VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Spomaleny pc na kratku dobu

https://forum.viry.cz:443/viewtopic.php?t=114434

Stránka 1 z 1

Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 01:00
od FromDaStreet
Dobry den potreboval by som pomoct trosku precistit pc ono asi cca kazdu hodinu mi z nicoho nic zacne pracovat HDD aj ked nic nerobim a ked napr hram hru tak vsetko zacne sekat a po 5-10 min je to ok ... pripisujem to najskor asi nejakej tejto havedi

Prikladam log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by kolik at 2011-08-13 01:51:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (42%) free of 89 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:52:03, on 13.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\kolik\Start Menu\Programs\Startup\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\DOCUME~1\kolik\LOCALS~1\Temp\wcyhbk.exe
C:\Program Files\BitTorrent\BitTorrent.exe
D:\antivir\RSIT.exe
C:\Program Files\trend micro\kolik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 3309 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\kolik\Application Data\Mozilla\Firefox\Profiles\pr5444hy.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, toolbar@ask.com:3.12.2.100006, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.9&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
nplv90win32.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\kolik\Application Data\Mozilla\Firefox\Profiles\pr5444hy.default\extensions\
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\kolik\Application Data\Mozilla\Firefox\Profiles\pr5444hy.default\searchplugins\
icqplugin.xml
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-03 172032]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-12-14 651264]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2010-11-03 2815592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\kolik\Start Menu\Programs\Startup
ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-03-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:ipsec"
"C:\Documents and Settings\kolik\Desktop\warcraft-panfazole\Warcraft III + FT + eurobattle.net + dota ( 4.2.2010 )\Warcraft III.exe"="C:\Documents and Settings\kolik\Desktop\warcraft-panfazole\Warcraft III + FT + eurobattle.net + dota ( 4.2.2010 )\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\stary disk\WARCRAFT 33333\w33\ warcraft\Warcraft III.exe"="D:\stary disk\WARCRAFT 33333\w33\ warcraft\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\kolik\Desktop\nub slozka\Ranked Gaming Client\rgc.exe"="C:\Documents and Settings\kolik\Desktop\nub slozka\Ranked Gaming Client\rgc.exe:*:Enabled:rgc"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\National Instruments\DIAdem 2010\DIAdem.exe"="C:\Program Files\National Instruments\DIAdem 2010\DIAdem.exe:*:Enabled:DIAdem 2010"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe"="C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe:*:Disabled:DataFinder"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\bfybt.exe"="F:\bfybt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winfqfy.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winfqfy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\dtsk.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\dtsk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ldje.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\ldje.exe:*:Enabled:ipsec"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winocjis.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winocjis.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\xllt.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\xllt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winkkgux.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winkkgux.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\nltv.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\nltv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\mbqp.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\mbqp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingptt.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\wingptt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wincocv.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\wincocv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\pqnd.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\pqnd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winerfqug.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winerfqug.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winubmfg.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winubmfg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\vttlx.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\vttlx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winhvwd.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winhvwd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winqtfe.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winqtfe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ymkha.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\ymkha.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winqnst.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winqnst.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\jmepoo.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\jmepoo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\xqkfd.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\xqkfd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\sqsmdh.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\sqsmdh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\mjtn.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\mjtn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\scwnqb.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\scwnqb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winokno.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winokno.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\plgp.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\plgp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winbmrie.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winbmrie.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\jqtqm.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\jqtqm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winpfpw.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winpfpw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winmrwdf.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winmrwdf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winxnclvj.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winxnclvj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winttqgxu.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winttqgxu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winbpss.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winbpss.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingnjvf.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\wingnjvf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\kopor.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\kopor.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winyobm.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winyobm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\emwlcm.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\emwlcm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingrmwtf.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\wingrmwtf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ksvrxg.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\ksvrxg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\hmuoh.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\hmuoh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winqkonof.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winqkonof.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingmhiby.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\wingmhiby.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winrnsskv.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winrnsskv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winhxja.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winhxja.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\yinxo.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\yinxo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winqcvoa.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winqcvoa.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\bngl.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\bngl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingrguur.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\wingrguur.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winixstky.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winixstky.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\nkvhci.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\nkvhci.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winkqlqr.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winkqlqr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\vvpve.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\vvpve.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\pltw.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\pltw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\tycv.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\tycv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ngvjo.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\ngvjo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\xdvhsk.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\xdvhsk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winuixxu.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winuixxu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\euxb.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\euxb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winkpoi.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winkpoi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\csli.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\csli.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winmxxoty.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winmxxoty.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winhcrckh.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winhcrckh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winehru.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winehru.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winvefl.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winvefl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ndpcbf.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\ndpcbf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winivyyi.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winivyyi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\rkyye.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\rkyye.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ltate.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\ltate.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winxota.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winxota.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winxhrd.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winxhrd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\asuu.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\asuu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winhaigq.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winhaigq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\fndsk.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\fndsk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winatmox.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winatmox.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winbcjij.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winbcjij.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\windaidp.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\windaidp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingwxqb.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\wingwxqb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ogosg.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\ogosg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winjndkc.exe"="C:\DOCUME~1\kolik\LOCALS~1\Temp\winjndkc.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.XVID"=xvidvfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-08-13 01:51:06 ----D---- C:\rsit
2011-08-13 01:51:06 ----D---- C:\Program Files\trend micro
2011-08-13 01:15:27 ----D---- C:\WINDOWS\system32\NtmsData
2011-08-13 00:36:00 ----D---- C:\WINDOWS\SxsCaPendDel
2011-08-13 00:29:36 ----SHD---- C:\Config.Msi
2011-08-13 00:23:22 ----D---- C:\WINDOWS\system32\appmgmt
2011-08-13 00:22:04 ----A---- C:\WINDOWS\Eurobattle.net Uninstall Log.txt

======List of files/folders modified in the last 1 month======

2011-08-13 01:51:58 ----D---- C:\Documents and Settings\kolik\Application Data\BitTorrent
2011-08-13 01:51:13 ----D---- C:\WINDOWS\Prefetch
2011-08-13 01:51:06 ----RD---- C:\Program Files
2011-08-13 01:15:27 ----D---- C:\WINDOWS\system32
2011-08-13 00:45:46 ----D---- C:\WINDOWS\system32\drivers
2011-08-13 00:44:31 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-13 00:43:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-13 00:37:02 ----SHD---- C:\WINDOWS\Installer
2011-08-13 00:37:02 ----D---- C:\Program Files\Common Files
2011-08-13 00:36:46 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-13 00:36:18 ----RSD---- C:\WINDOWS\assembly
2011-08-13 00:36:16 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2011-08-13 00:36:01 ----D---- C:\WINDOWS\WinSxS
2011-08-13 00:36:00 ----D---- C:\WINDOWS
2011-08-13 00:35:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-08-13 00:25:11 ----SD---- C:\WINDOWS\Tasks
2011-08-13 00:24:24 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-13 00:24:24 ----D---- C:\Program Files\Ubi Soft
2011-08-13 00:23:51 ----D---- C:\Program Files\Mozilla Firefox
2011-08-13 00:23:35 ----D---- C:\Documents and Settings\kolik\Application Data\Skype
2011-08-13 00:22:08 ----D---- C:\Program Files\Warcraft III
2011-08-12 22:28:14 ----D---- C:\Program Files\Opera
2011-08-12 13:52:05 ----D---- C:\Program Files\Heroes of Newerth
2011-08-06 09:11:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2003-10-28 20016]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2002-03-11 436792]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2008-04-07 4096]
R3 amsint32;amsint32; \??\C:\WINDOWS\system32\drivers\pkhqn.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-03-03 4630016]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-11-30 6261352]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 at6saa36;at6saa36; C:\WINDOWS\system32\drivers\at6saa36.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\kolik\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-03-03 602112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2009-09-29 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2010-03-10 43056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2010-03-10 53808]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2010-03-10 358448]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2009-10-20 13896]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 135456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2009-09-18 1077248]

-----------------EOF-----------------

Re: Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 07:12
od chodnik74
Dobrý den :welcome:


:arrow: Otevřeme si Poznámkový blok Obrázek
  • (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
  • Vložíme do něj následující script:

    Kód: Vybrat vše

    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winfqfy.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\dtsk.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ldje.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winocjis.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\xllt.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winkkgux.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\nltv.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\mbqp.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingptt.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wincocv.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\pqnd.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winerfqug.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winubmfg.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\vttlx.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winhvwd.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winqtfe.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ymkha.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winqnst.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\jmepoo.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\xqkfd.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\sqsmdh.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\mjtn.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\scwnqb.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winokno.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\plgp.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winbmrie.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\jqtqm.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winpfpw.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winmrwdf.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winxnclvj.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winttqgxu.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winbpss.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingnjvf.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\kopor.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winyobm.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\emwlcm.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingrmwtf.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ksvrxg.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\hmuoh.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winqkonof.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingmhiby.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winrnsskv.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winhxja.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\yinxo.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winqcvoa.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\bngl.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingrguur.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winixstky.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\nkvhci.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winkqlqr.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\vvpve.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\pltw.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\tycv.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ngvjo.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\xdvhsk.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winuixxu.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\euxb.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winkpoi.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\csli.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winmxxoty.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winhcrckh.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winehru.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winvefl.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ndpcbf.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winivyyi.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\rkyye.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ltate.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winxota.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winxhrd.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\asuu.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winhaigq.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\fndsk.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winatmox.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winbcjij.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\windaidp.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\wingwxqb.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\ogosg.exe"=-
"C:\DOCUME~1\kolik\LOCALS~1\Temp\winjndkc.exe"=-
  • Soubor uložíme jako oprava.reg (při ukládání nastavte Uložit jako typ:Všechny soubory)
  • Poté tento soubor spustíme a potvrdíme :)
Údržba PC:

1)Čištění dočasných složek + neplatné registry
:arrow: ObrázekCcleaner
  • Stáhneme a nainstalujeme program
  • Spustíme program
  • ČISTIČ
    Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
    Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
    >Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
  • Registry
    >Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
    >Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
    >opakujte dokud nebude registr bez problémů
  • Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)
2)Defragmentace disku
:arrow: ObrázekDefraggler
  • Stáhneme a nainstalujeme program
  • Spustíme program
  • Vybereme disk ( C:,D:..prostě který používáme)
  • Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
  • Proveďte se všemi používanými disky
  • Provádíme 1x za měsíc
3)Aktualizace programů
:arrow: ObrázekFileHippo.com Update Checker
  • Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
  • Spustíme program
  • Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
  • Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
    >X Updates Detected..to jsou dostupné aktualizace..
    > klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
    > :!: X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní :)
  • Provádíme 1x za 14 dní nebo jednou za měsíc

:arrow: Obrázek TFC
  • Stáhneme a spustíme program
  • Klikneme na Start a potvrdíme OK
  • Program začne uklízet,poté restartuje pc
  • po použití program smažte

Mrkneme na havěť :)

:arrow: Malwarebytes' Anti-Malware Obrázek
  • Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
  • Vybereme Úplná kontrola a klikneme na tlačítko ProhledatObrázek
  • Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
  • Objeví se vám log,který mi sem vložte
  • NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci :twisted:

Re: Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 10:35
od FromDaStreet
Zdravim urobil som setko podla vasho navodu prikladam log z MBAMu

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7454

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13.8.2011 11:35:16
mbam-log-2011-08-13 (11-35-04).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 216051
Uplynutý čas: 26 min, 44 sek

Infikované služby pamäte: 1
Infikované moduly pamäte: 0
Infikované registračné kľúče: 3
Infikované registračné hodnoty: 2
Infikované položky registračných dát: 3
Infikované priečinky: 0
Infikované súbory: 109

Infikované služby pamäte:
c:\documents and settings\kolik\start menu\Programs\Startup\ctfmon.exe (Trojan.VB) -> 416 -> No action taken.

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

Infikované registračné hodnoty:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Palevo) -> Value: Shell -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> No action taken.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\documents and settings\kolik\start menu\Programs\Startup\ctfmon.exe (Trojan.VB) -> No action taken.
c:\akokc.pif (Malware.Packer.Gen) -> No action taken.
c:\Recycled\Recycled\ctfmon.exe (Trojan.VB) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP150\A0095332.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP150\A0095424.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP150\A0096259.exe (Trojan.VB) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP151\A0096310.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP151\A0096402.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP151\A0097231.exe (Trojan.VB) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP151\A0097334.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP152\A0097858.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP152\A0098212.exe (Trojan.VB) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP153\A0098249.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP154\A0098314.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP154\A0098398.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP154\A0099248.exe (Trojan.VB) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP155\A0099375.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP155\A0099466.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP168\A0102847.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP168\A0102872.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP168\A0104716.pif (Malware.Packer.Gen) -> No action taken.
c:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP168\A0104796.pif (Malware.Packer.Gen) -> No action taken.
d:\Recycled\ctfmon.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{64a6b84d-bbe8-49bf-a333-c2f1dbdde022}\RP174\A0090876.exe (Trojan.Dropper) -> No action taken.
d:\system volume information\_restore{64a6b84d-bbe8-49bf-a333-c2f1dbdde022}\RP174\A0092281.exe (Trojan.Dropper.PGen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199878.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199896.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199914.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199865.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199866.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199867.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199868.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199869.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199870.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199871.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199872.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199873.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199874.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199875.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199876.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199877.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199879.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199880.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199881.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199882.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199883.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199884.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199885.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199886.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199887.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199888.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199889.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199890.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199891.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199892.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199893.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199894.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199895.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199897.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199898.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199899.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199900.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199901.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199902.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199903.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199904.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199905.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199906.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199907.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199908.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199909.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199910.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199911.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199912.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199913.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199915.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199916.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199917.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199918.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199919.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199920.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199921.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199922.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199923.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199924.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199925.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199926.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199927.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199928.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199929.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{df86dcac-3c93-4588-a8e3-9bb7c30e0b8b}\RP25\A0199930.exe (Trojan.Refroso.Gen) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP150\A0095308.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP150\A0095374.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP151\A0096286.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP151\A0096346.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP151\A0097279.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP152\A0097834.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP153\A0098272.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP154\A0098291.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP154\A0098347.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP155\A0099349.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP155\A0099409.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP168\A0101059.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP168\A0102869.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP168\A0104713.exe (Trojan.VB) -> No action taken.
d:\system volume information\_restore{e2788bf9-2253-4c08-ae8b-2d99600ce501}\RP168\A0104793.exe (Trojan.VB) -> No action taken.
c:\documents and settings\kolik\ydwzro.exe (Worm.Palevo) -> No action taken.
c:\documents and settings\kolik\cbzvl.exe (Worm.Palevo) -> No action taken.
c:\documents and settings\kolik\aegvvp.exe (Trojan.Agent) -> No action taken.

Re: Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 10:51
od dex73r
nechcem sa vám do toho nejak miešať ale to sa mi nezdá ako falošné upozornenie.. máš tam dosť trojanov, zrejme ak to neodstraniš tak sa ti rozšíria dalej.

Re: Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 10:55
od chodnik74
Nalazené položky odstraňte :) a vyčistěte system volume information dle návodu zde:http://www.viry.cz/forum/viewtopic.php?f=11&t=6701

poté restart pc a nový sken MBAM :)

Re: Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 10:56
od FromDaStreet
;) sak ja si tiez myslim ale aj tak pockam si na niekoho kto sa tomu rozumie ;) no offesne

Re: Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 10:58
od chodnik74
Udělejte co jsem psal :) nebojte,my se toho zbavíme ;-)

Re: Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 11:26
od FromDaStreet
prepac chodnik ten moj posledny prispevok nebol tebe ale to som reagoval ako na dextera ...
tu prikladam novy log

Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org

Verzia databázy: 7454

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13.8.2011 12:22:16
mbam-log-2011-08-13 (12-22-12).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 206274
Uplynutý čas: 14 min, 30 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 2
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 3
Infikované priečinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\akokc.pif (Malware.Packer.Gen) -> No action taken.

Ale od toho ako som dal prvy krat precistit pc tym MBAMom tak som postrehol taku vec ze ked sa chcem dostat cez Tento pocitacat na nejaky disk tak mi urobi toto
http://tinypic.com/r/28wgw20/7 ale ked kliknem na disk pravyym tlacitkom a dam preskumat tak to normalne ide


/Edit2 obrazok prilozeny

Re: Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 12:11
od chodnik74
Nalezené položky MBAM smazat :)


Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
  • :arrow: Stáhneme si Combofix Obrázek
  • Program uložíme nejlépe na Plochu
  • Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
  • Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
  • Spustíme Combofix.exe s administrátorským oprávněním
    U Windows XP se přihlásíme pod účtem správce
    Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
  • Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
  • Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
  • Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
  • Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
  • Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
  • (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

Re: Spomaleny pc na kratku dobu

Napsal: 13 srp 2011 14:54
od FromDaStreet
Log z combofixu

ComboFix 11-08-13.02 - kolik 13.08.2011 15:46:36.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1441 [GMT 2:00]
Running from: c:\documents and settings\kolik\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\akokc.pif
C:\autorun.inf
c:\recycled\Recycled
c:\windows\iun6002.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 10:40 . 2011-08-13 10:41 -------- d-----w- c:\program files\wincmd
2011-08-13 10:40 . 2002-01-21 03:00 545 ----a-w- c:\windows\UC.PIF
2011-08-13 10:40 . 2002-01-21 03:00 545 ----a-w- c:\windows\RAR.PIF
2011-08-13 10:40 . 2002-01-21 03:00 545 ----a-w- c:\windows\PKZIP.PIF
2011-08-13 10:40 . 2002-01-21 03:00 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-08-13 10:40 . 2002-01-21 03:00 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-08-13 10:40 . 2002-01-21 03:00 545 ----a-w- c:\windows\LHA.PIF
2011-08-13 10:40 . 2002-01-21 03:00 545 ----a-w- c:\windows\ARJ.PIF
2011-08-13 09:05 . 2011-08-13 09:05 -------- d-----w- c:\documents and settings\kolik\Application Data\Malwarebytes
2011-08-13 09:04 . 2011-08-13 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-13 09:04 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 09:04 . 2011-08-13 09:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-13 09:04 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 08:56 . 2011-08-13 08:56 -------- d-----w- c:\program files\FileHippo.com
2011-08-13 07:35 . 2011-08-13 07:35 -------- d-----w- c:\program files\Defraggler
2011-08-13 07:27 . 2011-08-13 07:27 -------- d-----w- c:\program files\CCleaner
2011-08-12 23:51 . 2011-08-12 23:52 -------- d-----w- C:\rsit
2011-08-12 23:51 . 2011-08-12 23:52 -------- d-----w- c:\program files\trend micro
2011-08-12 23:15 . 2011-08-12 23:15 -------- d-----w- c:\windows\system32\NtmsData
2011-08-12 22:36 . 2011-08-12 22:44 -------- d-----w- c:\windows\SxsCaPendDel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 12:43 . 2010-05-25 12:43 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 05:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2004-08-03 22:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 1999-03-08 01:00 . CE0155405EA902797E88B92A78443AEB . 164112 . . [5.0.4275] . . c:\windows\system32\olepro32.dll
.
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 172032]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 651264]
"AlcWzrd"="ALCWZRD.EXE" [2010-11-03 2815592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\National Instruments\\DIAdem 2010\\DIAdem.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\National Instruments\\Shared\\DataFinderDesktop\\bin\\DataFinder.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\AxAutoMntSrv.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\WINDOWS\\system32\\IPCONFIG.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58078:TCP"= 58078:TCP:Pando Media Booster
"58078:UDP"= 58078:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.3.2002 2:57 436792]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.8.2011 11:04 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.8.2011 11:04 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 15:16 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2002 4:57 1691480]
S3 cpuz130;cpuz130;\??\c:\docume~1\kolik\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\kolik\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13.8.2011 11:04 41272]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 15:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AMSINT32
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.3.20
FF - ProfilePath - c:\documents and settings\kolik\Application Data\Mozilla\Firefox\Profiles\pr5444hy.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 15:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3596)
c:\windows\system32\msi.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\lkcitdl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2011-08-13 15:52:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-13 13:52
.
Pre-Run: 49 120 104 448 bytes free
Post-Run: 48 958 160 896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E1D28C7B2FC7394BAB7A0557E2A62F34

Re: Spomaleny pc na kratku dobu

Napsal: 14 srp 2011 07:46
od chodnik74
:arrow: Stáhněte a přeinstalujte Visual Basic 6.0 SP5


:arrow: Otevřeme si Poznámkový blok Obrázek
  • (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
  • Vložíme do něj následující script:

    Kód: Vybrat vše

    
KillAll::

Folder::
c:\recycled\

Restore::
c:\windows\system32\olepro32.dll
c:\windows\ServicePackFiles\i386\iexplore.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"FirewallOverride"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"UacDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000

Firefox::
FF - ProfilePath - c:\documents and settings\kolik\Application Data\Mozilla\Firefox\Profiles\pr5444hy.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=

Reboot::
  • Soubor uložíme na Plochu jako CFScript.txt
  • Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme

    Obrázek
  • Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Re: Spomaleny pc na kratku dobu

Napsal: 14 srp 2011 12:00
od FromDaStreet
Urobil som presne jak si to napisal a ked CFScript.txt "polozim" na tu ikonku Combofixu vyhodi mi takyto error http://i56.tinypic.com/160poqb.jpg

Re: Spomaleny pc na kratku dobu

Napsal: 15 srp 2011 08:28
od chodnik74
Zkuste spustit Combofix se scriptem v nouzovém režimu (při startu pc mačkejte F8) :)

Re: Spomaleny pc na kratku dobu

Napsal: 15 srp 2011 16:44
od FromDaStreet
hmm zaujimave ked chcem ist do nuzduveho rezimu tak mi vypise ze loaduje momentalne nejaky subor a zrazu hned restart pc a tak dookola ... restartne to tak rychlo ze ani nedokazem precitat jaky subor loaduje momentalne ....

Re: Spomaleny pc na kratku dobu

Napsal: 15 srp 2011 18:14
od chodnik74
Vyzkoušejte AVPTool a vložte sem log :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz