Pomalé vypínání PC

Zpráva

Stick · #1 Příspěvek od **Stick** » 23 říj 2011 09:32

Prosím o kontrolu, při vypínání systému mi strašně dlouho zabere obrazovka Ukládání nastavení

Logfile of random's system information tool 1.09 (written by random/random)
Run by JP at 2011-10-23 10:30:16
Systém Microsoft Windows XP Professional Service Pack 3
System drive F: has 90 GB (38%) free of 238 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:21, on 23.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\A4Tech\Mouse\Amoumain.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Process Lasso\processgovernor.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\WINDOWS\system32\oodag.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
F:\Program Files\Avira\AntiVir Desktop\avshadow.exe
F:\Documents and Settings\JP\Plocha\Jiřin\RSIT.exe
F:\Program Files\trend micro\JP.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WheelMouse] F:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ProcessGovernor] "F:\Program Files\Process Lasso\processgovernor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [searching] Search from the Address bar
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7282868859
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WDDMService - WDC - F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 6751 bytes

=========Mozilla firefox=========

ProfilePath - F:\Documents and Settings\JP\Data aplikací\Mozilla\Firefox\Profiles\k3wdxs7c.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://www.gisly.com/search/?ie=UTF-8&o ... l5HyC4f&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=f:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=F:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=f:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=F:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=F:\Program Files\Veetle\Player\npvlc.dll

F:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

F:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
GooglePlusVideosXPCOM.dll
IGooglePlusVideosXPCOM.xpt
ISiteVacuumXPCOM.xpt
SiteVacuumXPCOM.dll

F:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll

F:\Program Files\Mozilla Firefox\searchplugins\
google-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

F:\Documents and Settings\JP\Data aplikací\Mozilla\Firefox\Profiles\k3wdxs7c.default\searchplugins\
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{0508F8F1-08E3-43EE-AAA8-09AD09803084}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=F:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"WheelMouse"=F:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-02-17 163840]
"RTHDCPL"=F:\WINDOWS\RTHDCPL.EXE [2009-03-24 17567744]
"ProcessGovernor"=F:\Program Files\Process Lasso\processgovernor.exe [2011-05-31 323600]
"SunJavaUpdateSched"=F:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"StartCCC"=F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 98304]
"avgnt"=F:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-10-11 258512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessLassoManagementConsole]
F:\Program Files\Process Lasso\processlasso.exe [2011-05-31 576528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
F:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe [2004-06-08 69721]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
F:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE [2011-03-09 3986944]

F:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
F:\WINDOWS\system32\Ati2evxx.dll [2011-07-28 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
F:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Strong\StrongDC.exe"="F:\Strong\StrongDC.exe:*:Enabled:StrongDC"
"F:\WINDOWS\system32\PnkBstrA.exe"="F:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"F:\WINDOWS\system32\PnkBstrB.exe"="F:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"F:\Program Files\ICQ6\ICQ.exe"="F:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"F:\Program Files\uTorrent\uTorrent.exe"="F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"F:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="F:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"F:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="F:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"F:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="F:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"F:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe"="F:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"F:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="F:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"F:\Program Files\Steam\Steam.exe"="F:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"F:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="F:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"F:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe"="F:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
"F:\Program Files\DreamCatcher\Painkiller Overdose\Bin\Overdose.exe"="F:\Program Files\DreamCatcher\Painkiller Overdose\Bin\Overdose.exe:*:Enabled:Painkiller Overdose"
"F:\Program Files\DreamCatcher\Painkiller Overdose\Bin\OverdoseEditor.exe"="F:\Program Files\DreamCatcher\Painkiller Overdose\Bin\OverdoseEditor.exe:*:Enabled:Painkiller Overdose Editor"
"F:\Program Files\DreamCatcher\Painkiller Overdose\Bin\OverdoseServer.exe"="F:\Program Files\DreamCatcher\Painkiller Overdose\Bin\OverdoseServer.exe:*:Enabled:Painkiller Overdose Console Server"
"F:\Program Files\ICQ7.1\ICQ.exe"="F:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"F:\Program Files\Steam\steamapps\jirin13\day of defeat source\hl2.exe"="F:\Program Files\Steam\steamapps\jirin13\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source"
"F:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="F:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"F:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe"="F:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404"
"F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe"="F:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:ANNO 1404 Web"
"F:\Program Files\theHunter\launcher\launcher.exe"="F:\Program Files\theHunter\launcher\launcher.exe:*:Enabled:theHunter Launcher"
"F:\Program Files\Aspyr\Guitar Hero III\gh3.exe"="F:\Program Files\Aspyr\Guitar Hero III\gh3.exe:*:Enabled:Guitar Hero III"
"F:\Program Files\World_of_Tanks_closed_Beta\WOTLauncher.exe"="F:\Program Files\World_of_Tanks_closed_Beta\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"F:\Program Files\EA SPORTS\FIFA 11\Game\fifa.exe"="F:\Program Files\EA SPORTS\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11"
"F:\Program Files\World_of_Tanks\WOTLauncher.exe"="F:\Program Files\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"F:\Program Files\World_of_Tanks\WorldOfTanks.exe"="F:\Program Files\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"F:\Program Files\Miranda IM\miranda32.exe"="F:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"F:\Program Files\Soulseek\slsk.exe"="F:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"F:\Program Files\Winamp\winamp.exe"="F:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"F:\Program Files\ICQ7.5\ICQ.exe"="F:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"F:\Program Files\Steam\steamapps\jirin13\team fortress 2\hl2.exe"="F:\Program Files\Steam\steamapps\jirin13\team fortress 2\hl2.exe:*:Enabled:hl2"
"F:\Program Files\Mozilla Firefox\plugin-container.exe"="F:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"F:\Program Files\Proun\Proun.exe"="F:\Program Files\Proun\Proun.exe:*:Enabled:Proun"
"F:\Program Files\Steam\steamapps\common\flight_control_hd\flightControl_win32.exe"="F:\Program Files\Steam\steamapps\common\flight_control_hd\flightControl_win32.exe:*:Enabled:Flight Control HD"
"F:\Program Files\Valve\Portal 2\portal2.exe"="F:\Program Files\Valve\Portal 2\portal2.exe:*:Enabled:portal2"
"F:\Program Files\Codemasters\DiRT 3\dirt3_game.exe"="F:\Program Files\Codemasters\DiRT 3\dirt3_game.exe:*:Enabled:DiRT 3"
"F:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="F:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"F:\Program Files\Steam\steamapps\common\chime\Chime.exe"="F:\Program Files\Steam\steamapps\common\chime\Chime.exe:*:Enabled:Chime"
"F:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe"="F:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf Demo"
"F:\Program Files\Steam\steamapps\common\beat hazard\BeatHazard.exe"="F:\Program Files\Steam\steamapps\common\beat hazard\BeatHazard.exe:*:Enabled:Beat Hazard"
"F:\Program Files\Steam\steamapps\common\beat hazard\runme.exe"="F:\Program Files\Steam\steamapps\common\beat hazard\runme.exe:*:Enabled:Beat Hazard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"F:\Program Files\ICQ7.1\ICQ.exe"="F:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"F:\Program Files\ICQ7.5\ICQ.exe"="F:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=F:\WINDOWS\system32\iac25_32.ax
"msacm.l3acm"=F:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.clmp3enc"=F:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.wmv3"=wmv9vcm.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=F:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=F:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-10-18 15:30:02 ----D---- F:\Documents and Settings\JP\Data aplikací\Avira
2011-10-18 15:29:18 ----A---- F:\WINDOWS\system32\drivers\ssmdrv.sys
2011-10-18 15:29:14 ----A---- F:\WINDOWS\system32\drivers\avkmgr.sys
2011-10-18 15:29:13 ----A---- F:\WINDOWS\system32\drivers\avipbb.sys
2011-10-18 15:29:13 ----A---- F:\WINDOWS\system32\drivers\avgntflt.sys
2011-10-18 15:28:46 ----D---- F:\Program Files\Avira
2011-10-18 15:28:46 ----D---- F:\Documents and Settings\All Users\Data aplikací\Avira
2011-10-16 21:22:15 ----R---- F:\WINDOWS\IGLobbyReg.exe
2011-10-16 21:20:08 ----D---- F:\Program Files\Pyro Studios
2011-10-16 16:37:29 ----A---- F:\WINDOWS\iun6002.exe
2011-10-14 15:12:19 ----HDC---- F:\WINDOWS\$NtUninstallKB2564958$
2011-10-14 15:06:51 ----HDC---- F:\WINDOWS\$NtUninstallKB2567053$
2011-10-14 15:06:40 ----HDC---- F:\WINDOWS\$NtUninstallKB2592799$
2011-09-29 22:09:55 ----A---- F:\WINDOWS\hpbvspst.ini
2011-09-25 10:09:23 ----D---- F:\Documents and Settings\JP\Data aplikací\LegacyInteractive
2011-09-25 10:07:51 ----D---- F:\Program Files\Games

======List of files/folders modified in the last 1 month======

2011-10-23 10:30:19 ----D---- F:\Program Files\trend micro
2011-10-23 10:30:18 ----D---- F:\WINDOWS\Temp
2011-10-23 10:28:16 ----D---- F:\WINDOWS\Prefetch
2011-10-23 10:28:14 ----D---- F:\WINDOWS\security
2011-10-23 10:23:02 ----D---- F:\WINDOWS\pss
2011-10-23 10:20:29 ----D---- F:\WINDOWS\system32\CatRoot2
2011-10-22 23:57:12 ----A---- F:\WINDOWS\SchedLgU.Txt
2011-10-22 23:18:25 ----D---- F:\Torrents
2011-10-22 20:58:20 ----D---- F:\Documents and Settings\JP\Data aplikací\ICQ
2011-10-22 17:41:04 ----SHD---- F:\WINDOWS\Installer
2011-10-22 17:40:34 ----D---- F:\WINDOWS\system32
2011-10-22 17:40:27 ----D---- F:\Program Files\Java
2011-10-21 22:16:52 ----D---- F:\Documents and Settings\JP\Data aplikací\Winamp
2011-10-21 20:48:15 ----SHD---- F:\System Volume Information
2011-10-21 20:44:09 ----D---- F:\WINDOWS\system32\NtmsData
2011-10-21 20:19:58 ----D---- F:\WINDOWS\Registration
2011-10-21 20:17:27 ----D---- F:\WINDOWS
2011-10-21 20:00:46 ----D---- F:\WINDOWS\system32\Restore
2011-10-21 19:58:10 ----D---- F:\WINDOWS\Debug
2011-10-21 19:54:15 ----A---- F:\WINDOWS\NeroDigital.ini
2011-10-21 19:52:29 ----D---- F:\WINDOWS\system32\config
2011-10-19 20:29:03 ----D---- F:\Program Files\Steam
2011-10-18 15:29:18 ----D---- F:\WINDOWS\system32\drivers
2011-10-18 15:28:46 ----RD---- F:\Program Files
2011-10-16 21:20:13 ----HD---- F:\Program Files\InstallShield Installation Information
2011-10-16 16:50:56 ----D---- F:\Program Files\World_of_Tanks
2011-10-16 10:44:33 ----D---- F:\Documents and Settings\JP\Data aplikací\uTorrent
2011-10-15 22:44:54 ----D---- F:\Program Files\SpeedFan
2011-10-15 10:43:23 ----RSHDC---- F:\WINDOWS\system32\dllcache
2011-10-14 15:19:08 ----RSD---- F:\WINDOWS\assembly
2011-10-14 15:19:08 ----D---- F:\WINDOWS\Microsoft.NET
2011-10-14 15:12:23 ----HD---- F:\WINDOWS\inf
2011-10-14 15:12:02 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2011-10-14 15:11:47 ----D---- F:\WINDOWS\WinSxS
2011-10-14 15:07:06 ----A---- F:\WINDOWS\system32\MRT.exe
2011-10-14 15:06:38 ----HD---- F:\WINDOWS\$hf_mig$
2011-10-14 15:06:22 ----D---- F:\Program Files\Internet Explorer
2011-10-14 15:06:12 ----D---- F:\WINDOWS\ie8updates
2011-10-03 10:31:24 ----A---- F:\WINDOWS\system32\mshtml.dll
2011-09-30 20:22:29 ----D---- F:\Program Files\Mozilla Firefox
2011-09-29 22:10:23 ----A---- F:\WINDOWS\hpdj3740.ini
2011-09-26 11:41:42 ----A---- F:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 11:41:42 ----A---- F:\WINDOWS\system32\oleaccrc.dll
2011-09-26 11:41:20 ----A---- F:\WINDOWS\system32\oleacc.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; F:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 PxHelp20;PxHelp20; F:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); F:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); F:\WINDOWS\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); F:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); F:\WINDOWS\System32\drivers\sfvfs02.sys [2005-05-16 66560]
R0 speedfan;speedfan; F:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; F:\WINDOWS\System32\Drivers\sptd.sys [2009-08-24 643072]
R0 uagp35;Filtr Microsoft AGPv3.5; F:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 videX32;videX32; F:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Amfilter;A4Tech Mouse Filter Driver; F:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-01-11 8704]
R1 avipbb;avipbb; F:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-10-11 134344]
R1 avkmgr;avkmgr; F:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
R1 intelppm;Řadič procesoru Intel; F:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; F:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; F:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 acedrv11;acedrv11; \??\F:\WINDOWS\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; F:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-08-12 281760]
R2 avgntflt;avgntflt; F:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-10-11 74640]
R2 lirsgt;lirsgt; F:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-08-12 25888]
R2 MICOMPar;MICOMPar; F:\WINDOWS\system32\drivers\MICOMPar.sys [2008-01-03 13488]
R3 ati2mtag;ati2mtag; F:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-07-29 7084544]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; F:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; F:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); F:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-24 5056000]
R3 mouhid;Ovladač myši standardu HID; F:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-23 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; F:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vaxscsi;vaxscsi; F:\WINDOWS\System32\Drivers\vaxscsi.sys [2009-08-24 223128]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; F:\WINDOWS\system32\drivers\WmBEnum.sys [2004-05-13 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; F:\WINDOWS\system32\drivers\WmXlCore.sys [2004-05-13 44384]
S1 ATITool;ATITool Overclocking Utility; F:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); F:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; F:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Ambfilt;Ambfilt; F:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; F:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-05-09 13312]
S3 catchme;catchme; \??\F:\DOCUME~1\JIPNEK~1\LOCALS~1\Temp\catchme.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\F:\Program Files\MediaCoder\SysInfo.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; F:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 hamachi;Hamachi Network Interface; F:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-25 25280]
S3 Monfilt;Monfilt; F:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 NRKCTL32;NRKCTL32; \??\F:\Documents and Settings\JP\Plocha\Jiřin\NRKCTL32.SYS []
S3 pcouffin;VSO Software pcouffin; F:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-13 47360]
S3 usbprint;Třída USB Printer; F:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; F:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S3 WmFilter;Logitech WingMan HID Filter Driver; F:\WINDOWS\system32\drivers\WmFilter.sys [2004-05-13 21440]
S3 WmHidLo;Logitech WingMan USB Filter Driver; F:\WINDOWS\system32\drivers\WmHidLo.sys [2004-05-13 14720]
S3 WmVirHid;Logitech Virtual Hid Device Driver; F:\WINDOWS\system32\drivers\WmVirHid.sys [2004-05-13 5600]
S3 WpdUsb;WpdUsb; F:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Realtime Protection; F:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-10-11 110032]
R2 AntiVirSchedulerService;Avira Scheduler; F:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
R2 Ati HotKey Poller;Ati HotKey Poller; F:\WINDOWS\system32\Ati2evxx.exe [2011-07-28 643072]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; F:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 O&O Defrag;O&O Defrag; F:\WINDOWS\system32\oodag.exe [2007-01-12 707344]
R2 PnkBstrA;PnkBstrA; F:\WINDOWS\system32\PnkBstrA.exe [2010-01-29 75064]
R2 StarWindService;StarWind iSCSI Service; F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 WDDMService;WDDMService; F:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
R2 WDSC;WD File Management Shadow Engine; F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
R2 wlidsvc;Windows Live ID Sign-in Assistant; F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 WDFME;WD File Management Engine; F:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S3 aspnet_state;Stavová služba ASP.NET; F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; f:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; F:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; f:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **Roli** » 23 říj 2011 21:37

Zdravím, tohle fixni v HJT :

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE

HJT najdeš zde :

F:\Program Files\trend micro\JP.exe

Fix znamená že spustíš HJT Obrázek

jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

P.S. moc se mi nelíbí ten softík Process Lasso, sice má pomoci ale

Stick · #3 Příspěvek od **Stick** » 23 říj 2011 22:25

ten process lasso už tam mám déle kvůli softwaru od externího hdd a i s tim se mi pc vypínalo svižně

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 8007

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.10.2011 23:21:08
mbam-log-2011-10-23 (23-21-03).txt

Typ kontroly: Rychlý test
Testované objekty: 216106
Uplynulý čas: 5 minut, 44 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 6
Infikované složky: 4
Infikované soubory: 17

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\TypeLib\{FD90C192-481B-4A89-9FD7-CFA65709F541} (Adware.SuperSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0FDCF5F0-D211-4412-A6E3-DD4938E26E24} (Adware.SuperSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SiteVacuum (Adware.SuperSearch) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
f:\program files\easysearch (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\FFExt (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\FFExt\chrome (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\FFExt\chrome\content (Adware.SuperSearch) -> No action taken.

Infikované soubory:
f:\documents and settings\JP\data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
f:\documents and settings\JP\data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
f:\program files\internet explorer\sxs.dll (Trojan.Agent) -> No action taken.
f:\documents and settings\JP\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
f:\program files\easysearch\MFC42U.DLL (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\sitevacuumclient.bue (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\sitevacuumclient.tlb (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\sitevacuumlicense.txt (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\tskill.exe (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\uninst.exe (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\updatehelper.exe (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\what.is.sitevacuumclient.exe.txt (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\WSConfig.ini (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\FFExt\chrome.manifest (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\FFExt\install.rdf (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\FFExt\chrome\content\script-injector.js (Adware.SuperSearch) -> No action taken.
f:\program files\easysearch\FFExt\chrome\content\sitevacuum.xul (Adware.SuperSearch) -> No action taken.

#4 Příspěvek od **Roli** » 24 říj 2011 21:12

To co Mbam našel nech smazat.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

Stick · #5 Příspěvek od **Stick** » 24 říj 2011 21:47

ComboFix 11-10-24.04 - JP 24.10.2011 22:38:06.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1434 [GMT 2:00]
Spuštěný z: f:\documents and settings\JP\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee Anti-Virus a Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\documents and settings\JP\Data aplikací\Adobe\xl12.exe
f:\windows\ehome\medctrro.exe
f:\windows\help\tours\htmltour\unlock_playing.htm
f:\windows\IsUn0405.exe
f:\windows\iun6002.exe
f:\windows\pkunzip.pif
f:\windows\pkzip.pif
f:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-24 do 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-23 21:13 . 2010-11-29 15:42 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2011-10-23 21:13 . 2010-11-29 15:42 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2011-10-23 21:13 . 2011-10-23 21:13 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2011-10-18 13:30 . 2011-10-18 13:30 -------- d-----w- f:\documents and settings\JP\Data aplikací\Avira
2011-10-18 13:29 . 2011-10-11 13:00 36000 ----a-w- f:\windows\system32\drivers\avkmgr.sys
2011-10-18 13:29 . 2011-10-11 13:00 74640 ----a-w- f:\windows\system32\drivers\avgntflt.sys
2011-10-18 13:29 . 2011-10-11 13:00 134344 ----a-w- f:\windows\system32\drivers\avipbb.sys
2011-10-18 13:28 . 2011-10-18 13:28 -------- d-----w- f:\program files\Avira
2011-10-18 13:28 . 2011-10-18 13:28 -------- d-----w- f:\documents and settings\All Users\Data aplikací\Avira
2011-10-16 19:22 . 2006-11-06 12:26 40960 ------r- f:\windows\IGLobbyReg.exe
2011-10-16 19:20 . 2011-10-16 19:20 -------- d-----w- f:\program files\Pyro Studios
2011-09-25 08:09 . 2011-10-03 16:26 -------- d-----w- f:\documents and settings\JP\Data aplikací\LegacyInteractive
2011-09-25 08:07 . 2011-09-25 08:07 -------- d-----w- f:\program files\Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 21:28 . 2010-06-11 12:13 472808 ----a-w- f:\windows\system32\deployJava1.dll
2011-10-23 21:28 . 2008-05-29 12:39 73728 ----a-w- f:\windows\system32\javacpl.cpl
2011-10-17 13:55 . 2011-05-19 14:18 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- f:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-09-23 13:00 22528 ----a-w- f:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2002-09-23 13:00 220160 ----a-w- f:\windows\system32\oleacc.dll
2011-09-23 18:16 . 2008-05-28 15:01 445016 ----a-w- f:\windows\system32\wrap_oal.dll
2011-09-23 18:16 . 2008-05-28 15:01 109144 ----a-w- f:\windows\system32\OpenAL32.dll
2011-09-09 09:12 . 2004-08-17 15:49 602112 ----a-w- f:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2004-08-17 15:44 1858944 ----a-w- f:\windows\system32\win32k.sys
2011-08-22 23:41 . 2004-08-17 15:49 916480 ----a-w- f:\windows\system32\wininet.dll
2011-08-22 23:41 . 2004-08-17 15:49 1469440 ------w- f:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2004-08-17 15:49 43520 ----a-w- f:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2004-08-17 15:44 385024 ----a-w- f:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-03 23:14 138496 ----a-w- f:\windows\system32\drivers\afd.sys
2011-08-08 17:44 . 2011-09-23 18:16 809560 ----a-r- f:\windows\system32\tmp5D2.tmp
2011-08-08 17:44 . 2011-09-23 18:16 809560 ----a-r- f:\windows\system32\tmp5D1.tmp
2011-07-28 22:20 . 2006-11-22 03:25 7084544 ----a-w- f:\windows\system32\drivers\ati2mtag.sys
2011-07-28 22:17 . 2010-04-25 09:53 311296 ----a-w- f:\windows\system32\atiiiexx.dll
2011-07-28 22:01 . 2010-04-25 09:53 57344 ----a-w- f:\windows\system32\aticalrt.dll
2011-07-28 22:01 . 2010-04-25 09:53 53248 ----a-w- f:\windows\system32\aticalcl.dll
2011-07-28 21:57 . 2010-04-25 09:53 5697536 ----a-w- f:\windows\system32\aticaldd.dll
2011-07-28 21:40 . 2010-04-25 09:53 18440192 ----a-w- f:\windows\system32\atioglxx.dll
2011-07-28 21:34 . 2006-11-22 03:12 3973696 ----a-w- f:\windows\system32\ati3duag.dll
2011-07-28 21:32 . 2011-05-15 17:36 462848 ----a-w- f:\windows\system32\ATIDEMGX.dll
2011-07-28 21:31 . 2006-11-22 03:25 303104 ----a-w- f:\windows\system32\ati2dvag.dll
2011-07-28 21:27 . 2011-04-29 13:36 956160 ----a-w- f:\windows\system32\ativvamv.dll
2011-07-28 21:15 . 2006-11-22 03:08 3166208 ----a-w- f:\windows\system32\ativvaxx.dll
2011-07-28 21:14 . 2010-04-25 09:53 212992 ----a-w- f:\windows\system32\atipdlxx.dll
2011-07-28 21:13 . 2010-04-25 09:53 155648 ----a-w- f:\windows\system32\Oemdspif.dll
2011-07-28 21:13 . 2010-04-25 09:53 26112 ----a-w- f:\windows\system32\Ati2mdxx.exe
2011-07-28 21:13 . 2010-04-25 09:53 43520 ----a-w- f:\windows\system32\ati2edxx.dll
2011-07-28 21:13 . 2010-04-25 09:53 188416 ----a-w- f:\windows\system32\ati2evxx.dll
2011-07-28 21:12 . 2010-04-25 09:53 643072 ----a-w- f:\windows\system32\ati2evxx.exe
2011-07-28 21:10 . 2010-04-25 09:53 53248 ----a-w- f:\windows\system32\ATIDDC.DLL
2011-07-28 21:09 . 2010-04-25 09:53 151552 ----a-w- f:\windows\system32\atiapfxx.exe
2011-07-28 21:05 . 2010-04-25 09:53 704512 ----a-w- f:\windows\system32\atikvmag.dll
2011-07-28 21:01 . 2010-04-25 09:53 208896 ----a-w- f:\windows\system32\atiadlxx.dll
2011-07-28 21:00 . 2010-04-25 09:53 17408 ----a-w- f:\windows\system32\atitvo32.dll
2011-07-28 20:59 . 2010-04-25 09:53 507904 ----a-w- f:\windows\system32\atiok3x2.dll
2011-07-28 20:55 . 2006-11-22 02:51 876544 ----a-w- f:\windows\system32\ati2cqag.dll
2011-07-28 20:53 . 2010-04-25 09:53 64512 ----a-w- f:\windows\system32\atimpc32.dll
2011-07-28 20:53 . 2010-04-25 09:53 64512 ----a-w- f:\windows\system32\amdpcom32.dll
2011-07-28 20:53 . 2010-04-25 09:53 53248 ----a-w- f:\windows\system32\drivers\ati2erec.dll
2011-07-28 15:49 . 2011-07-28 15:49 53760 ----a-w- f:\windows\system32\OVDecode.dll
2011-07-28 15:48 . 2011-07-28 15:48 13555712 ----a-w- f:\windows\system32\amdocl.dll
2011-09-30 18:22 . 2011-03-22 18:48 134104 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll
2009-01-25 12:57 . 2009-01-25 12:57 28672 ----a-w- f:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- f:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2002-09-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . f:\windows\system32\dllcache\beep.sys
[7] 2002-09-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . f:\windows\system32\dllcache\cache\beep.sys
.
f:\windows\System32\drivers\beep.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="f:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"ProcessGovernor"="f:\program files\Process Lasso\processgovernor.exe" [2011-05-31 323600]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="f:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=f:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=f:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- f:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46 172032 ----a-w- f:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessLassoManagementConsole]
2011-05-31 13:55 576528 ----a-w- f:\program files\Process Lasso\ProcessLasso.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- f:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
2004-06-08 16:33 69721 ----a-w- f:\program files\CyberLink\PowerBackup\PBKScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Strong\\StrongDC.exe"=
"f:\\WINDOWS\\system32\\PnkBstrA.exe"=
"f:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"f:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"f:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"f:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"f:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"f:\\Program Files\\Steam\\Steam.exe"=
"f:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"f:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"f:\\Program Files\\theHunter\\launcher\\launcher.exe"=
"f:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"=
"f:\\Program Files\\EA SPORTS\\FIFA 11\\Game\\fifa.exe"=
"f:\\Program Files\\World_of_Tanks\\WOTLauncher.exe"=
"f:\\Program Files\\World_of_Tanks\\WorldOfTanks.exe"=
"f:\\Program Files\\Winamp\\winamp.exe"=
"f:\\Program Files\\ICQ7.5\\ICQ.exe"=
"f:\\Program Files\\Steam\\steamapps\\jirin13\\team fortress 2\\hl2.exe"=
"f:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\flight_control_hd\\flightControl_win32.exe"=
"f:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\chime\\Chime.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\runme.exe"=
.
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [7.6.2008 23:28 643072]
R1 avkmgr;avkmgr;f:\windows\system32\drivers\avkmgr.sys [18.10.2011 15:29 36000]
R2 acedrv11;acedrv11;f:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 AntiVirSchedulerService;Avira Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [18.10.2011 15:29 86224]
R2 MICOMPar;MICOMPar;f:\windows\system32\drivers\micompar.sys [3.1.2008 11:53 13488]
R2 WDDMService;WDDMService;f:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 11:07 238592]
R2 WDSC;WD File Management Shadow Engine;f:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 11:16 484352]
R3 vaxscsi;vaxscsi;f:\windows\system32\drivers\vaxscsi.sys [7.6.2008 23:30 223128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 WDFME;WD File Management Engine;f:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 11:18 1060864]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [29.3.2009 12:58 1684736]
S3 NRKCTL32;NRKCTL32;\??\f:\documents and settings\JP\Plocha\Jiřin\NRKCTL32.SYS --> f:\documents and settings\JP\Plocha\Jiřin\NRKCTL32.SYS [?]
S3 pcouffin;VSO Software pcouffin;f:\windows\system32\drivers\pcouffin.sys [13.7.2009 12:43 47360]
S3 WDC_SAM;WD SCSI Pass Thru driver;f:\windows\system32\drivers\wdcsam.sys [31.5.2011 16:15 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - f:\program files\ICQ7.5\ICQ.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - f:\documents and settings\JP\Data aplikací\Mozilla\Firefox\Profiles\k3wdxs7c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.gisly.com/search/?ie=UTF-8&oe=UTF-8 ... l5HyC4f&q=
FF - user.js: keyword.URL - hxxp://www.gisly.com/search/?ie=UTF-8&oe=UTF-8 ... l5HyC4f&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 22:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-115176313-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:cf,e8,eb,3c,e8,59,e6,dc,80,ca,02,4c,4d,f0,f9,75,5c,57,cc,d5,94,58,98,
6c,30,27,ba,d5,4e,ac,85,66,69,49,42,fb,2d,c5,26,b4,5b,3c,07,48,83,c0,a6,c0,\
"??"=hex:bc,26,1b,8f,69,aa,2d,c1,e3,4f,42,b7,9c,92,70,86
.
[HKEY_USERS\S-1-5-21-1417001333-115176313-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:8a,1d,70,f8,0e,d0,97,fc,61,d3,b9,78,88,59,ea,64,fb,18,20,d5,58,
65,30,5b,95,ad,a2,08,7c,f2,2e,8a,d9,38,87,9b,36,f3,34,25,c0,49,03,d4,a6,14,\
"rkeysecu"=hex:e4,f1,2d,3b,ff,5d,f5,01,8f,42,c6,50,a2,45,42,8b
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="99232513C20F00B8FB66C7C2C0603D14B55A1CAE66B55F089BF4381B60AA137CAC101ECFCD5B9EDC77A08FB415E0DAA65782A76304667F1784D054DE484BB35C6C518E4B3554005FDFF07043506FFE97904D12AF41066C745DCCBCB97C60F651EB4B6A49CC95EEFE18D39514279038D630EF59B8CEA11CE0817765F04821D78F33043ACE21A0898174EBBA8C01AFEBD978C31066902DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C8EDD5E5BE2F6E667FEBC9E127BECC74C86B5834DC0FBB4F42DC09D8931EB8D3C915DFE8D40B2975B79E02478DB1AB7DD9734D34CDD7BB4F5BB302877EA9D9F4B62FC4EED232105E1890E2AD5A4837109DA23BEBFD929C8DE216671759AFD6A61168A8F4B1E259F95F4872C1737B4EA34665ECFA1EA8491F0BA6FF2334C1087C86DE2C8302EE0A2E8809CDFC0A610991CA7C4888D58D16152385D9A881C18CAAF7E68F54A69BA7932C8206B789B3EA85F5ABA5E43029A408B9D43496FBD9EB52AAF8086EDF4DC46AE39E76B0D53A8F6049227B92A57A8E80BC13BD604F6F003ABC094DB120E34DEFC94CDF0EB1D001572377677C95E8D4C21D1600D8A22211E904012CED002F34DA070327EAA5D364D768317E9CE301E0D03CB5428662E04279793EAA8E734124E01B5778C7F0C83164084FDD40BF9F1034C84BC5C249B327461F395AABC9DC9D4E8248388483763A0E41FA1F0F2FC64B97724404EEF820A0DF6ED8A0655C7978488CBC14F04FC134EDB887FEB9E0F95F068258C999C0C2C2D4062C8E15DD33E37F21321B856929736824C16E74C98EA1B6359524A1F777C470C05CF59A173C3FA20B3920A873FB6A11A4968F7DB978C619162C563911725FD0EDFA77C16EC73916B3B8D8003617C11C4B07F27D29DE41E00399FDAB24F132A5C4FD84DD19E5AEF928C8DCB5967B7368B8CE56FDACD26E021291D9A631D78587004F04390764ABF3A5B1190BD577B765C34AB453FE4C2EC4AD2FD01A90C49C9298301C92F76595FEA3399E409C71FED0658640CF02DF33B34A808E030C03FF249259FBEB137E25F0EF12FD736E4BD6BBD7B281C070936F5FCF3047E44EED67C769667F5406405057448DAE66570B7EE1B739244B76EC8FDA54FBC94D86452C13BD9F3B6243CA04B51BB2D87DBBDADB19B6D42C4E1E42FE414AA84D081FB36D307C0E7BBCB91DC5E3A2838A0FEB5099D1F655B51850CB27490492FD5F92A4B77AAF6E933CBCD249FAD39910F5DD3734F692F8615C7136026494516B921749EA5DEF7A1C15AE9A32609F155A22429DC1C24726EABEF40862B50871506F675820ABB933D7DD0764D3A1026A09FA958F8885B29C327EDEC3A6519D18DB9215B8B0541EF6F71B0965859E90396"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
f:\windows\system32\Ati2evxx.dll
f:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-10-24 22:44:33
ComboFix-quarantined-files.txt 2011-10-24 20:44
.
Před spuštěním: Volných bajtů: 97 821 163 520
Po spuštění: Volných bajtů: 97 995 948 032
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A2322B103C1C8CD02F19476F62EF2D55

Stick · #6 Příspěvek od **Stick** » 24 říj 2011 21:51

nevím proč mi to psalo že mám zapnutý antivir McAfee, když už ho mám poměrně dlouhou dobu odinstalovaný a nahrazený Avirou

#7 Příspěvek od **Roli** » 24 říj 2011 23:13

Stick píše:nevím proč mi to psalo že mám zapnutý antivir McAfee, když už ho mám poměrně dlouhou dobu odinstalovaný a nahrazený Avirou

Aha a já si zrovna říkal kde se tam vzal.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
f:\windows\system32\tmp5D2.tmp
f:\windows\system32\tmp5D1.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-

FireFox::
FF - ProfilePath - f:\documents and settings\JP\Data aplikací\Mozilla\Firefox\Profiles\k3wdxs7c.default\
FF - prefs.js: keyword.URL - hxxp://www.gisly.com/search/?ie=UTF-8&o ... l5HyC4f&q=
FF - user.js: keyword.URL - hxxp://www.gisly.com/search/?ie=UTF-8&o ... l5HyC4f&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Stick · #8 Příspěvek od **Stick** » 25 říj 2011 18:56

ComboFix 11-10-25.03 - JP 25.10.2011 19:38:32.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1462 [GMT 2:00]
Spuštěný z: f:\documents and settings\JP\Plocha\ComboFix.exe
Použité ovládací přepínače :: f:\documents and settings\Jiří Pánek\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee Anti-Virus a Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"f:\windows\system32\tmp5D1.tmp"
"f:\windows\system32\tmp5D2.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\windows\system32\tmp5D1.tmp
f:\windows\system32\tmp5D2.tmp
.
Nakažená kopie f:\windows\system32\csrss.exe byla nalezena a vyléčena.
Obnovena kopie z - f:\windows\system32\dllcache\csrss.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-25 do 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-23 21:13 . 2010-11-29 15:42 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2011-10-23 21:13 . 2010-11-29 15:42 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2011-10-23 21:13 . 2011-10-23 21:13 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2011-10-18 13:30 . 2011-10-18 13:30 -------- d-----w- f:\documents and settings\Jiří Pánek\Data aplikací\Avira
2011-10-18 13:29 . 2011-10-11 13:00 36000 ----a-w- f:\windows\system32\drivers\avkmgr.sys
2011-10-18 13:29 . 2011-10-11 13:00 74640 ----a-w- f:\windows\system32\drivers\avgntflt.sys
2011-10-18 13:29 . 2011-10-11 13:00 134344 ----a-w- f:\windows\system32\drivers\avipbb.sys
2011-10-18 13:28 . 2011-10-18 13:28 -------- d-----w- f:\program files\Avira
2011-10-18 13:28 . 2011-10-18 13:28 -------- d-----w- f:\documents and settings\All Users\Data aplikací\Avira
2011-10-16 19:22 . 2006-11-06 12:26 40960 ------r- f:\windows\IGLobbyReg.exe
2011-10-16 19:20 . 2011-10-16 19:20 -------- d-----w- f:\program files\Pyro Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 21:28 . 2010-06-11 12:13 472808 ----a-w- f:\windows\system32\deployJava1.dll
2011-10-23 21:28 . 2008-05-29 12:39 73728 ----a-w- f:\windows\system32\javacpl.cpl
2011-10-17 13:55 . 2011-05-19 14:18 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- f:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-09-23 13:00 22528 ----a-w- f:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2002-09-23 13:00 220160 ----a-w- f:\windows\system32\oleacc.dll
2011-09-23 18:16 . 2008-05-28 15:01 445016 ----a-w- f:\windows\system32\wrap_oal.dll
2011-09-23 18:16 . 2008-05-28 15:01 109144 ----a-w- f:\windows\system32\OpenAL32.dll
2011-09-09 09:12 . 2004-08-17 15:49 602112 ----a-w- f:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2004-08-17 15:44 1858944 ----a-w- f:\windows\system32\win32k.sys
2011-08-22 23:41 . 2004-08-17 15:49 916480 ----a-w- f:\windows\system32\wininet.dll
2011-08-22 23:41 . 2004-08-17 15:49 1469440 ------w- f:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2004-08-17 15:49 43520 ----a-w- f:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2004-08-17 15:44 385024 ----a-w- f:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-03 23:14 138496 ----a-w- f:\windows\system32\drivers\afd.sys
2011-07-28 22:20 . 2006-11-22 03:25 7084544 ----a-w- f:\windows\system32\drivers\ati2mtag.sys
2011-07-28 22:17 . 2010-04-25 09:53 311296 ----a-w- f:\windows\system32\atiiiexx.dll
2011-07-28 22:01 . 2010-04-25 09:53 57344 ----a-w- f:\windows\system32\aticalrt.dll
2011-07-28 22:01 . 2010-04-25 09:53 53248 ----a-w- f:\windows\system32\aticalcl.dll
2011-07-28 21:57 . 2010-04-25 09:53 5697536 ----a-w- f:\windows\system32\aticaldd.dll
2011-07-28 21:40 . 2010-04-25 09:53 18440192 ----a-w- f:\windows\system32\atioglxx.dll
2011-07-28 21:34 . 2006-11-22 03:12 3973696 ----a-w- f:\windows\system32\ati3duag.dll
2011-07-28 21:32 . 2011-05-15 17:36 462848 ----a-w- f:\windows\system32\ATIDEMGX.dll
2011-07-28 21:31 . 2006-11-22 03:25 303104 ----a-w- f:\windows\system32\ati2dvag.dll
2011-07-28 21:27 . 2011-04-29 13:36 956160 ----a-w- f:\windows\system32\ativvamv.dll
2011-07-28 21:15 . 2006-11-22 03:08 3166208 ----a-w- f:\windows\system32\ativvaxx.dll
2011-07-28 21:14 . 2010-04-25 09:53 212992 ----a-w- f:\windows\system32\atipdlxx.dll
2011-07-28 21:13 . 2010-04-25 09:53 155648 ----a-w- f:\windows\system32\Oemdspif.dll
2011-07-28 21:13 . 2010-04-25 09:53 26112 ----a-w- f:\windows\system32\Ati2mdxx.exe
2011-07-28 21:13 . 2010-04-25 09:53 43520 ----a-w- f:\windows\system32\ati2edxx.dll
2011-07-28 21:13 . 2010-04-25 09:53 188416 ----a-w- f:\windows\system32\ati2evxx.dll
2011-07-28 21:12 . 2010-04-25 09:53 643072 ----a-w- f:\windows\system32\ati2evxx.exe
2011-07-28 21:10 . 2010-04-25 09:53 53248 ----a-w- f:\windows\system32\ATIDDC.DLL
2011-07-28 21:09 . 2010-04-25 09:53 151552 ----a-w- f:\windows\system32\atiapfxx.exe
2011-07-28 21:05 . 2010-04-25 09:53 704512 ----a-w- f:\windows\system32\atikvmag.dll
2011-07-28 21:01 . 2010-04-25 09:53 208896 ----a-w- f:\windows\system32\atiadlxx.dll
2011-07-28 21:00 . 2010-04-25 09:53 17408 ----a-w- f:\windows\system32\atitvo32.dll
2011-07-28 20:59 . 2010-04-25 09:53 507904 ----a-w- f:\windows\system32\atiok3x2.dll
2011-07-28 20:55 . 2006-11-22 02:51 876544 ----a-w- f:\windows\system32\ati2cqag.dll
2011-07-28 20:53 . 2010-04-25 09:53 64512 ----a-w- f:\windows\system32\atimpc32.dll
2011-07-28 20:53 . 2010-04-25 09:53 64512 ----a-w- f:\windows\system32\amdpcom32.dll
2011-07-28 20:53 . 2010-04-25 09:53 53248 ----a-w- f:\windows\system32\drivers\ati2erec.dll
2011-07-28 15:49 . 2011-07-28 15:49 53760 ----a-w- f:\windows\system32\OVDecode.dll
2011-07-28 15:48 . 2011-07-28 15:48 13555712 ----a-w- f:\windows\system32\amdocl.dll
2011-09-30 18:22 . 2011-03-22 18:48 134104 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll
2009-01-25 12:57 . 2009-01-25 12:57 28672 ----a-w- f:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- f:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-24_20.42.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-25 17:49 . 2011-10-25 17:49 16384 f:\windows\Temp\Perflib_Perfdata_e0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="f:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"ProcessGovernor"="f:\program files\Process Lasso\processgovernor.exe" [2011-05-31 323600]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="f:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=f:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=f:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- f:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46 172032 ----a-w- f:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessLassoManagementConsole]
2011-05-31 13:55 576528 ----a-w- f:\program files\Process Lasso\ProcessLasso.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- f:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
2004-06-08 16:33 69721 ----a-w- f:\program files\CyberLink\PowerBackup\PBKScheduler.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Strong\\StrongDC.exe"=
"f:\\WINDOWS\\system32\\PnkBstrA.exe"=
"f:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"f:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"f:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"f:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"f:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"f:\\Program Files\\Steam\\Steam.exe"=
"f:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"f:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"f:\\Program Files\\theHunter\\launcher\\launcher.exe"=
"f:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"=
"f:\\Program Files\\EA SPORTS\\FIFA 11\\Game\\fifa.exe"=
"f:\\Program Files\\World_of_Tanks\\WOTLauncher.exe"=
"f:\\Program Files\\World_of_Tanks\\WorldOfTanks.exe"=
"f:\\Program Files\\Winamp\\winamp.exe"=
"f:\\Program Files\\ICQ7.5\\ICQ.exe"=
"f:\\Program Files\\Steam\\steamapps\\jirin13\\team fortress 2\\hl2.exe"=
"f:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\flight_control_hd\\flightControl_win32.exe"=
"f:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\chime\\Chime.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"f:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\runme.exe"=
.
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [7.6.2008 23:28 643072]
R1 avkmgr;avkmgr;f:\windows\system32\drivers\avkmgr.sys [18.10.2011 15:29 36000]
R2 acedrv11;acedrv11;f:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 AntiVirSchedulerService;Avira Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [18.10.2011 15:29 86224]
R2 MICOMPar;MICOMPar;f:\windows\system32\drivers\micompar.sys [3.1.2008 11:53 13488]
R2 WDDMService;WDDMService;f:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 11:07 238592]
R2 WDSC;WD File Management Shadow Engine;f:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 11:16 484352]
R3 vaxscsi;vaxscsi;f:\windows\system32\drivers\vaxscsi.sys [7.6.2008 23:30 223128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 WDFME;WD File Management Engine;f:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 11:18 1060864]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [29.3.2009 12:58 1684736]
S3 NRKCTL32;NRKCTL32;\??\f:\documents and settings\Jiří Pánek\Plocha\Jiřin\NRKCTL32.SYS --> f:\documents and settings\Jiří Pánek\Plocha\Jiřin\NRKCTL32.SYS [?]
S3 pcouffin;VSO Software pcouffin;f:\windows\system32\drivers\pcouffin.sys [13.7.2009 12:43 47360]
S3 WDC_SAM;WD SCSI Pass Thru driver;f:\windows\system32\drivers\wdcsam.sys [31.5.2011 16:15 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - f:\program files\ICQ7.5\ICQ.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - f:\documents and settings\JP\Data aplikací\Mozilla\Firefox\Profiles\k3wdxs7c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.gisly.com/search/?ie=UTF-8&oe=UTF-8 ... l5HyC4f&q=
FF - user.js: keyword.URL - hxxp://www.gisly.com/search/?ie=UTF-8&oe=UTF-8 ... l5HyC4f&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-115176313-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:cf,e8,eb,3c,e8,59,e6,dc,80,ca,02,4c,4d,f0,f9,75,5c,57,cc,d5,94,58,98,
6c,30,27,ba,d5,4e,ac,85,66,69,49,42,fb,2d,c5,26,b4,5b,3c,07,48,83,c0,a6,c0,\
"??"=hex:bc,26,1b,8f,69,aa,2d,c1,e3,4f,42,b7,9c,92,70,86
.
[HKEY_USERS\S-1-5-21-1417001333-115176313-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:8a,1d,70,f8,0e,d0,97,fc,61,d3,b9,78,88,59,ea,64,fb,18,20,d5,58,
65,30,5b,95,ad,a2,08,7c,f2,2e,8a,d9,38,87,9b,36,f3,34,25,c0,49,03,d4,a6,14,\
"rkeysecu"=hex:e4,f1,2d,3b,ff,5d,f5,01,8f,42,c6,50,a2,45,42,8b
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="99232513C20F00B8FB66C7C2C0603D14B55A1CAE66B55F089BF4381B60AA137CAC101ECFCD5B9EDC77A08FB415E0DAA65782A76304667F1784D054DE484BB35C6C518E4B3554005FDFF07043506FFE97904D12AF41066C745DCCBCB97C60F651EB4B6A49CC95EEFE18D39514279038D630EF59B8CEA11CE0817765F04821D78F33043ACE21A0898174EBBA8C01AFEBD978C31066902DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C8EDD5E5BE2F6E667FEBC9E127BECC74C86B5834DC0FBB4F42DC09D8931EB8D3C915DFE8D40B2975B79E02478DB1AB7DD9734D34CDD7BB4F5BB302877EA9D9F4B62FC4EED232105E1890E2AD5A4837109DA23BEBFD929C8DE216671759AFD6A61168A8F4B1E259F95F4872C1737B4EA34665ECFA1EA8491F0BA6FF2334C1087C86DE2C8302EE0A2E8809CDFC0A610991CA7C4888D58D16152385D9A881C18CAAF7E68F54A69BA7932C8206B789B3EA85F5ABA5E43029A408B9D43496FBD9EB52AAF8086EDF4DC46AE39E76B0D53A8F6049227B92A57A8E80BC13BD604F6F003ABC094DB120E34DEFC94CDF0EB1D001572377677C95E8D4C21D1600D8A22211E904012CED002F34DA070327EAA5D364D768317E9CE301E0D03CB5428662E04279793EAA8E734124E01B5778C7F0C83164084FDD40BF9F1034C84BC5C249B327461F395AABC9DC9D4E8248388483763A0E41FA1F0F2FC64B97724404EEF820A0DF6ED8A0655C7978488CBC14F04FC134EDB887FEB9E0F95F068258C999C0C2C2D4062C8E15DD33E37F21321B856929736824C16E74C98EA1B6359524A1F777C470C05CF59A173C3FA20B3920A873FB6A11A4968F7DB978C619162C563911725FD0EDFA77C16EC73916B3B8D8003617C11C4B07F27D29DE41E00399FDAB24F132A5C4FD84DD19E5AEF928C8DCB5967B7368B8CE56FDACD26E021291D9A631D78587004F04390764ABF3A5B1190BD577B765C34AB453FE4C2EC4AD2FD01A90C49C9298301C92F76595FEA3399E409C71FED0658640CF02DF33B34A808E030C03FF249259FBEB137E25F0EF12FD736E4BD6BBD7B281C070936F5FCF3047E44EED67C769667F5406405057448DAE66570B7EE1B739244B76EC8FDA54FBC94D86452C13BD9F3B6243CA04B51BB2D87DBBDADB19B6D42C4E1E42FE414AA84D081FB36D307C0E7BBCB91DC5E3A2838A0FEB5099D1F655B51850CB27490492FD5F92A4B77AAF6E933CBCD249FAD39910F5DD3734F692F8615C7136026494516B921749EA5DEF7A1C15AE9A32609F155A22429DC1C24726EABEF40862B50871506F675820ABB933D7DD0764D3A1026A09FA958F8885B29C327EDEC3A6519D18DB9215B8B0541EF6F71B0965859E90396"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
f:\windows\system32\Ati2evxx.dll
f:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3348)
f:\progra~1\WINDOW~2\wmpband.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
f:\windows\system32\Ati2evxx.exe
f:\windows\system32\Ati2evxx.exe
f:\program files\Avira\AntiVir Desktop\avguard.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\LightScribe\LSSrvc.exe
f:\windows\system32\oodag.exe
f:\windows\RTHDCPL.EXE
f:\windows\system32\PnkBstrA.exe
f:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
f:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
f:\program files\Avira\AntiVir Desktop\avshadow.exe
f:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-10-25 19:54:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-25 17:54
ComboFix2.txt 2011-10-24 20:44
.
Před spuštěním: Volných bajtů: 97 944 002 560
Po spuštění: Volných bajtů: 97 921 228 800
.
- - End Of File - - 19B1C005EE1DFB0C33740AA69B019C49

#9 Příspěvek od **Roli** » 25 říj 2011 22:00

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Stáhni a ulož na plochu SecurityCheck

spusť aplikaci a pokračuj podle instrukcí,

pak mi sem zkopíruj log který na tebe po chvíli vypadne.

Stick · #10 Příspěvek od **Stick** » 25 říj 2011 22:19

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 29
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader X (KB403742..) Adobe Reader Out of Date!
Mozilla Firefox (x86 cs..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

#11 Příspěvek od **Roli** » 25 říj 2011 22:53

V pořádku a jaký je stav PC ?

Stick · #12 Příspěvek od **Stick** » 26 říj 2011 08:10

Je to zvláštní, ale vypínání trvá pořád stejně dlouho

jestli to třeba nezpůsobuje nějakej software nebo něco, nedávno sem instaloval novou verzi Aviry, tak třeba to, fakt nevim

#13 Příspěvek od **Roli** » 26 říj 2011 23:01

Stáhni SystemLook

spusť aplikaci a do otevřeného okna zkopíruj :

Kód: Vybrat vše

:filefind
McAfee

:regfind
McAfee

pak klik na Look aplikace vytvoří SystemLook.txt jeho obsah mi sem zkopíruj.

Stick · #14 Příspěvek od **Stick** » 27 říj 2011 00:48

SystemLook 30.07.11 by jpshortstuff
Log created at 01:47 on 27/10/2011 by JP
Administrator - Elevation successful

========== filefind ==========

Searching for "McAfee"
No files found.

========== regfind ==========

Searching for "McAfee"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0074"="[Ovladače nepodporující technologii Plug and Play] -> [McAfee Inc. cfwids] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0087"="[Ovladače nepodporující technologii Plug and Play] -> [McAfee Inc. mfeapfk] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0088"="[Ovladače nepodporující technologii Plug and Play] -> [McAfee Inc. mfeavfk] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0089"="[Ovladače nepodporující technologii Plug and Play] -> [McAfee Inc.] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0090"="[Ovladače nepodporující technologii Plug and Play] -> [McAfee Inc. mfebopk] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0091"="[Ovladače nepodporující technologii Plug and Play] -> [McAfee Inc. mfefirek] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0092"="[Ovladače nepodporující technologii Plug and Play] -> [McAfee Inc. mfehidk] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0093"="[Ovladače nepodporující technologii Plug and Play] -> [McAfee Inc. mferkdet] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0094"="[Ovladače nepodporující technologii Plug and Play] -> [McAfee Inc. mfetdi2k] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0126"="[Síťové adapatéry] -> [McAfee Core NDIS Intermediate Filter Miniport] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Device\0]
"DeviceItem0127"="[Síťové adapatéry] -> [McAfee Core NDIS Intermediate Filter Miniport] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Software\0]
"ProgramItem0182"="[McAfee Total Protection] (0x00000000)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{04010F67-4D13-4E09-9B7E-661D6456ACCF}\1.0\0\win32]
@="F:\Program Files\Common Files\Mcafee\MNA\McNASvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{19F4CECD-60C0-49D3-86F9-839544C513CF}\1.0\0\win32]
@="f:\PROGRA~1\mcafee\msc\mcoemmgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1F7484A8-FC0A-4ADE-BD19-B764A5DF62E0}\1.0\0\win32]
@="f:\PROGRA~1\mcafee\SITEAD~1\saplugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1F7484A8-FC0A-4ADE-BD19-B764A5DF62E0}\1.0\HELPDIR]
@="f:\PROGRA~1\mcafee\SITEAD~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E275DBA-E84E-4A96-8451-CBB09A498E6C}\1.0\0\win32]
@="F:\Program Files\Common Files\Mcafee\MNA\McNAReg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D1D8478-C3DC-4B0B-8CED-686E9EEFC3DC}\1.0\0\win32]
@="f:\PROGRA~1\mcafee\msc\mcndcp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8EDB3D31-ABF7-4991-A806-B59DBA2DF097}\1.0\0\win32]
@="F:\Program Files\Common Files\Mcafee\MNA\McAltHst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBA39935-4AAD-407D-8D12-0538E46F33E2}\1.0\0\win32]
@="F:\Program Files\Common Files\Mcafee\MNA\McNAVer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F4B74A4D-14BD-43AC-A8B0-90FBB5CD2F02}\1.0\0\win32]
@="f:\PROGRA~1\mcafee\msc\mcndui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedModules\f:%progra~1%common~1%mcafee%instal~1%mcinst.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedModules\f:%progra~1%common~1%mcafee%instal~1%mcinst.exe]
@="F:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\mcinst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAPFK\0000]
"DeviceDesc"="McAfee Inc. mfeapfk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK\0000]
"DeviceDesc"="McAfee Inc. mfeavfk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEBOPK\0000]
"DeviceDesc"="McAfee Inc. mfebopk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIRE\0000]
"DeviceDesc"="McAfee Firewall Core Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIREK\0000]
"DeviceDesc"="McAfee Inc. mfefirek"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIREK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK\0000]
"DeviceDesc"="McAfee Inc. mfehidk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFETDI2K\0000]
"DeviceDesc"="McAfee Inc. mfetdi2k"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEVTP\0000]
"DeviceDesc"="McAfee Validation Trust Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEAPFK\0000]
"DeviceDesc"="McAfee Inc. mfeapfk"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEAVFK\0000]
"DeviceDesc"="McAfee Inc. mfeavfk"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEAVFK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEBOPK\0000]
"DeviceDesc"="McAfee Inc. mfebopk"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEFIRE\0000]
"DeviceDesc"="McAfee Firewall Core Service"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEFIREK\0000]
"DeviceDesc"="McAfee Inc. mfefirek"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEFIREK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEHIDK\0000]
"DeviceDesc"="McAfee Inc. mfehidk"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEHIDK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFETDI2K\0000]
"DeviceDesc"="McAfee Inc. mfetdi2k"
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEVTP\0000]
"DeviceDesc"="McAfee Validation Trust Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAPFK\0000]
"DeviceDesc"="McAfee Inc. mfeapfk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK\0000]
"DeviceDesc"="McAfee Inc. mfeavfk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEBOPK\0000]
"DeviceDesc"="McAfee Inc. mfebopk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIRE\0000]
"DeviceDesc"="McAfee Firewall Core Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK\0000]
"DeviceDesc"="McAfee Inc. mfefirek"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK\0000]
"DeviceDesc"="McAfee Inc. mfehidk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFETDI2K\0000]
"DeviceDesc"="McAfee Inc. mfetdi2k"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEVTP\0000]
"DeviceDesc"="McAfee Validation Trust Protection Service"
[HKEY_USERS\.DEFAULT\Software\McAfee]
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-mcafee.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-mcafee.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-mcafee.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]
[HKEY_USERS\S-1-5-21-1417001333-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com]
[HKEY_USERS\S-1-5-18\Software\McAfee]
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-mcafee.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]

-= EOF =-

#15 Příspěvek od **Roli** » 27 říj 2011 19:06

Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
F:\Program Files\Common Files\Mcafee
f:\PROGRA~1\mcafee

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedModules\f:%progra~1%common~1%mcafee%instal~1%mcinst.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAPFK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK01\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEBOPK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIRE\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIREK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEFIREK01\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK01\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFETDI2K\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEVTP\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_CFWIDS\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEAPFK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEAVFK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEAVFK01\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEAVFK02\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEBOPK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEFIRE\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEFIREK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEFIREK01\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEHIDK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEHIDK01\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFERKDET\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFETDI2K\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_MFEVTP\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAPFK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK01\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEBOPK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIRE\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEFIREK01\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK01\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFETDI2K\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEVTP\0000]
[-HKEY_USERS\.DEFAULT\Software\McAfee]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-mcafee.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-mcafee.com]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-mcafee.com]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]
[-HKEY_USERS\S-1-5-21-1417001333-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com]
[-HKEY_USERS\S-1-5-18\Software\McAfee]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-mcafee.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee-antivirus-2007.com]

:services
cfwids
mfeapfk
mfebopk
mfefirek
mfehidk
mferkdet
mfetdi2k

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

VIRY.CZ

Pomalé vypínání PC

Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC

Re: Pomalé vypínání PC