VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu

https://forum.viry.cz:443/viewtopic.php?t=130320

Stránka 1 z 1

Prosím o kontrolu

Napsal: 18 kvě 2013 11:29
od adamhol.
Dobrý den!V poslední době se mi zdá PC pomalý,zejména po startu kdy musím čekat i 5 minut,než je PC schopný jakékoliv činnosti.Prosím o kontrolu logu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Adam at 2013-05-18 12:26:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 275 GB (29%) free of 954 GB
Total RAM: 3070 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:42, on 18.5.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\GamePark2\gpcl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Adam\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Adam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD1.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Desura] C:\Program Files\Desura\desura.exe -autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5722988250
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11081 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9886FE72-8840-4760-9894-CB596EA7C123}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-04 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVD1.dll [2012-11-06 183112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-04 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
DVDVideoSoft WebPageAdjuster Class - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2013-01-30 281760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31 1227736]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVD1.dll [2012-11-06 183112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-07-28 19557480]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-07-12 29696]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-31 4297136]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-04-11 98304]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-02-13 1263952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=C:\Program Files\Steam\steam.exe [2013-05-04 1635752]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-08-29 3318784]
"EADM"=C:\Program Files\Origin\Origin.exe [2013-03-21 3497552]
"Desura"=C:\Program Files\Desura\desura.exe -autostart []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-02-28 18642024]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
GamePark klient 2.lnk - C:\Program Files\GamePark2\gpcl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2013-04-11 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Steam\steamapps\skratchy78\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\skratchy78\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\world in conflict - demo\wic.exe"="C:\Program Files\Steam\steamapps\common\world in conflict - demo\wic.exe:*:Enabled:World in Conflict - Demo"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Games\DoWar2R\DOW2.exe"="C:\Games\DoWar2R\DOW2.exe:*:Enabled:Dawn of War II"
"C:\Program Files\THQ\Dawn of War II - Retribution\DOW2.exe"="C:\Program Files\THQ\Dawn of War II - Retribution\DOW2.exe:*:Enabled:Dawn of War II"
"C:\Documents and Settings\Adam\Local Settings\Temp\03b3b4a714074be39dc9bb3c25c7d1d0\RelicDownloader.exe"="C:\Documents and Settings\Adam\Local Settings\Temp\03b3b4a714074be39dc9bb3c25c7d1d0\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
"C:\Program Files\Cossacks - Napoleonic Wars\Data\engine.exe"="C:\Program Files\Cossacks - Napoleonic Wars\Data\engine.exe:*:Enabled:Cossacks 2: Napoleonic Wars"
"C:\Program Files\Robot Entertainment\Orcs Must Die!\Build\release\OrcsMustDie.exe"="C:\Program Files\Robot Entertainment\Orcs Must Die!\Build\release\OrcsMustDie.exe:*:Enabled:Orcs Must Die!"
"C:\Program Files\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe"="C:\Program Files\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe:*:Enabled:Stronghold3"
"C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe"="C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe:*:Enabled:Driver San Francisco"
"C:\Games\World_of_Tanks\WOTLauncher.exe"="C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\THQ\Dawn of War\W40k.exe"="C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Disabled:Hamachi"
"C:\Program Files\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe:*:Disabled:ANNO 2070"
"C:\Program Files\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe:*:Disabled:ANNO 2070"
"C:\Program Files\Ubisoft\Related Designs\ANNO 2070\Anno5.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 2070\Anno5.exe:*:Disabled:ANNO 2070"
"C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe"="C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe"="C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Enabled:Empires_DMW"
"C:\Program Files\Kalypso Media\Tropico 4\Tropico4.exe"="C:\Program Files\Kalypso Media\Tropico 4\Tropico4.exe:*:Disabled:Tropico 4"
"C:\Program Files\Origin Games\Battlefield 2142 Deluxe\BF2142.exe"="C:\Program Files\Origin Games\Battlefield 2142 Deluxe\BF2142.exe:*:Enabled:BF2142"
"C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe"="C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe"
"C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe"="C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe"
"C:\Program Files\Steam\steamapps\common\total war shogun 2\Shogun2.exe"="C:\Program Files\Steam\steamapps\common\total war shogun 2\Shogun2.exe:*:Enabled:Total War: SHOGUN 2"
"C:\Program Files\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html"="C:\Program Files\Steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html:*:Enabled:Total War: SHOGUN 2"
"C:\Program Files\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat"="C:\Program Files\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat:*:Enabled:Total War: SHOGUN 2"
"C:\Program Files\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat"="C:\Program Files\Steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat:*:Enabled:Total War: SHOGUN 2"
"C:\Program Files\Steam\steamapps\common\Tryst Demo\GameClient\Tryst.exe"="C:\Program Files\Steam\steamapps\common\Tryst Demo\GameClient\Tryst.exe:*:Enabled:Tryst Demo"
"C:\Program Files\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe"="C:\Program Files\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe:*:Enabled:Zombie Driver HD Demo"
"C:\Program Files\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe"="C:\Program Files\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe:*:Enabled:Gotham City Impostors - Free To Play"
"C:\Program Files\Steam\steamapps\common\PlanetSide 2\PlanetSide2.exe"="C:\Program Files\Steam\steamapps\common\PlanetSide 2\PlanetSide2.exe:*:Enabled:PlanetSide2"
"C:\Program Files\Codemasters\GRID\GRID.exe"="C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID Executable"
"C:\Program Files\Steam\steamapps\skratchy78\source sdk base 2007\hl2.exe"="C:\Program Files\Steam\steamapps\skratchy78\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007"
"C:\Program Files\Steam\steamapps\common\empire total war\Empire.exe"="C:\Program Files\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War"
"C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe"="C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Dead Island Riptide\DeadIslandGame_x86_rwdi.exe"="C:\Program Files\Dead Island Riptide\DeadIslandGame_x86_rwdi.exe:*:Enabled:DeadIsland Riptide"
"C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe"="C:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer"
"C:\Program Files\Steam\steamapps\common\Sanctum2Demo\Binaries\Win32\SanctumGame-Win32-Shipping.exe"="C:\Program Files\Steam\steamapps\common\Sanctum2Demo\Binaries\Win32\SanctumGame-Win32-Shipping.exe:*:Enabled:Sanctum 2 Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======List of files/folders created in the last 1 month======

2013-05-18 12:26:15 ----D---- C:\Program Files\trend micro
2013-05-18 12:26:14 ----D---- C:\rsit
2013-05-16 00:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2820197$
2013-05-16 00:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2829361$
2013-05-11 23:05:59 ----D---- C:\Program Files\Common Files\DivX Shared
2013-05-11 23:04:23 ----D---- C:\Program Files\DivX
2013-05-11 23:02:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2013-05-11 22:54:38 ----D---- C:\Program Files\XviD
2013-05-07 23:02:21 ----D---- C:\Program Files\Dead Island Riptide
2013-05-03 10:50:04 ----D---- C:\Program Files\Common Files\Skype
2013-05-03 10:47:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2013-05-02 17:47:14 ----A---- C:\Documents and Settings\All Users\Data aplikací\LaunchURL.bat
2013-05-02 17:45:34 ----A---- C:\WINDOWS\system32\drivers\AtihdXP3.sys
2013-05-02 17:43:14 ----D---- C:\AMD
2013-05-02 17:23:06 ----D---- C:\Program Files\Common Files\Java
2013-05-02 16:58:57 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-05-02 16:58:57 ----A---- C:\WINDOWS\system32\javaw.exe
2013-05-02 16:58:57 ----A---- C:\WINDOWS\system32\java.exe
2013-04-21 19:04:08 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 month======

2013-05-18 12:26:15 ----RD---- C:\Program Files
2013-05-18 12:26:12 ----D---- C:\WINDOWS\Prefetch
2013-05-18 12:15:16 ----D---- C:\Documents and Settings\Adam\Data aplikací\Skype
2013-05-18 12:11:38 ----D---- C:\WINDOWS\Temp
2013-05-18 12:08:14 ----D---- C:\WINDOWS\system32\CatRoot2
2013-05-18 12:05:42 ----D---- C:\Program Files\Steam
2013-05-17 18:19:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-05-16 11:19:43 ----RSD---- C:\WINDOWS\assembly
2013-05-16 11:18:53 ----D---- C:\WINDOWS\Microsoft.NET
2013-05-16 11:12:58 ----D---- C:\WINDOWS
2013-05-16 11:12:01 ----D---- C:\WINDOWS\system32
2013-05-16 00:43:24 ----SHD---- C:\WINDOWS\Installer
2013-05-16 00:43:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-05-16 00:42:03 ----HD---- C:\WINDOWS\inf
2013-05-16 00:42:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-05-16 00:42:00 ----D---- C:\Program Files\Internet Explorer
2013-05-16 00:41:35 ----D---- C:\WINDOWS\ie8updates
2013-05-16 00:41:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-05-16 00:40:49 ----D---- C:\WINDOWS\WinSxS
2013-05-16 00:38:20 ----A---- C:\WINDOWS\imsins.BAK
2013-05-16 00:37:12 ----HD---- C:\WINDOWS\$hf_mig$
2013-05-16 00:34:47 ----A---- C:\WINDOWS\system32\MRT.exe
2013-05-15 21:01:48 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-05-13 22:24:38 ----D---- C:\WINDOWS\system32\config
2013-05-13 16:50:57 ----D---- C:\Shoty
2013-05-11 23:05:59 ----D---- C:\Program Files\Common Files
2013-05-07 06:22:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-05-03 20:14:36 ----D---- C:\Documents and Settings\Adam\Data aplikací\HLSW
2013-05-03 10:52:02 ----D---- C:\Documents and Settings\Adam\Data aplikací\Origin
2013-05-03 10:51:49 ----D---- C:\Program Files\Origin
2013-05-03 10:50:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Origin
2013-05-03 10:50:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-05-03 10:50:04 ----RD---- C:\Program Files\Skype
2013-05-02 17:46:49 ----D---- C:\Program Files\ATI Technologies
2013-05-02 17:45:39 ----D---- C:\WINDOWS\system32\drivers
2013-05-02 17:45:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-05-02 17:45:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-05-02 16:58:57 ----D---- C:\Program Files\Java
2013-04-21 00:19:42 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-31 25256]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2012-03-07 24408]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-10-31 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-31 738504]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-31 361032]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-31 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-05-20 218688]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-31 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-31 97608]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-08-10 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-08-10 25888]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2013-04-11 6850048]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-05-14 103040]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-07-28 6108776]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RT61;Ovislink WT-2000PCI Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2009-09-07 504320]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-01-14 277352]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-11-19 25280]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2010-05-24 4003008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;WinUSB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2013-04-11 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-31 44808]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2009-12-02 68136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-04-04 181664]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-06-23 76888]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe [2008-07-10 69632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-08-29 496128]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-20 136176]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-12-21 541760]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Prosím o kontrolu

Napsal: 18 kvě 2013 12:27
od Roli
Zdravím, tohle fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Adam.exe

Fix znamená že spustíš HJT Obrázek jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

Cyberlink RichVideo Service(CRVS)

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo dole klikni na Search.

Po té proběhne sken a po jeho skončení na Tebe vypadne log, který mi sem zkopíruj.

Re: Prosím o kontrolu

Napsal: 18 kvě 2013 21:27
od adamhol.
# AdwCleaner v2.301 - Log vytvooen 18/05/2013 v 22:25:26
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Adam - ADAM-PC
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Adam\Dokumenty\Downloads\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Documents and Settings\Adam\Data aplikací\dvdvideosoftiehelpers
Složka Nalezeno : C:\Documents and Settings\Adam\Data aplikací\PriceGong
Složka Nalezeno : C:\Documents and Settings\Adam\Local Settings\Data aplikací\Conduit
Složka Nalezeno : C:\Documents and Settings\Adam\Local Settings\Data aplikací\DVDVideoSoftTB
Složka Nalezeno : C:\Documents and Settings\Adam\Local Settings\Data aplikací\DVDVideoSoftTB
Složka Nalezeno : C:\Program Files\Conduit
Složka Nalezeno : C:\Program Files\DAEMON Tools Toolbar
Složka Nalezeno : C:\Program Files\DVDVideoSoftTB
Složka Nalezeno : C:\Program Files\DVDVideoSoftTB
Soubor Nalezeno : C:\END

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\ConduitSearchScopes
Klíe Nalezeno : HKCU\Software\DVDVideoSoftTB
Klíe Nalezeno : HKCU\Software\DVDVideoSoftTB
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKCU\Software\PriceGong
Klíe Nalezeno : HKCU\Software\SmartBar
Klíe Nalezeno : HKCU\Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\Software\DVDVideoSoftTB
Klíe Nalezeno : HKLM\Software\DVDVideoSoftTB
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75EA2869-83AE-40C1-A2CB-4C627E7EAC77}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B05BA3D1-8FF5-4DD1-8BE7-39F5A6276792}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Klíe Nalezeno : HKLM\Software\PIP
Klíe Nalezeno : HKU\S-1-5-21-1659004503-2147121105-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíe Nalezeno : HKU\S-1-5-21-1659004503-2147121105-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Documents and Settings\Adam\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [6350 octets] - [18/05/2013 22:25:26]

########## EOF - C:\AdwCleaner[R1].txt - [6410 octets] ##########

Re: Prosím o kontrolu

Napsal: 18 kvě 2013 21:46
od Roli
Znovu spusť AdwCleaner ale tentokrát klikni na Delete,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té na Tebe opět vypadne log který mi sem zkopíruj.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

Re: Prosím o kontrolu

Napsal: 19 kvě 2013 20:34
od adamhol.
log z adwcleaneru:

# AdwCleaner v2.301 - Log vytvooen 19/05/2013 v 20:54:30
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Adam - ADAM-PC
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Adam\Dokumenty\Downloads\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Documents and Settings\Adam\Data aplikací\dvdvideosoftiehelpers
Složka Vymazáno : C:\Documents and Settings\Adam\Data aplikací\PriceGong
Složka Vymazáno : C:\Documents and Settings\Adam\Local Settings\Data aplikací\Conduit
Složka Vymazáno : C:\Documents and Settings\Adam\Local Settings\Data aplikací\DVDVideoSoftTB
Složka Vymazáno : C:\Program Files\Conduit
Složka Vymazáno : C:\Program Files\DAEMON Tools Toolbar
Složka Vymazáno : C:\Program Files\DVDVideoSoftTB
Soubor Vymazáno : C:\END

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\ConduitSearchScopes
Klíe Vymazáno : HKCU\Software\DVDVideoSoftTB
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Vymazáno : HKCU\Software\PIP
Klíe Vymazáno : HKCU\Software\PriceGong
Klíe Vymazáno : HKCU\Software\SmartBar
Klíe Vymazáno : HKCU\Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\Software\DVDVideoSoftTB
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75EA2869-83AE-40C1-A2CB-4C627E7EAC77}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B05BA3D1-8FF5-4DD1-8BE7-39F5A6276792}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Klíe Vymazáno : HKLM\Software\PIP

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry jsou eisté.

-\\ Google Chrome v26.0.1410.64

Soubor : C:\Documents and Settings\Adam\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [6479 octets] - [18/05/2013 22:25:26]
AdwCleaner[S1].txt - [4857 octets] - [19/05/2013 20:54:30]

########## EOF - C:\AdwCleaner[S1].txt - [4917 octets] ##########

log z combofixu:

ComboFix 13-05-18.04 - Adam 19.05.2013 21:14:02.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.1559 [GMT 2:00]
Spuštěný z: c:\documents and settings\Adam\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ss
c:\program files\ss\config.ini
c:\program files\ss\ScreenShots.exe
c:\program files\ss\sounds\ftp_error.wav
c:\program files\ss\sounds\ftp_sent.wav
c:\program files\ss\sounds\ss_taken.wav
c:\program files\ss\Uninstall.exe
C:\Thumbs.db
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\frapsvid.dll
c:\windows\system32\ijl11.dll
c:\windows\system32\roboot.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp227.tmp
c:\windows\system32\tmp228.tmp
c:\windows\system32\vbpng1.dll
c:\windows\WindowsUpdate.log . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-19 do 2013-05-19 )))))))))))))))))))))))))))))))
.
.
2013-05-19 11:58 . 2013-05-19 11:58 -------- d-----w- C:\02945de5f03c01509d16a9
2013-05-18 10:26 . 2013-05-18 20:13 -------- d-----w- c:\program files\trend micro
2013-05-18 10:26 . 2013-05-18 10:26 -------- d-----w- C:\rsit
2013-05-11 21:05 . 2013-05-11 21:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2013-05-11 21:04 . 2013-05-11 21:06 -------- d-----w- c:\program files\DivX
2013-05-11 21:02 . 2013-05-11 21:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2013-05-11 20:54 . 2013-05-11 20:54 -------- d-----w- c:\program files\XviD
2013-05-07 21:02 . 2013-05-18 20:23 -------- d-----w- c:\program files\Dead Island Riptide
2013-05-03 08:50 . 2013-05-03 08:50 -------- d-----w- c:\program files\Common Files\Skype
2013-05-03 08:47 . 2013-05-03 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2013-05-02 15:47 . 2013-05-02 15:47 143 ----a-w- c:\documents and settings\All Users\Data aplikací\LaunchURL.bat
2013-05-02 15:45 . 2012-05-14 06:12 103040 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2013-05-02 15:43 . 2013-05-02 15:43 -------- d-----w- C:\AMD
2013-05-02 15:23 . 2013-05-02 15:23 -------- d-----w- c:\program files\Common Files\Java
2013-05-02 14:58 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 19:20 . 2011-05-18 12:21 17488 ----a-w- c:\windows\gdrv.sys
2013-05-15 19:01 . 2012-03-30 12:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 19:01 . 2011-05-18 12:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26 . 2008-04-14 11:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2008-04-14 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2008-04-14 11:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 17:56 . 2011-05-18 12:38 71192 ----a-w- c:\windows\system32\atimpc32.dll
2013-04-11 17:56 . 2011-05-18 12:38 71192 ----a-w- c:\windows\system32\amdpcom32.dll
2013-04-11 17:54 . 2011-05-18 12:38 6850048 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2013-04-11 17:45 . 2011-05-18 12:38 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2013-04-11 17:44 . 2011-05-18 12:38 306176 ----a-w- c:\windows\system32\ati2dvag.dll
2013-04-11 17:22 . 2011-05-18 12:38 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2013-04-11 17:22 . 2011-05-18 12:38 163840 ----a-w- c:\windows\system32\Oemdspif.dll
2013-04-11 17:22 . 2011-05-18 12:38 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2013-04-11 17:22 . 2011-05-18 12:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-04-11 17:22 . 2011-05-18 12:38 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2013-04-11 17:20 . 2011-05-18 12:38 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2013-04-11 17:19 . 2011-05-18 12:38 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2013-04-11 17:05 . 2011-05-18 12:38 4844064 ----a-w- c:\windows\system32\ati3duag.dll
2013-04-11 16:49 . 2011-05-18 12:38 18964480 ----a-w- c:\windows\system32\atioglxx.dll
2013-04-11 16:43 . 2011-05-18 12:38 2380672 ----a-w- c:\windows\system32\ativvaxx.dll
2013-04-11 16:43 . 2011-05-18 12:38 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2013-04-11 16:27 . 2011-05-18 12:38 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-04-11 16:23 . 2011-05-18 12:38 929792 ----a-w- c:\windows\system32\atikvmag.dll
2013-04-11 16:18 . 2011-05-18 12:38 245760 ----a-w- c:\windows\system32\atiadlxx.dll
2013-04-11 16:18 . 2011-05-18 12:38 17408 ----a-w- c:\windows\system32\atitvo32.dll
2013-04-11 16:17 . 2011-05-18 12:38 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-04-11 16:15 . 2011-05-18 12:38 495616 ----a-w- c:\windows\system32\atiok3x2.dll
2013-04-11 16:13 . 2011-05-18 12:38 663552 ----a-w- c:\windows\system32\ati2cqag.dll
2013-04-03 19:06 . 2011-05-22 09:03 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-03 19:05 . 2011-05-22 09:03 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-03 19:05 . 2011-05-22 09:03 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-01 12:29 . 2011-05-22 09:03 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-09 12:24 . 2012-08-11 16:48 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-09 12:24 . 2011-05-20 19:25 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2008-04-14 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 11:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:58 . 2011-05-17 15:23 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-03 . 959B66A9B529BA5C4B1B973F1FCD98EE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="c:\program files\Steam\steam.exe" [2013-05-03 1635752]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-08-29 3318784]
"EADM"="c:\program files\Origin\Origin.exe" [2013-03-21 3497552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-11 98304]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-2-8 409088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Ubisoft\\Driver San Francisco\\Driver.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 2070\\InitEngine.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 2070\\AutoPatcher.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 2070\\Anno5.exe"=
"c:\\Program Files\\Kalypso Media\\Tropico 4\\Tropico4.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\Shogun2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\data\\encyclopedia\\how_to_play.html"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_current_settings.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_specify_properties.bat"=
"c:\\Program Files\\Steam\\steamapps\\skratchy78\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Sanctum2Demo\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57453:TCP"= 57453:TCP:Pando Media Booster
"57453:UDP"= 57453:UDP:Pando Media Booster
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [22.4.2012 23:21 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.5.2011 20:42 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.5.2011 20:42 361032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.5.2011 22:56 218688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.8.2011 23:07 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.5.2011 20:42 21256]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [18.5.2011 14:27 68136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2.5.2013 17:45 103040]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 12:06 21632]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.5.2011 14:07 1691480]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 19:32 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:01]
.
2013-05-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-19 22:50]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 18:42]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 18:42]
.
2013-05-19 c:\windows\Tasks\User_Feed_Synchronization-{9886FE72-8840-4760-9894-CB596EA7C123}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: mojebanka.cz
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-19 21:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1028)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Ovislink\Common\RalinkRegistryWriter.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2013-05-19 21:30:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-19 19:30
.
Před spuštěním: Volných bajtů: 296 411 045 888
Po spuštění: Volných bajtů: 296 765 878 272
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 7CC1711025C7282E72D4280624336529

Re: Prosím o kontrolu

Napsal: 19 kvě 2013 20:57
od Roli
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Registry:: 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57453:TCP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57453:UDP"=-
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Re: Prosím o kontrolu

Napsal: 20 kvě 2013 15:39
od adamhol.
ComboFix 13-05-18.04 - Adam 20.05.2013 16:28:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.1418 [GMT 2:00]
Spuštěný z: c:\documents and settings\Adam\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Adam\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-20 do 2013-05-20 )))))))))))))))))))))))))))))))
.
.
2013-05-19 11:58 . 2013-05-19 11:58 -------- d-----w- C:\02945de5f03c01509d16a9
2013-05-18 10:26 . 2013-05-18 20:13 -------- d-----w- c:\program files\trend micro
2013-05-18 10:26 . 2013-05-18 10:26 -------- d-----w- C:\rsit
2013-05-11 21:05 . 2013-05-11 21:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2013-05-11 21:04 . 2013-05-11 21:06 -------- d-----w- c:\program files\DivX
2013-05-11 21:02 . 2013-05-11 21:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2013-05-11 20:54 . 2013-05-11 20:54 -------- d-----w- c:\program files\XviD
2013-05-07 21:02 . 2013-05-18 20:23 -------- d-----w- c:\program files\Dead Island Riptide
2013-05-03 08:50 . 2013-05-03 08:50 -------- d-----w- c:\program files\Common Files\Skype
2013-05-03 08:47 . 2013-05-03 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2013-05-02 15:47 . 2013-05-02 15:47 143 ----a-w- c:\documents and settings\All Users\Data aplikací\LaunchURL.bat
2013-05-02 15:45 . 2012-05-14 06:12 103040 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2013-05-02 15:43 . 2013-05-02 15:43 -------- d-----w- C:\AMD
2013-05-02 15:23 . 2013-05-02 15:23 -------- d-----w- c:\program files\Common Files\Java
2013-05-02 14:58 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-20 13:49 . 2011-05-18 12:21 17488 ----a-w- c:\windows\gdrv.sys
2013-05-15 19:01 . 2012-03-30 12:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 19:01 . 2011-05-18 12:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26 . 2008-04-14 11:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2008-04-14 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2008-04-14 11:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 17:56 . 2011-05-18 12:38 71192 ----a-w- c:\windows\system32\atimpc32.dll
2013-04-11 17:56 . 2011-05-18 12:38 71192 ----a-w- c:\windows\system32\amdpcom32.dll
2013-04-11 17:54 . 2011-05-18 12:38 6850048 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2013-04-11 17:45 . 2011-05-18 12:38 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2013-04-11 17:44 . 2011-05-18 12:38 306176 ----a-w- c:\windows\system32\ati2dvag.dll
2013-04-11 17:22 . 2011-05-18 12:38 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2013-04-11 17:22 . 2011-05-18 12:38 163840 ----a-w- c:\windows\system32\Oemdspif.dll
2013-04-11 17:22 . 2011-05-18 12:38 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2013-04-11 17:22 . 2011-05-18 12:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-04-11 17:22 . 2011-05-18 12:38 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2013-04-11 17:20 . 2011-05-18 12:38 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2013-04-11 17:19 . 2011-05-18 12:38 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2013-04-11 17:05 . 2011-05-18 12:38 4844064 ----a-w- c:\windows\system32\ati3duag.dll
2013-04-11 16:49 . 2011-05-18 12:38 18964480 ----a-w- c:\windows\system32\atioglxx.dll
2013-04-11 16:43 . 2011-05-18 12:38 2380672 ----a-w- c:\windows\system32\ativvaxx.dll
2013-04-11 16:43 . 2011-05-18 12:38 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2013-04-11 16:27 . 2011-05-18 12:38 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-04-11 16:23 . 2011-05-18 12:38 929792 ----a-w- c:\windows\system32\atikvmag.dll
2013-04-11 16:18 . 2011-05-18 12:38 245760 ----a-w- c:\windows\system32\atiadlxx.dll
2013-04-11 16:18 . 2011-05-18 12:38 17408 ----a-w- c:\windows\system32\atitvo32.dll
2013-04-11 16:17 . 2011-05-18 12:38 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-04-11 16:15 . 2011-05-18 12:38 495616 ----a-w- c:\windows\system32\atiok3x2.dll
2013-04-11 16:13 . 2011-05-18 12:38 663552 ----a-w- c:\windows\system32\ati2cqag.dll
2013-04-03 19:06 . 2011-05-22 09:03 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-03 19:05 . 2011-05-22 09:03 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-03 19:05 . 2011-05-22 09:03 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-01 12:29 . 2011-05-22 09:03 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-09 12:24 . 2012-08-11 16:48 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-09 12:24 . 2011-05-20 19:25 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2008-04-14 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 11:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:58 . 2011-05-17 15:23 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-03 . 959B66A9B529BA5C4B1B973F1FCD98EE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="c:\program files\Steam\steam.exe" [2013-05-03 1635752]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-08-29 3318784]
"EADM"="c:\program files\Origin\Origin.exe" [2013-03-21 3497552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-11 98304]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2012-2-8 409088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Ubisoft\\Driver San Francisco\\Driver.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 2070\\InitEngine.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 2070\\AutoPatcher.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 2070\\Anno5.exe"=
"c:\\Program Files\\Kalypso Media\\Tropico 4\\Tropico4.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\Shogun2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\data\\encyclopedia\\how_to_play.html"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_current_settings.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2\\benchmarks\\benchmark_specify_properties.bat"=
"c:\\Program Files\\Steam\\steamapps\\skratchy78\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Sanctum2Demo\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [22.4.2012 23:21 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.5.2011 20:42 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.5.2011 20:42 361032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.5.2011 22:56 218688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.8.2011 23:07 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.5.2011 20:42 21256]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [18.5.2011 14:27 68136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2.5.2013 17:45 103040]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 12:06 21632]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.5.2011 14:07 1691480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 19:32 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:01]
.
2013-05-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-19 22:50]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 18:42]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 18:42]
.
2013-05-20 c:\windows\Tasks\User_Feed_Synchronization-{9886FE72-8840-4760-9894-CB596EA7C123}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: mojebanka.cz
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-20 16:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3428)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-05-20 16:38:10
ComboFix-quarantined-files.txt 2013-05-20 14:38
ComboFix2.txt 2013-05-19 19:30
.
Před spuštěním: Volných bajtů: 293 186 310 144
Po spuštění: Volných bajtů: 293 169 704 960
.
- - End Of File - - A298BDC15101062053C92ADFDF22878E

Re: Prosím o kontrolu

Napsal: 20 kvě 2013 17:41
od Roli
Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !

Re: Prosím o kontrolu

Napsal: 23 kvě 2013 18:55
od adamhol.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Adam :: ADAM-PC [administrátor]

23.5.2013 19:41:28
MBAM-log-2013-05-23 (19-53-56).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 202525
Uplynulý čas: 11 minut, 49 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Documents and Settings\Adam\Dokumenty\Downloads\ScreenShots.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Adam\Dokumenty\Downloads\repairsetup.exe (Rogue.ErrorRepairProfessional) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Adam\Dokumenty\Downloads\Test-My-Hardware_3.0.exe (Rogue.ErrorRepairProfessional) -> Nebyla provedena žádná instrukce.

(konec)

Re: Prosím o kontrolu

Napsal: 23 kvě 2013 21:32
od Roli
No pokud to vyloženě nutně nepotřebuješ asi bych vše nechal smazat.

Pak mi sem dej zase log který na Tebe vypadne a písní jaký je stav PC.

Re: Prosím o kontrolu

Napsal: 26 kvě 2013 11:33
od adamhol.
Pc už je rychlejěí,aůe stejně budu muset promazat nějaký ty gigabyty :) Děkuju za pomoc ;)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Adam :: ADAM-PC [administrátor]

26.5.2013 12:23:20
mbam-log-2013-05-26 (12-23-20).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 202923
Uplynulý čas: 6 minut, 34 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Documents and Settings\Adam\Dokumenty\Downloads\ScreenShots.exe (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Adam\Dokumenty\Downloads\repairsetup.exe (Rogue.ErrorRepairProfessional) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Adam\Dokumenty\Downloads\Test-My-Hardware_3.0.exe (Rogue.ErrorRepairProfessional) -> Přesun do karantény a smazání se zdařilo.

(konec)

Re: Prosím o kontrolu

Napsal: 26 kvě 2013 17:40
od Roli
adamhol. píše:Pc už je rychlejěí,aůe stejně budu muset promazat nějaký ty gigabyty :)
Až to promažeš tak by nebylo od věci defragmentovat disk buď integrovaným windows nástrojem,

nebo jinou aplikací, například Defragglerem
adamhol. píše:Děkuju za pomoc ;)
Není zač a :closed:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz