VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o preventivní kontrolu logu (pomalé PC)

https://forum.viry.cz:443/viewtopic.php?t=120572

Stránka 1 z 2

Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 22 bře 2012 21:28
od sFlnx
Logfile of random's system information tool 1.09 (written by random/random)
Run by M_A_R_X at 2012-03-22 21:26:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 39 GB (51%) free of 76 GB
Total RAM: 255 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:26:36, on 22.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\M_A_R_X.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Ham\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5325 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2052111302-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2052111302-725345543-1003UA.job
C:\WINDOWS\tasks\RMSchedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll [2012-03-04 1077600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTor.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-06 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTor.dll [2011-03-28 176936]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll [2012-03-04 1077600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2011-06-15 307200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-07-30 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-07-30 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Ham\hamachi-2-ui.exe [2012-02-28 1987976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2011-08-07 639864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\OH\KCVDS.exe"="C:\OH\KCVDS.exe:*:Enabled:KCVDS"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\spectromancer truth and beauty v1 21 cracked read nfo theta.rar.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\spectromancer truth and beauty v1 21 cracked read nfo theta.rar.exe:*:Enabled:spectromancer truth and beauty v1 21 cracked read nfo theta.rar"
"C:\Documents and Settings\M_A_R_X\Data aplikací\FileHunter\FileHunter.exe"="C:\Documents and Settings\M_A_R_X\Data aplikací\FileHunter\FileHunter.exe:*:Enabled:FileHunter"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\FH\extension.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\FH\extension.exe:*:Enabled:extension"
"C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome"
"C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe:*:Disabled:Instalační program Google"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe"="C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe:*:Enabled:DivX Plus Player"
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Enabled:DivX Update"
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"="C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Disabled:Java(TM) Update Scheduler"
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe"="C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Disabled:Java(TM) Update Checker"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Disabled:Windows Genuine Advantage Notifications"
"C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"="C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe:*:Enabled:Search Settings"
"C:\Program Files\Flock\flock.exe"="C:\Program Files\Flock\flock.exe:*:Enabled:Flock"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\LeagueofLegends.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\LeagueofLegends.exe:*:Enabled:LeagueofLegends"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Quake III Arena\quake3.exe"="C:\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\Skype.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\Rar$EX61.080\Deamon Tools 4.35 - Plná verze\Deamon Tools 4.35\Deamon Tools 4.35 Lite.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\Rar$EX61.080\Deamon Tools 4.35 - Plná verze\Deamon Tools 4.35\Deamon Tools 4.35 Lite.exe:*:Enabled:DAEMON Tools Lite Setup"
"C:\Program Files\DAEMON Tools Lite\DTLite.exe"="C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:DAEMON Tools Lite"
"C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe"="C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe:*:Enabled:Alcohol 120% RmK-FreE"
"C:\Program Files\Alcohol Soft\Alcohol 120\_alcohol.exe"="C:\Program Files\Alcohol Soft\Alcohol 120\_alcohol.exe:*:Enabled:Alcohol 120%"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\BitZipperH2010.v20120311.TrialSetupEn.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\BitZipperH2010.v20120311.TrialSetupEn.exe:*:Enabled:InstallIQ Installation Utility"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_133a2f2610\bitzipper2.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_133a2f2610\bitzipper2.exe:*:Enabled:InstallIQ Installation Utility"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_133a2f2610\AskTB\ApnStub.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_133a2f2610\AskTB\ApnStub.exe:*:Enabled:AskStub Application"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\freefileviewer_730.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\freefileviewer_730.exe:*:Enabled:InstallIQ Installation Utility"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_1538121d40\AskTB\ApnStub.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_1538121d40\AskTB\ApnStub.exe:*:Enabled:AskStub Application"
"C:\Program Files\Zhyper Networks\ZhyperMU Season 6 Ultimate\ZhyperMU.EXE"="C:\Program Files\Zhyper Networks\ZhyperMU Season 6 Ultimate\ZhyperMU.EXE:*:Enabled:Online Updater"
"C:\Program Files\Zhyper Networks\ZhyperMU Season 6 Ultimate\mu.exe"="C:\Program Files\Zhyper Networks\ZhyperMU Season 6 Ultimate\mu.exe:*:Enabled:Update MFC 응용 프로그램"
"C:\Program Files\Feudalism2_at\runfs.exe"="C:\Program Files\Feudalism2_at\runfs.exe:*:Enabled:RunFS"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\esetsmartinstaller_csy.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\esetsmartinstaller_csy.exe:*:Enabled:ESET Smart Installer"
"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"="C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe:*:Enabled:OnlineCmdLineScanner"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\ccsetup316.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\ccsetup316.exe:*:Enabled:CCleaner Installer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\is-DJHRQ.tmp\spybotsd162.tmp"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\is-DJHRQ.tmp\spybotsd162.tmp:*:Enabled:Setup/Uninstall"
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Updater for Spybot-S&D"
"C:\Program Files\midori\bin\midori.exe"="C:\Program Files\midori\bin\midori.exe:*:Enabled:midori"
"C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe"="C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe:*:Enabled:ESET Online Scanner container"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\RSIT.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\RSIT.exe:*:Enabled:RSIT"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======List of files/folders created in the last 1 month======

2012-03-22 21:26:12 ----D---- C:\Program Files\trend micro
2012-03-22 21:26:04 ----D---- C:\rsit
2012-03-22 20:42:38 ----D---- C:\Program Files\midori
2012-03-22 20:36:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-03-22 20:36:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-03-22 19:44:42 ----D---- C:\Program Files\CCleaner
2012-03-17 19:01:55 ----D---- C:\Program Files\Feudalism2_at
2012-03-17 17:16:58 ----D---- C:\Program Files\VID_0E8F&PID_0012
2012-03-12 19:02:16 ----D---- C:\Program Files\Zhyper Networks
2012-03-12 14:55:14 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\Search Settings
2012-03-12 14:54:38 ----D---- C:\Program Files\IObit Toolbar
2012-03-12 14:54:38 ----D---- C:\Program Files\Common Files\Spigot
2012-03-12 14:54:21 ----SHD---- C:\Config.Msi
2012-03-12 09:09:54 ----A---- C:\autoimbue.dat
2012-03-11 23:35:19 ----A---- C:\WINDOWS\system32\SIntfNT.dll
2012-03-11 23:35:19 ----A---- C:\WINDOWS\system32\SIntf32.dll
2012-03-11 23:35:18 ----A---- C:\WINDOWS\system32\SIntf16.dll
2012-03-11 23:30:44 ----D---- C:\Program Files\Diablo II
2012-03-11 23:26:24 ----D---- C:\Program Files\PowerISO
2012-03-11 21:07:34 ----D---- C:\Program Files\File Type Assistant
2012-03-11 21:03:59 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\BitZipper
2012-03-11 21:03:23 ----D---- C:\Program Files\BitZipper
2012-03-11 20:24:10 ----A---- C:\WINDOWS\system32\drivers\SET38.tmp
2012-03-11 20:21:35 ----A---- C:\WINDOWS\system32\drivers\SET2C.tmp
2012-03-11 20:21:13 ----A---- C:\WINDOWS\system32\drivers\SET21.tmp
2012-03-11 20:20:53 ----A---- C:\WINDOWS\system32\drivers\SET16.tmp
2012-03-11 20:17:42 ----D---- C:\Program Files\Alcohol Soft
2012-03-11 20:06:10 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2012-03-11 19:29:24 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\DAEMON Tools Lite
2012-03-11 19:29:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2012-03-10 14:47:54 ----ASH---- C:\WINDOWS\system32\dds_log_ad13.cmd

======List of files/folders modified in the last 1 month======

2012-03-22 21:26:17 ----D---- C:\WINDOWS\Prefetch
2012-03-22 21:26:12 ----RD---- C:\Program Files
2012-03-22 21:25:53 ----A---- C:\WINDOWS\wincmd.ini
2012-03-22 21:22:53 ----D---- C:\WINDOWS\Temp
2012-03-22 21:14:54 ----D---- C:\WINDOWS
2012-03-22 21:14:25 ----D---- C:\Program Files\Flock
2012-03-22 21:14:22 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\Flock
2012-03-22 21:09:09 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-03-22 20:58:57 ----SH---- C:\boot.ini
2012-03-22 20:58:57 ----A---- C:\WINDOWS\win.ini
2012-03-22 20:58:57 ----A---- C:\WINDOWS\system.ini
2012-03-22 20:57:32 ----D---- C:\WINDOWS\system32\drivers
2012-03-22 20:39:52 ----D---- C:\WINDOWS\system32
2012-03-22 20:10:39 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\IObit
2012-03-22 19:49:21 ----D---- C:\Program Files\Application Updater
2012-03-22 19:46:38 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\uTorrent
2012-03-22 19:46:38 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\Skype
2012-03-22 19:46:27 ----D---- C:\WINDOWS\SoftwareDistribution
2012-03-22 19:46:27 ----D---- C:\WINDOWS\Debug
2012-03-22 19:46:23 ----D---- C:\WINDOWS\Minidump
2012-03-22 19:21:19 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\FileHunter
2012-03-22 19:02:13 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-03-17 17:16:57 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-12 14:55:15 ----SHD---- C:\WINDOWS\Installer
2012-03-12 14:54:39 ----D---- C:\WINDOWS\WinSxS
2012-03-12 14:54:38 ----D---- C:\Program Files\Common Files
2012-03-11 23:21:29 ----SD---- C:\WINDOWS\Tasks
2012-03-11 19:41:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-11 19:36:53 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-11 19:30:32 ----HD---- C:\WINDOWS\inf
2012-03-07 18:13:06 ----ASH---- C:\WINDOWS\system32\dds_log_trash.cmd
2012-02-29 13:09:40 ----HD---- C:\Ham

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-03-11 721904]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2011-06-15 60156]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-02-23 1714176]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Ham\hamachi-2.exe [2012-02-28 1373576]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-01-31 158856]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 22 bře 2012 22:24
od Roli
Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\5.1\iobitToolbarIE.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\M_A_R_X.exe

Fix znamená že spustíš HJT Obrázek jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj Pando Networks (Pando Media Booster),

Spybot - SD který je už za zenitem, vše od IObitu


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak mi sem dej aktuální log z Rsit, doladíme zbytek.


P.S. zítra tu nebudu, tak měj trpělivost

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 22 bře 2012 22:43
od sFlnx
Logfile of random's system information tool 1.09 (written by random/random)
Run by M_A_R_X at 2012-03-22 22:40:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 39 GB (51%) free of 76 GB
Total RAM: 255 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:41:34, on 22.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\M_A_R_X.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Ham\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 3556 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2052111302-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2052111302-725345543-1003UA.job
C:\WINDOWS\tasks\RMSchedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-06 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2011-06-15 307200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-07-30 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Ham\hamachi-2-ui.exe [2012-02-28 1987976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2011-08-07 639864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\OH\KCVDS.exe"="C:\OH\KCVDS.exe:*:Enabled:KCVDS"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\spectromancer truth and beauty v1 21 cracked read nfo theta.rar.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\spectromancer truth and beauty v1 21 cracked read nfo theta.rar.exe:*:Enabled:spectromancer truth and beauty v1 21 cracked read nfo theta.rar"
"C:\Documents and Settings\M_A_R_X\Data aplikací\FileHunter\FileHunter.exe"="C:\Documents and Settings\M_A_R_X\Data aplikací\FileHunter\FileHunter.exe:*:Enabled:FileHunter"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\FH\extension.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\FH\extension.exe:*:Enabled:extension"
"C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome"
"C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe:*:Disabled:Instalační program Google"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe"="C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe:*:Enabled:DivX Plus Player"
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Enabled:DivX Update"
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"="C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Disabled:Java(TM) Update Scheduler"
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe"="C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Disabled:Java(TM) Update Checker"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Disabled:Windows Genuine Advantage Notifications"
"C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"="C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe:*:Enabled:Search Settings"
"C:\Program Files\Flock\flock.exe"="C:\Program Files\Flock\flock.exe:*:Enabled:Flock"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\LeagueofLegends.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\LeagueofLegends.exe:*:Enabled:LeagueofLegends"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Quake III Arena\quake3.exe"="C:\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\Skype.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\Rar$EX61.080\Deamon Tools 4.35 - Plná verze\Deamon Tools 4.35\Deamon Tools 4.35 Lite.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\Rar$EX61.080\Deamon Tools 4.35 - Plná verze\Deamon Tools 4.35\Deamon Tools 4.35 Lite.exe:*:Enabled:DAEMON Tools Lite Setup"
"C:\Program Files\DAEMON Tools Lite\DTLite.exe"="C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:DAEMON Tools Lite"
"C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe"="C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe:*:Enabled:Alcohol 120% RmK-FreE"
"C:\Program Files\Alcohol Soft\Alcohol 120\_alcohol.exe"="C:\Program Files\Alcohol Soft\Alcohol 120\_alcohol.exe:*:Enabled:Alcohol 120%"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\BitZipperH2010.v20120311.TrialSetupEn.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\BitZipperH2010.v20120311.TrialSetupEn.exe:*:Enabled:InstallIQ Installation Utility"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_133a2f2610\bitzipper2.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_133a2f2610\bitzipper2.exe:*:Enabled:InstallIQ Installation Utility"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_133a2f2610\AskTB\ApnStub.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_133a2f2610\AskTB\ApnStub.exe:*:Enabled:AskStub Application"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\freefileviewer_730.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\freefileviewer_730.exe:*:Enabled:InstallIQ Installation Utility"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_1538121d40\AskTB\ApnStub.exe"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\pkg_1538121d40\AskTB\ApnStub.exe:*:Enabled:AskStub Application"
"C:\Program Files\Zhyper Networks\ZhyperMU Season 6 Ultimate\ZhyperMU.EXE"="C:\Program Files\Zhyper Networks\ZhyperMU Season 6 Ultimate\ZhyperMU.EXE:*:Enabled:Online Updater"
"C:\Program Files\Zhyper Networks\ZhyperMU Season 6 Ultimate\mu.exe"="C:\Program Files\Zhyper Networks\ZhyperMU Season 6 Ultimate\mu.exe:*:Enabled:Update MFC 응용 프로그램"
"C:\Program Files\Feudalism2_at\runfs.exe"="C:\Program Files\Feudalism2_at\runfs.exe:*:Enabled:RunFS"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\esetsmartinstaller_csy.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\esetsmartinstaller_csy.exe:*:Enabled:ESET Smart Installer"
"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"="C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe:*:Enabled:OnlineCmdLineScanner"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\ccsetup316.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\ccsetup316.exe:*:Enabled:CCleaner Installer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\is-DJHRQ.tmp\spybotsd162.tmp"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\is-DJHRQ.tmp\spybotsd162.tmp:*:Enabled:Setup/Uninstall"
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Updater for Spybot-S&D"
"C:\Program Files\midori\bin\midori.exe"="C:\Program Files\midori\bin\midori.exe:*:Enabled:midori"
"C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe"="C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe:*:Enabled:ESET Online Scanner container"
"C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\RSIT.exe"="C:\Documents and Settings\M_A_R_X\Dokumenty\Downloads\RSIT.exe:*:Enabled:RSIT"
"C:\Program Files\Pando Networks\Media Booster\uninst.exe"="C:\Program Files\Pando Networks\Media Booster\uninst.exe:*:Enabled:uninst"
"C:\Documents and Settings\M_A_R_X\Local Settings\Temp\_iu14D2N.tmp"="C:\Documents and Settings\M_A_R_X\Local Settings\Temp\_iu14D2N.tmp:*:Enabled:Setup/Uninstall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======List of files/folders created in the last 1 month======

2012-03-22 22:31:42 ----D---- C:\WINDOWS\system32\appmgmt
2012-03-22 21:26:12 ----D---- C:\Program Files\trend micro
2012-03-22 21:26:04 ----D---- C:\rsit
2012-03-22 20:42:38 ----D---- C:\Program Files\midori
2012-03-22 20:36:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-03-22 20:36:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-03-22 19:44:42 ----D---- C:\Program Files\CCleaner
2012-03-17 19:01:55 ----D---- C:\Program Files\Feudalism2_at
2012-03-17 17:16:58 ----D---- C:\Program Files\VID_0E8F&PID_0012
2012-03-12 19:02:16 ----D---- C:\Program Files\Zhyper Networks
2012-03-12 09:09:54 ----A---- C:\autoimbue.dat
2012-03-11 23:35:19 ----A---- C:\WINDOWS\system32\SIntfNT.dll
2012-03-11 23:35:19 ----A---- C:\WINDOWS\system32\SIntf32.dll
2012-03-11 23:35:18 ----A---- C:\WINDOWS\system32\SIntf16.dll
2012-03-11 23:30:44 ----D---- C:\Program Files\Diablo II
2012-03-11 23:26:24 ----D---- C:\Program Files\PowerISO
2012-03-11 21:07:34 ----D---- C:\Program Files\File Type Assistant
2012-03-11 21:03:59 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\BitZipper
2012-03-11 21:03:23 ----D---- C:\Program Files\BitZipper
2012-03-11 20:24:10 ----A---- C:\WINDOWS\system32\drivers\SET38.tmp
2012-03-11 20:21:35 ----A---- C:\WINDOWS\system32\drivers\SET2C.tmp
2012-03-11 20:21:13 ----A---- C:\WINDOWS\system32\drivers\SET21.tmp
2012-03-11 20:20:53 ----A---- C:\WINDOWS\system32\drivers\SET16.tmp
2012-03-11 20:17:42 ----D---- C:\Program Files\Alcohol Soft
2012-03-11 20:06:10 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2012-03-11 19:29:24 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\DAEMON Tools Lite
2012-03-11 19:29:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2012-03-10 14:47:54 ----ASH---- C:\WINDOWS\system32\dds_log_ad13.cmd

======List of files/folders modified in the last 1 month======

2012-03-22 22:33:59 ----A---- C:\WINDOWS\wincmd.ini
2012-03-22 22:33:23 ----D---- C:\WINDOWS\Prefetch
2012-03-22 22:31:42 ----D---- C:\WINDOWS\system32
2012-03-22 22:31:31 ----D---- C:\WINDOWS\WinSxS
2012-03-22 22:30:39 ----RD---- C:\Program Files
2012-03-22 22:30:39 ----D---- C:\Program Files\Common Files
2012-03-22 22:30:27 ----SHD---- C:\WINDOWS\Installer
2012-03-22 21:58:48 ----D---- C:\WINDOWS
2012-03-22 21:56:13 ----SD---- C:\Documents and Settings\M_A_R_X\Data aplikací\Microsoft
2012-03-22 21:22:53 ----D---- C:\WINDOWS\Temp
2012-03-22 21:14:25 ----D---- C:\Program Files\Flock
2012-03-22 21:14:22 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\Flock
2012-03-22 21:12:15 ----D---- C:\WINDOWS\system32\drivers
2012-03-22 21:09:09 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-03-22 20:58:57 ----SH---- C:\boot.ini
2012-03-22 20:58:57 ----A---- C:\WINDOWS\win.ini
2012-03-22 20:58:57 ----A---- C:\WINDOWS\system.ini
2012-03-22 19:46:38 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\uTorrent
2012-03-22 19:46:38 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\Skype
2012-03-22 19:46:27 ----D---- C:\WINDOWS\SoftwareDistribution
2012-03-22 19:46:27 ----D---- C:\WINDOWS\Debug
2012-03-22 19:46:23 ----D---- C:\WINDOWS\Minidump
2012-03-22 19:21:19 ----D---- C:\Documents and Settings\M_A_R_X\Data aplikací\FileHunter
2012-03-22 19:02:13 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-03-17 17:16:57 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-11 23:21:29 ----SD---- C:\WINDOWS\Tasks
2012-03-11 19:41:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-11 19:36:53 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-11 19:30:32 ----HD---- C:\WINDOWS\inf
2012-03-07 18:13:06 ----ASH---- C:\WINDOWS\system32\dds_log_trash.cmd
2012-02-29 13:09:40 ----HD---- C:\Ham

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-03-11 721904]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2011-06-15 60156]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-02-23 1714176]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Ham\hamachi-2.exe [2012-02-28 1373576]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-01-31 158856]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 22 bře 2012 22:47
od sFlnx
narazil jsem ještě na jeden problém.. při googlení mne to vždy přesměruje na tuhle stránku: "http://abnow.com/"

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 22 bře 2012 22:58
od Roli
Stáhni a ulož na plochu CKScanner,

spusť aplikaci a v otevřeném okně klikni na Search For Files.

Po dokončení skenu klikni na Save List to File a potvrď OK.

Tímto uložíš na plochu log s názvem ckfiles.txt, jeho obsah mi sem zkopíruj.

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 22 bře 2012 23:01
od sFlnx
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\m_a_r_x\dokumenty\downloads\ofp_crack.zip
c:\documents and settings\m_a_r_x\dokumenty\downloads\diablo 2 + datadisk lord of destruction\lord of destruction\diablo2lodkeygen.exe
c:\documents and settings\m_a_r_x\dokumenty\downloads\diablo 2 + datadisk lord of destruction\lord of destruction\diablo_2_lord_of_destruction_keygen.zip
c:\documents and settings\m_a_r_x\dokumenty\downloads\gta extreme (pc) [eng] (2oo8)\data\decision\craig\crack1.ped
c:\documents and settings\m_a_r_x\dokumenty\downloads\mortal kombat\crack.com
c:\documents and settings\m_a_r_x\dokumenty\downloads\mortal-kombat-2-(pc)\fx\skcrack1.u8
c:\documents and settings\m_a_r_x\dokumenty\downloads\zoo tycoon 2_by_matik_one\crack\info.txt
c:\documents and settings\m_a_r_x\dokumenty\downloads\zoo tycoon 2_by_matik_one\crack\zt.exe
c:\documents and settings\m_a_r_x\dokumenty\downloads\zt2 crack+cestina_by_matik_one\cestina\zoo_tycoon2.exe
c:\documents and settings\m_a_r_x\dokumenty\downloads\zt2 crack+cestina_by_matik_one\crack\zt.exe
c:\documents and settings\m_a_r_x\dokumenty\downloads\zt2 crack+cestina_by_matik_one\crack\ztycoon2.nfo
c:\documents and settings\m_a_r_x\dokumenty\downloads\zt2 crack+cestina_by_matik_one\zt2 trailer\thumbs.db
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\firecracker0001.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\firecracker0002.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\firecracker0003.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\firecracker0004.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\firecracker0005.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\firecracker0006.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\firecracker0007.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\goblincrack.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\knight_plancrack_a.bmd
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\knight_plancrack_b.bmd
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\knight_plancrack_dragon.bmd
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\knight_plancrack_grand.bmd
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\npcgagoil_crack01.bmd
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\npcgagoil_crack02.bmd
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\effect\npcgagoil_crack03.bmd
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\item\firecracker.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\monster\goblincrack.ozj
c:\program files\zhyper networks\zhypermu season 6 ultimate\data\object40\han_mcrack.ozj
scanner sequence 3.ZZ.11.DKAPWV
----- EOF -----

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 23 bře 2012 06:58
od sFlnx
Chtěl bych Vás ještě poprosit o radu, co by jste mi doporučil jako náhradu za Spybot S&D.. popř. free antivir nenáročný na paměť RAM?

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 23 bře 2012 18:38
od Roli
Na občasný sken stačí SuperAntiSpy a jako antivir Avast, ale pokud budeš pokračovat ve stahování

cracků, keygenů a dalšího bordelu, nepomůže ti ani nejlepší antivir na světě.

Než budeme pokračovat tak mám dotaz systém (Windows) je legální :???:

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 24 bře 2012 08:05
od sFlnx
Na systém windows je použitý legální klíč nebo univerzální klíč pro vývojáře, nejsem si jist který z nich.

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 24 bře 2012 22:18
od Roli
Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Program Files\IObit
C:\Program Files\Common Files\Spigot
C:\Program Files\Pando Networks
C:\Program Files\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Pando Networks\Media Booster\uninst.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 25 bře 2012 06:34
od sFlnx
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\ConduitEngine.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET7A.tmp moved successfully.
C:\WINDOWS\System32\SET7F.tmp moved successfully.
C:\WINDOWS\002661_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
Folder move failed. C:\Program Files\IObit\Advanced SystemCare 4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\IObit scheduled to be moved on reboot.
File/Folder C:\Program Files\Common Files\Spigot not found.
C:\Program Files\Pando Networks\Media Booster folder moved successfully.
C:\Program Files\Pando Networks folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Logs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Pando Networks\Media Booster\uninst.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 3496 bytes
->Temporary Internet Files folder emptied: 141241349 bytes
->Flash cache emptied: 1008 bytes

User: M_A_R_X
->Temp folder emptied: 8508372 bytes
->Temporary Internet Files folder emptied: 7705552 bytes
->Java cache emptied: 86398 bytes
->Google Chrome cache emptied: 143113097 bytes
->Flash cache emptied: 18768 bytes

User: NetworkService
->Temp folder emptied: 3496 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 251904 bytes
Windows Temp folder emptied: 3979 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 287,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 03252012_072822

Files moved on Reboot...
Folder move failed. C:\Program Files\IObit\Advanced SystemCare 4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\IObit\Advanced SystemCare 4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\IObit scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 25 bře 2012 06:40
od sFlnx
Stále mne odkazy vyhledané na googlu přesměrovávají na "http://abnow.com". Vyzkoušeno v IE a Google Chrome.

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 25 bře 2012 21:14
od Roli
Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 26 bře 2012 12:58
od sFlnx
ComboFix 12-03-26.01 - M_A_R_X 26.03.2012 13:16:07.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.255.86 [GMT 2:00]
Spuštěný z: c:\documents and settings\M_A_R_X\Plocha\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\6603121c\U\00000001.@
c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\6603121c\U\000000c0.@
c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\6603121c\U\000000cb.@
c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\6603121c\U\000000cf.@
c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\6603121c\U\80000000.@
c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\6603121c\U\800000c0.@
c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\6603121c\U\800000cb.@
c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\6603121c\U\800000cf.@
c:\documents and settings\M_A_R_X\WINDOWS
c:\windows\$NtUninstallKB35808$
c:\windows\$NtUninstallKB35808$\1711477276\@
c:\windows\$NtUninstallKB35808$\1711477276\L\miwffetq
c:\windows\$NtUninstallKB35808$\1711477276\loader.tlb
c:\windows\$NtUninstallKB35808$\1711477276\U\@00000001
c:\windows\$NtUninstallKB35808$\1711477276\U\@000000c0
c:\windows\$NtUninstallKB35808$\1711477276\U\@000000cb
c:\windows\$NtUninstallKB35808$\1711477276\U\@000000cf
c:\windows\$NtUninstallKB35808$\1711477276\U\@80000000
c:\windows\$NtUninstallKB35808$\1711477276\U\@800000c0
c:\windows\$NtUninstallKB35808$\1711477276\U\@800000cb
c:\windows\$NtUninstallKB35808$\1711477276\U\@800000cf
c:\windows\$NtUninstallKB35808$\2536180333
c:\windows\IsUn0405.exe
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\system32\c_34456.nl_
c:\windows\system32\c_34456.nls
c:\windows\system32\dds_log_ad13.cmd
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\TZLog.log
.
Nakažená kopie c:\windows\system32\drivers\redbook.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it :)
c:\windows\system32\drivers\cdrom.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cdrom.sys
.
Nakažená kopie c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\program files\Common Files\PC Tools\sMonitor\
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_6603121c
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-26 do 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 11:24 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-03-26 11:24 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-26 06:41 . 2008-04-14 02:14 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-03-26 06:41 . 2008-04-14 02:14 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-03-24 20:01 . 2012-03-24 20:01 -------- d-----w- c:\documents and settings\M_A_R_X\Data aplikací\fizzy
2012-03-24 20:01 . 2012-03-24 20:01 -------- d-sh--w- c:\windows\ftpcache
2012-03-23 11:07 . 2012-03-23 11:07 -------- d-----w- C:\found.000
2012-03-23 09:32 . 2012-03-26 05:24 -------- d-----w- c:\documents and settings\Administrator
2012-03-22 22:25 . 2012-03-22 22:25 -------- d-----w- c:\program files\MSXML 4.0
2012-03-22 20:26 . 2012-03-22 21:41 -------- d-----w- c:\program files\trend micro
2012-03-22 19:45 . 2012-03-22 20:02 -------- d-----w- c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\midori
2012-03-22 19:42 . 2012-03-09 21:01 -------- d-----w- c:\program files\midori
2012-03-22 18:44 . 2012-03-22 18:45 -------- d-----w- c:\program files\CCleaner
2012-03-17 18:01 . 2012-03-17 18:01 -------- d-----w- c:\program files\Feudalism2_at
2012-03-17 16:16 . 2012-03-17 16:16 -------- d-----w- c:\program files\VID_0E8F&PID_0012
2012-03-17 16:16 . 2005-04-03 22:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-03-17 16:16 . 2005-04-03 22:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-03-17 16:16 . 2005-04-03 22:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-03-17 16:16 . 2005-04-03 22:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-03-17 16:16 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-03-17 16:16 . 2012-03-17 16:16 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-03-17 16:16 . 2012-03-17 16:16 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-03-12 18:02 . 2012-03-12 18:02 -------- d-----w- c:\program files\Zhyper Networks
2012-03-11 22:35 . 2012-03-11 22:35 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2012-03-11 22:35 . 2012-03-11 22:35 17212 ----a-w- c:\windows\system32\SIntf32.dll
2012-03-11 22:35 . 2012-03-11 22:35 12067 ----a-w- c:\windows\system32\SIntf16.dll
2012-03-11 22:30 . 2012-03-17 16:50 -------- d-----w- c:\program files\Diablo II
2012-03-11 22:26 . 2012-03-11 22:26 -------- d-----w- c:\program files\PowerISO
2012-03-11 20:07 . 2012-03-11 20:07 -------- d-----w- c:\program files\File Type Assistant
2012-03-11 20:03 . 2012-03-11 22:21 -------- d-----w- c:\documents and settings\M_A_R_X\Data aplikací\BitZipper
2012-03-11 20:03 . 2012-03-11 22:21 -------- d-----w- c:\program files\BitZipper
2012-03-11 19:17 . 2012-03-11 19:17 -------- d-----w- c:\program files\Alcohol Soft
2012-03-11 19:06 . 2012-03-11 19:06 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-11 18:29 . 2012-03-11 19:12 -------- d-----w- c:\documents and settings\M_A_R_X\Data aplikací\DAEMON Tools Lite
2012-03-11 18:29 . 2012-03-11 18:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-30 09:49 136176 ----atw- c:\documents and settings\M_A_R_X\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- c:\ham\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-08-07 17:32 639864 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\OH\\KCVDS.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Documents and Settings\\M_A_R_X\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\M_A_R_X\\Local Settings\\Data aplikací\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\DivX\\DivX Plus Player\\DivX Plus Player.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\M_A_R_X\\Dokumenty\\Downloads\\LeagueofLegends.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Documents and Settings\\M_A_R_X\\Dokumenty\\Downloads\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\_alcohol.exe"=
"c:\\Documents and Settings\\M_A_R_X\\Dokumenty\\Downloads\\BitZipperH2010.v20120311.TrialSetupEn.exe"=
"c:\\Documents and Settings\\M_A_R_X\\Dokumenty\\Downloads\\freefileviewer_730.exe"=
"c:\\Program Files\\Zhyper Networks\\ZhyperMU Season 6 Ultimate\\ZhyperMU.EXE"=
"c:\\Program Files\\Zhyper Networks\\ZhyperMU Season 6 Ultimate\\mu.exe"=
"c:\\Program Files\\Feudalism2_at\\runfs.exe"=
"c:\\Documents and Settings\\M_A_R_X\\Dokumenty\\Downloads\\esetsmartinstaller_csy.exe"=
"c:\\Documents and Settings\\M_A_R_X\\Dokumenty\\Downloads\\ccsetup316.exe"=
"c:\\Program Files\\midori\\bin\\midori.exe"=
"c:\\Documents and Settings\\M_A_R_X\\Dokumenty\\Downloads\\RSIT.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56965:TCP"= 56965:TCP:Pando Media Booster
"56965:UDP"= 56965:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.3.2012 21:06 721904]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\ham\hamachi-2.exe -s --> c:\ham\hamachi-2.exe -s [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [26.3.2012 13:26 632792]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [30.7.2011 17:27 1714176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [31.1.2012 16:09 158856]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 10.152.101.1 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Tzar - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-26 13:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(500)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\ham\hamachi-2.exe
.
**************************************************************************
.
Celkový čas: 2012-03-26 13:34:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-26 11:34
.
Před spuštěním: Volných bajtů: 40 208 023 552
Po spuštění: Volných bajtů: 40 198 696 960
.
- - End Of File - - 4D37428FF1B97896CFD3A0CD735172CB

Re: Prosím o preventivní kontrolu logu (pomalé PC)

Napsal: 26 bře 2012 13:09
od sFlnx
Scan trval nekonečně dlouho, ale vyplatilo se. Problém s googlením je pryč a počítač (windows) je znatelně rychlejší.

Děkuji
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz