users\Maros\AppData\Roaming\Opera
2011-09-08 22:17:53 ----D---- C:\Program Files (x86)\Opera
2011-09-08 15:15:22 ----D---- C:\ProgramData\EA Core
2011-09-08 15:15:21 ----D---- C:\ProgramData\Electronic Arts
2011-09-08 07:31:18 ----D---- C:\Program Files (x86)\Dragon Age 2
2011-09-07 19:32:43 ----D---- C:\Program Files (x86)\Reality Pump
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\OpenCL.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvoglv64.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvgenco64.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvdispco64.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvcuvid.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvcuda.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvcompiler.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-09-01 14:13:44 ----HDC---- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-09-01 14:12:33 ----D---- C:\ProgramData\Native Instruments
2011-09-01 14:12:31 ----HDC---- C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2011-09-01 14:12:08 ----HDC---- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2011-09-01 14:12:05 ----D---- C:\Program Files\Native Instruments
2011-09-01 14:12:05 ----D---- C:\Program Files\Common Files\Native Instruments
2011-08-31 18:18:03 ----A---- C:\Windows\ODBC.INI
2011-08-31 18:18:01 ----A---- C:\Windows\SYSWOW64\Gcd3uCpl.dll
2011-08-31 18:18:00 ----A---- C:\Windows\SYSWOW64\Joy5FF.dll
2011-08-31 18:17:58 ----D---- C:\Program Files (x86)\Dual Vibration Gamepad-Macro A
2011-08-30 23:38:12 ----D---- C:\Program Files (x86)\Adobe
2011-08-30 11:45:30 ----D---- C:\Program Files (x86)\Ubisoft
2011-08-29 11:27:39 ----D---- C:\ProgramData\Locktime
2011-08-29 11:27:36 ----D---- C:\Program Files\NetLimiter 3
2011-08-29 11:10:54 ----A---- C:\Users\Maros\AppData\Roaming\Network Meter_Settings.ini
2011-08-29 10:58:55 ----D---- C:\Users\Maros\AppData\Roaming\Rokario
2011-08-29 00:25:17 ----D---- C:\Program Files (x86)\DownVision
2011-08-25 21:31:53 ----D---- C:\ProgramData\MTA San Andreas All
2011-08-25 21:31:53 ----D---- C:\Program Files (x86)\MTA San Andreas 1.1
2011-08-24 11:59:06 ----D---- C:\Program Files (x86)\Guitar Pro 5
2011-08-24 09:52:01 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-24 09:52:01 ----A---- C:\Windows\system32\tzres.dll
2011-08-22 07:39:26 ----D---- C:\Windows\Minidump
2011-08-21 21:28:20 ----D---- C:\Program Files (x86)\Darksiders

======List of files/folders modified in the last 1 months======

2011-09-19 22:13:34 ----D---- C:\Windows\Temp
2011-09-19 22:13:34 ----D---- C:\Program Files\trend micro
2011-09-19 22:11:59 ----D---- C:\Users\Maros\AppData\Roaming\Skype
2011-09-19 22:11:49 ----D---- C:\Windows\system32\config
2011-09-19 22:00:30 ----SHD---- C:\System Volume Information
2011-09-19 21:57:32 ----D---- C:\ProgramData\Easybits GO
2011-09-19 21:53:22 ----D---- C:\ProgramData\NVIDIA
2011-09-19 21:53:20 ----D---- C:\Windows\Tasks
2011-09-19 21:53:20 ----D---- C:\Windows\system32\wfp
2011-09-19 21:53:20 ----D---- C:\Windows\system32\drivers\UMDF
2011-09-19 21:53:16 ----D---- C:\Windows\system32\wbem
2011-09-19 21:53:16 ----D---- C:\Windows
2011-09-19 21:51:41 ----D---- C:\Windows\system32\DriverStore
2011-09-19 21:51:41 ----D---- C:\Windows\system32\drivers\etc
2011-09-19 21:51:41 ----D---- C:\Windows\system32\catroot2
2011-09-19 21:51:41 ----D---- C:\Windows\System32
2011-09-19 21:51:41 ----D---- C:\Windows\inf
2011-09-19 21:51:40 ----D---- C:\Windows\SYSWOW64\drivers
2011-09-19 21:51:40 ----D---- C:\Windows\SysWOW64
2011-09-19 21:51:40 ----D---- C:\Windows\system32\drivers
2011-09-19 21:51:32 ----SHD---- C:\Windows\Installer
2011-09-19 21:51:02 ----D---- C:\Users\Maros\AppData\Roaming\Winamp
2011-09-19 21:51:02 ----D---- C:\Users\Maros\AppData\Roaming\uTorrent
2011-09-19 21:50:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-19 21:50:39 ----D---- C:\Windows\registration
2011-09-19 21:50:16 ----D---- C:\Windows\Microsoft.NET
2011-09-19 21:49:01 ----RSD---- C:\Windows\assembly
2011-09-19 21:47:12 ----SD---- C:\Users\Maros\AppData\Roaming\Microsoft
2011-09-19 21:46:59 ----RD---- C:\Program Files (x86)
2011-09-19 19:14:42 ----D---- C:\Users\Maros\AppData\Roaming\skypePM
2011-09-17 17:18:00 ----D---- C:\Windows\SoftwareDistribution
2011-09-17 17:17:51 ----D---- C:\Windows\debug
2011-09-17 12:28:27 ----HD---- C:\ProgramData
2011-09-16 11:51:04 ----SHD---- C:\Config.Msi
2011-09-16 11:51:00 ----D---- C:\ProgramData\Microsoft Help
2011-09-16 11:49:42 ----D---- C:\Windows\winsxs
2011-09-16 11:47:33 ----D---- C:\Windows\system32\catroot
2011-09-16 11:45:35 ----A---- C:\Windows\system32\MRT.exe
2011-09-13 21:21:45 ----D---- C:\Users\Maros\AppData\Roaming\DAEMON Tools Lite
2011-09-13 21:20:41 ----D---- C:\Program Files\CCleaner
2011-09-12 22:48:09 ----D---- C:\Users\Maros\AppData\Roaming\.purple
2011-09-09 13:10:02 ----D---- C:\Program Files (x86)\QuickTime
2011-09-09 06:59:38 ----D---- C:\Windows\Prefetch
2011-09-08 19:36:55 ----D---- C:\Windows\system32\Tasks
2011-09-08 19:36:51 ----RD---- C:\Program Files (x86)\Skype
2011-09-08 19:36:51 ----D---- C:\Program Files (x86)\Common Files
2011-09-08 19:36:17 ----D---- C:\ProgramData\Skype
2011-09-08 18:31:20 ----D---- C:\Windows\Logs
2011-09-08 12:06:39 ----D---- C:\Users\Maros\AppData\Roaming\Ahead
2011-09-07 14:52:57 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-09-05 11:17:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-09-05 11:10:06 ----D---- C:\Program Files\NVIDIA Corporation
2011-09-04 01:33:31 ----D---- C:\Users\Maros\AppData\Roaming\Media Player Classic
2011-09-01 14:12:05 ----RD---- C:\Program Files
2011-09-01 14:12:05 ----D---- C:\Program Files\Common Files
2011-08-30 23:38:21 ----D---- C:\ProgramData\Adobe
2011-08-30 12:16:13 ----D---- C:\Users\Maros\AppData\Roaming\Canon
2011-08-30 09:42:49 ----D---- C:\Windows\rescache
2011-08-24 15:36:09 ----D---- C:\Windows\SYSWOW64\fr-FR
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\zh-TW
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\sk-SK
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\en-US
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\ar-SA
2011-08-24 15:36:08 ----D---- C:\Windows\system32\zh-TW
2011-08-24 15:36:08 ----D---- C:\Windows\system32\sk-SK
2011-08-24 15:36:08 ----D---- C:\Windows\system32\fr-FR
2011-08-24 15:36:08 ----D---- C:\Windows\system32\en-US
2011-08-24 15:36:08 ----D---- C:\Windows\system32\cs-CZ
2011-08-24 15:36:08 ----D---- C:\Windows\system32\ar-SA
2011-08-24 11:59:12 ----RSD---- C:\Windows\Fonts
2011-08-22 18:51:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-22 07:37:50 ----D---- C:\Windows\LiveKernelReports
2011-08-21 00:53:23 ----D---- C:\Users\Maros\AppData\Roaming\TS3Client

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-18 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-07-03 1477272]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 PAC207;Trust Webcam Live; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-04-12 572928]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-05-21 82816]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264]
S1 tfilukig;tfilukig; \??\C:\Windows\system32\drivers\tfilukig.sys []
S3 aiqb7n1y;aiqb7n1y; C:\Windows\system32\drivers\aiqb7n1y.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2011-05-18 20544]
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-30 30208]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-12-02 19968]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe [2009-08-31 1821184]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
R2 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2011-03-21 1845248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-03 980072]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívne - RSIT

#41 Příspěvek od vyosek »

:arrow: Otevrete si poznamkovy blok
  • Start->spustit->notepad
  • Vlozte text nize

  • Kód: Vybrat vše

    REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Clownfish"=-
"Google Update"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
  • Soubor ulozte jako oprava.reg
  • Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
  • Obrázek
  • Zavrit notepad ale vytvoreny soubor nespoustejte
  • Soubor oprava.reg ulozte primo na disk c:\ tak aby nebyl v zadne slozce (cesta tedy bude c:\oprava.reg)
:arrow: Stahnete Avenger (viz muj podpis)
  • Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
  • Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
  • Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

  • Kód: Vybrat vše

    Files to delete:
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000UA.job
C:\Windows\system32\drivers\tfilukig.sys

Drivers to delete:
tfilukig
NBService

Programs launch on reboot:
c:\oprava.reg
  • Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
  • Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
  • Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
  • Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
666andrew
Návštěvník
Návštěvník
Příspěvky: 146
Registrován: 09 říj 2009 14:16

Re: Preventívne - RSIT

#42 Příspěvek od 666andrew »

A skopíroval som to presne, ako to je tam.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.1 (build 7601, Service Pack 1)
Mon Sep 19 22:26:29 2011

22:26:29: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívne - RSIT

#43 Příspěvek od vyosek »

:arrow: vytvoreny soubor oprava.reg spustte dvojklikem a nechte naimportovat jeho obsah

:arrow: Stahnete gmer http://www.gmer.net/gmer.zip a rozbalte jej

:arrow: Spustte Gmer, probehne kratky sken, toho si nevsimejte
  • Nahore vedle zalozky Rootkit/Malware kliknete na >>>, tim se Vam otevrou dalsi zalozky
  • Prepnete se do zalozky CMD

  • Kód: Vybrat vše

    gmer -killall
gmer -del file "C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000Core.job"
gmer -del file "C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000UA.job"
gmer -del file "C:\Windows\system32\drivers\tfilukig.sys"
gmer -del service "NBService"
gmer -del service "tfilukig"
gmer -reboot
  • Kliknete na tlacitko Run
  • gmer provede prikazy a restartuje PC
:arrow: Dejte novy log z RSIT
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
666andrew
Návštěvník
Návštěvník
Příspěvky: 146
Registrován: 09 říj 2009 14:16

Re: Preventívne - RSIT

#44 Příspěvek od 666andrew »

Najprv vyhodilo nejakú chybu, nastavil som kompatibilitu na XP a spustil ako správca. Napísalo úspešné, no nereštartlo, tak som reštartol ručne a tu je RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Maros at 2011-09-20 06:44:45
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 123 GB (52%) free of 238 GB
Total RAM: 4094 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:45:00, on 20. 9. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\trend micro\Maros.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7581 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
taskeng.exe {742408C5-E4BB-4C05-8305-1D02087D256C}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"taskhost.exe"
"C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\NetLimiter 3\nlsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\RAVCpl64.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Windows\PixArt\PAC207\Monitor.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
WLIDSvcM.exe 2556
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4f6f2ed3-4148-4010-b1db-e4716110e960 -SystemEventPortName:HostProcess-e371edec-8d57-4015-bb00-0c24a06e673f -IoCancelEventPortName:HostProcess-b82600c4-bc09-4177-b479-81e5aa3c5670 -NonStateChangingEventPortName:HostProcess-4014f3fa-298b-484a-8d47-8babf2d7eb68 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8e975d4d-dded-4f76-acef-8e6a6c8dce5b
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Maros\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-18 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-07-03 6430208]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe [2008-05-30 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
C:\Program Files\NetLimiter 3\NLClientApp.exe [2011-03-21 2910208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2008-06-25 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-09-19 22:26:36 ----A---- C:\cleanup.exe
2011-09-19 22:26:35 ----A---- C:\Windows\SYSWOW64\drivers\iatzlxax.sys
2011-09-19 22:26:35 ----A---- C:\Windows\ousze.txt
2011-09-19 22:26:29 ----A---- C:\avenger.txt
2011-09-19 22:12:25 ----D---- C:\rsit
2011-09-18 13:22:41 ----D---- C:\Program Files (x86)\FileHippo.com
2011-09-17 12:28:27 ----D---- C:\ProgramData\Omnius for SE
2011-09-17 12:27:43 ----D---- C:\Program Files (x86)\Omnius for SE
2011-09-09 13:09:31 ----D---- C:\ProgramData\Apple Computer
2011-09-09 11:17:11 ----D---- C:\Users\Maros\AppData\Roaming\NVIDIA
2011-09-08 22:18:01 ----D---- C:\Users\Maros\AppData\Roaming\Opera
2011-09-08 22:17:53 ----D---- C:\Program Files (x86)\Opera
2011-09-08 15:15:22 ----D---- C:\ProgramData\EA Core
2011-09-08 15:15:21 ----D---- C:\ProgramData\Electronic Arts
2011-09-08 07:31:18 ----D---- C:\Program Files (x86)\Dragon Age 2
2011-09-07 19:32:43 ----D---- C:\Program Files (x86)\Reality Pump
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2011-09-05 11:07:08 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\OpenCL.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvoglv64.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvgenco64.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvdispco64.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvd3dumx.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvcuvid.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvcuda.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\nvcompiler.dll
2011-09-05 11:07:08 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-09-01 14:13:44 ----HDC---- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-09-01 14:12:33 ----D---- C:\ProgramData\Native Instruments
2011-09-01 14:12:31 ----HDC---- C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2011-09-01 14:12:08 ----HDC---- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2011-09-01 14:12:05 ----D---- C:\Program Files\Native Instruments
2011-09-01 14:12:05 ----D---- C:\Program Files\Common Files\Native Instruments
2011-08-31 18:18:03 ----A---- C:\Windows\ODBC.INI
2011-08-31 18:18:01 ----A---- C:\Windows\SYSWOW64\Gcd3uCpl.dll
2011-08-31 18:18:00 ----A---- C:\Windows\SYSWOW64\Joy5FF.dll
2011-08-31 18:17:58 ----D---- C:\Program Files (x86)\Dual Vibration Gamepad-Macro A
2011-08-30 23:38:12 ----D---- C:\Program Files (x86)\Adobe
2011-08-30 11:45:30 ----D---- C:\Program Files (x86)\Ubisoft
2011-08-29 11:27:39 ----D---- C:\ProgramData\Locktime
2011-08-29 11:27:36 ----D---- C:\Program Files\NetLimiter 3
2011-08-29 11:10:54 ----A---- C:\Users\Maros\AppData\Roaming\Network Meter_Settings.ini
2011-08-29 10:58:55 ----D---- C:\Users\Maros\AppData\Roaming\Rokario
2011-08-29 00:25:17 ----D---- C:\Program Files (x86)\DownVision
2011-08-25 21:31:53 ----D---- C:\ProgramData\MTA San Andreas All
2011-08-25 21:31:53 ----D---- C:\Program Files (x86)\MTA San Andreas 1.1
2011-08-24 11:59:06 ----D---- C:\Program Files (x86)\Guitar Pro 5
2011-08-24 09:52:01 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-24 09:52:01 ----A---- C:\Windows\system32\tzres.dll
2011-08-22 07:39:26 ----D---- C:\Windows\Minidump
2011-08-21 21:28:20 ----D---- C:\Program Files (x86)\Darksiders

======List of files/folders modified in the last 1 months======

2011-09-20 06:44:52 ----D---- C:\Program Files\trend micro
2011-09-20 06:44:48 ----D---- C:\Windows\Temp
2011-09-20 06:44:27 ----D---- C:\Windows\system32\config
2011-09-20 06:43:11 ----D---- C:\ProgramData\NVIDIA
2011-09-20 06:25:46 ----D---- C:\Windows
2011-09-19 22:34:45 ----D---- C:\Users\Maros\AppData\Roaming\uTorrent
2011-09-19 22:34:45 ----D---- C:\Users\Maros\AppData\Roaming\Skype
2011-09-19 22:26:35 ----D---- C:\Windows\SYSWOW64\drivers
2011-09-19 22:00:30 ----SHD---- C:\System Volume Information
2011-09-19 21:57:32 ----D---- C:\ProgramData\Easybits GO
2011-09-19 21:53:20 ----D---- C:\Windows\Tasks
2011-09-19 21:53:20 ----D---- C:\Windows\system32\wfp
2011-09-19 21:53:20 ----D---- C:\Windows\system32\drivers\UMDF
2011-09-19 21:53:16 ----D---- C:\Windows\system32\wbem
2011-09-19 21:51:41 ----D---- C:\Windows\system32\DriverStore
2011-09-19 21:51:41 ----D---- C:\Windows\system32\drivers\etc
2011-09-19 21:51:41 ----D---- C:\Windows\system32\catroot2
2011-09-19 21:51:41 ----D---- C:\Windows\System32
2011-09-19 21:51:41 ----D---- C:\Windows\inf
2011-09-19 21:51:40 ----D---- C:\Windows\SysWOW64
2011-09-19 21:51:40 ----D---- C:\Windows\system32\drivers
2011-09-19 21:51:32 ----SHD---- C:\Windows\Installer
2011-09-19 21:51:02 ----D---- C:\Users\Maros\AppData\Roaming\Winamp
2011-09-19 21:50:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-19 21:50:39 ----D---- C:\Windows\registration
2011-09-19 21:50:16 ----D---- C:\Windows\Microsoft.NET
2011-09-19 21:49:01 ----RSD---- C:\Windows\assembly
2011-09-19 21:47:12 ----SD---- C:\Users\Maros\AppData\Roaming\Microsoft
2011-09-19 21:46:59 ----RD---- C:\Program Files (x86)
2011-09-19 19:14:42 ----D---- C:\Users\Maros\AppData\Roaming\skypePM
2011-09-17 17:18:00 ----D---- C:\Windows\SoftwareDistribution
2011-09-17 17:17:51 ----D---- C:\Windows\debug
2011-09-17 12:28:27 ----HD---- C:\ProgramData
2011-09-16 11:51:04 ----SHD---- C:\Config.Msi
2011-09-16 11:51:00 ----D---- C:\ProgramData\Microsoft Help
2011-09-16 11:49:42 ----D---- C:\Windows\winsxs
2011-09-16 11:47:33 ----D---- C:\Windows\system32\catroot
2011-09-16 11:45:35 ----A---- C:\Windows\system32\MRT.exe
2011-09-13 21:21:45 ----D---- C:\Users\Maros\AppData\Roaming\DAEMON Tools Lite
2011-09-13 21:20:41 ----D---- C:\Program Files\CCleaner
2011-09-12 22:48:09 ----D---- C:\Users\Maros\AppData\Roaming\.purple
2011-09-09 13:10:02 ----D---- C:\Program Files (x86)\QuickTime
2011-09-09 06:59:38 ----D---- C:\Windows\Prefetch
2011-09-08 19:36:55 ----D---- C:\Windows\system32\Tasks
2011-09-08 19:36:51 ----RD---- C:\Program Files (x86)\Skype
2011-09-08 19:36:51 ----D---- C:\Program Files (x86)\Common Files
2011-09-08 19:36:17 ----D---- C:\ProgramData\Skype
2011-09-08 18:31:20 ----D---- C:\Windows\Logs
2011-09-08 12:06:39 ----D---- C:\Users\Maros\AppData\Roaming\Ahead
2011-09-07 14:52:57 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-09-05 11:17:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-09-05 11:10:06 ----D---- C:\Program Files\NVIDIA Corporation
2011-09-04 01:33:31 ----D---- C:\Users\Maros\AppData\Roaming\Media Player Classic
2011-09-01 14:12:05 ----RD---- C:\Program Files
2011-09-01 14:12:05 ----D---- C:\Program Files\Common Files
2011-08-30 23:38:21 ----D---- C:\ProgramData\Adobe
2011-08-30 12:16:13 ----D---- C:\Users\Maros\AppData\Roaming\Canon
2011-08-30 09:42:49 ----D---- C:\Windows\rescache
2011-08-24 15:36:09 ----D---- C:\Windows\SYSWOW64\fr-FR
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\zh-TW
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\sk-SK
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\en-US
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-24 15:36:08 ----D---- C:\Windows\SYSWOW64\ar-SA
2011-08-24 15:36:08 ----D---- C:\Windows\system32\zh-TW
2011-08-24 15:36:08 ----D---- C:\Windows\system32\sk-SK
2011-08-24 15:36:08 ----D---- C:\Windows\system32\fr-FR
2011-08-24 15:36:08 ----D---- C:\Windows\system32\en-US
2011-08-24 15:36:08 ----D---- C:\Windows\system32\cs-CZ
2011-08-24 15:36:08 ----D---- C:\Windows\system32\ar-SA
2011-08-24 11:59:12 ----RSD---- C:\Windows\Fonts
2011-08-22 18:51:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-22 07:37:50 ----D---- C:\Windows\LiveKernelReports
2011-08-21 00:53:23 ----D---- C:\Users\Maros\AppData\Roaming\TS3Client

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-18 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-07-03 1477272]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 PAC207;Trust Webcam Live; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-04-12 572928]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-05-21 82816]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264]
S0 iyasmicb;iyasmicb; C:\Windows\system32\drivers\iatzlxax.sys []
S1 tfilukig;tfilukig; \??\C:\Windows\system32\drivers\tfilukig.sys []
S3 a8xkf880;a8xkf880; C:\Windows\system32\drivers\a8xkf880.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2011-05-18 20544]
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-30 30208]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-12-02 19968]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe [2009-08-31 1821184]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
R2 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2011-03-21 1845248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-03 980072]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívne - RSIT

#45 Příspěvek od vyosek »

:arrow: Bohuzel nezabralo a OTM tam uz jaksi poustet nechci :?:

:arrow: Otevrete si poznamkovy blok
  • Start->spustit->notepad
  • Vlozte text nize

  • Kód: Vybrat vše

    @echo off
del "C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000Core.job"
del "C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3021412433-211472960-2263810628-1000UA.job"
del "C:\Windows\system32\drivers\tfilukig.sys"
sc stop "NBService"
sc delete "NBService"
sc stop "tfilukig"
sc delete "tfilukig"
shutdown -r
  • Soubor ulozte jako del.bat
  • Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
  • Obrázek
  • Zavrit notepad a spustit dvojklikem del.bat
  • Okno jen problikne a provede mazani - soubor muzete smazat
:arrow: Mel by nasledovat restart, pak poprosim o novy RSIT
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“