VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vi nekdo co to je?

https://forum.viry.cz:443/viewtopic.php?t=135222

Stránka 1 z 2

Vi nekdo co to je?

Napsal: 05 led 2014 05:17
od Trubecka
Zdravim, SpyBot mi detekuje soubor

------------------------
--- Search result list ---
Win32.LoadMoney: [SBI $B809360C] Data (Soubor, fixed)
C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}\{9bed5ee2-0547-4706-8600-d3897629ade0}
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.LoadMoney: [SBI $72D3FCD2] Složka programu (Složka, fixed)
C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4D0C-9E5F-43462BC13E3B}\

.....
-----------------------

jako "MalwareC". Ale nejde smazat ani poškodit, sám se po chvíly obnoví do původního stavu. Zkoušel jsem ještě zde doporučovaný "mbar" ale ten nic nenajde. Ví tu někdo co to je, příp. jak to smazat???


Tady je ten log z toho vašeho "logeru":

Logfile of random's system information tool 1.09 (written by random/random)
Run by ****** at 2014-01-05 04:54:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (2%) free of 130 GB
Total RAM: 3071 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:54:50, on 5.1.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zrychleni Pocitace\PCSUService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ICQ7M\ICQ.exe
C:\Program Files\eM Client\MailClient.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Data aplikací\GameRanger\GameRanger\GameRanger.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\******.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vscht.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files\Zrychleni Pocitace\PCSUNotifier.exe
O4 - HKCU\..\Run: [ERGOM DayOrganizer] C:\Program Files\DayOrganizer\dayorganizer.exe /automat
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Exchange Service (ADExchange) - Unknown owner - C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Guard-ICQ\GuardICQ.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files\Zrychleni Pocitace\PCSUService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 8830 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003UA.job
C:\WINDOWS\tasks\PC SpeedUp Service Deactivator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-07-26 2569616]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-12-18 684600]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-12 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"PCSpeedUp"=C:\Program Files\Zrychleni Pocitace\PCSUNotifier.exe [2012-06-05 188680]
"ERGOM DayOrganizer"=C:\Program Files\DayOrganizer\dayorganizer.exe /automat []
"Google Update"=C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-08-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-10-12 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Downloads\starftp.exe"="D:\Downloads\starftp.exe:*:Enabled:Star FTP Server"
"C:\Program Files\Need for Speed Underground 2\SPEED2.EXE"="C:\Program Files\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2"
"C:\Program Files\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\game.exe"="C:\Program Files\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\FlatOut\flatout.exe"="C:\Program Files\FlatOut\flatout.exe:*:Enabled:flatout"
"C:\Program Files\Photobie\Photobie.exe"="C:\Program Files\Photobie\Photobie.exe:*:Enabled:Photobie Design Studio"
"C:\Program Files\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\gamemd.exe"="C:\Program Files\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"
"H:\Photobie\Photobie.exe"="H:\Photobie\Photobie.exe:*:Enabled:Photobie Design Studio"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager"
"C:\Casino\Bwin Casino\casino.exe"="C:\Casino\Bwin Casino\casino.exe:*:Disabled:casino"
"C:\Program Files\IncrediMail\Bin\IncMail.exe"="C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Disabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe"="C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Disabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImApp.exe"="C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Disabled:IncrediMail"
"C:\Program Files\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\mph.exe"="C:\Program Files\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\mph.exe:*:Disabled:mph"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"
"C:\Program Files\Steam\steamapps\common\post apocalyptic mayhem\PAMMainGame.exe"="C:\Program Files\Steam\steamapps\common\post apocalyptic mayhem\PAMMainGame.exe:*:Enabled:Post Apocalyptic Mayhem"
"C:\Program Files\Steam\steamapps\common\Sonic and SEGA All Stars Racing\Sonic & SEGA All-Stars Racing.exe"="C:\Program Files\Steam\steamapps\common\Sonic and SEGA All Stars Racing\Sonic & SEGA All-Stars Racing.exe:*:Enabled:Sonic and SEGA All Stars Racing"
"C:\Program Files\Steam\steamapps\common\Sonic and SEGA All Stars Racing\Config.exe"="C:\Program Files\Steam\steamapps\common\Sonic and SEGA All Stars Racing\Config.exe:*:Enabled:Sonic and SEGA All Stars Racing"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Disabled:Winamp"
"C:\Program Files Selfinstall\Star FTP\starftp.exe"="C:\Program Files Selfinstall\Star FTP\starftp.exe:*:Enabled:Star FTP Server"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client"
"C:\Program Files\ViRC\ViRC.exe"="C:\Program Files\ViRC\ViRC.exe:*:Enabled:Visual IRC Client"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Documents and Settings\******\Data aplikací\GameRanger\GameRanger\GameRanger.exe"="C:\Documents and Settings\******\Data aplikací\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger"
"D:\Downloads\DTS-HD_Master_Audio_Suite_Encoder_2.50.20_Portable\DTS-HD Master Audio Suite Encoder 2.50.20 Portable\DTS-HD Master Audio Suite Encoder 2.50.20 Portable.exe"="D:\Downloads\DTS-HD_Master_Audio_Suite_Encoder_2.50.20_Portable\DTS-HD Master Audio Suite Encoder 2.50.20 Portable\DTS-HD Master Audio Suite Encoder 2.50.20 Portable.exe:*:Disabled:DTS-HD Master Audio Suite Encoder 2.50.20 Portable"
"C:\Program Files Selfinstall\DTS-HD_Master_Audio_Suite_Encoder_2.50.20_Portable\DTS-HD Master Audio Suite Encoder 2.50.20 Portable\DTS-HD Master Audio Suite Encoder 2.50.20 Portable.exe"="C:\Program Files Selfinstall\DTS-HD_Master_Audio_Suite_Encoder_2.50.20_Portable\DTS-HD Master Audio Suite Encoder 2.50.20 Portable\DTS-HD Master Audio Suite Encoder 2.50.20 Portable.exe:*:Disabled:DTS-HD Master Audio Suite Encoder 2.50.20 Portable"
"C:\Program Files\Tunngle\tnglctrl.exe"="C:\Program Files\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service"
"C:\Program Files\Tunngle\tunngle.exe"="C:\Program Files\Tunngle\tunngle.exe:*:Enabled:Tunngle Client"
"C:\Program Files\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe"="C:\Program Files\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe:*:Disabled:TM Server Application"
"C:\BD-WRITE\COD 4\iw3mp.exe"="C:\BD-WRITE\COD 4\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files Selfinstall\COD 4\iw3mp.exe"="C:\Program Files Selfinstall\COD 4\iw3mp.exe:*:Enabled:iw3mp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=ac3acm.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"VIDC.FMVC"=fmcodec.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.WMV3"=wmv9vcm.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.LAGS"=lagarith.dll
"msacm.lameacm"=lameACM.acm
"VIDC.FPS1"=frapsvid.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-01-05 04:54:39 ----D---- C:\rsit
2013-12-31 19:34:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2013-12-31 19:31:02 ----D---- C:\Program Files\AMD APP
2013-12-31 19:30:09 ----D---- C:\Program Files\ATI Technologies
2013-12-30 18:49:28 ----D---- C:\Program Files\trend micro
2013-12-29 19:14:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-12-29 19:14:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2013-12-29 19:14:24 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2013-12-29 19:12:53 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2013-12-29 19:12:49 ----D---- C:\Program Files\MalwareAR
2013-12-17 14:47:52 ----D---- C:\AMD

======List of files/folders modified in the last 1 month======

2014-01-05 04:54:45 ----D---- C:\WINDOWS\Prefetch
2014-01-05 04:54:44 ----D---- C:\WINDOWS\Temp
2014-01-05 04:46:43 ----D---- C:\Documents and Settings\******\Data aplikací\Tunngle
2014-01-05 00:19:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Tunngle
2014-01-05 00:18:26 ----D---- C:\Program Files\Zrychleni Pocitace
2014-01-04 21:26:56 ----D---- C:\Documents and Settings\******\Data aplikací\ICQ
2014-01-04 16:06:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-01-04 11:24:52 ----D---- C:\WINDOWS\system32\config
2014-01-04 05:01:15 ----D---- C:\WINDOWS\system32
2014-01-04 05:01:14 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2014-01-02 01:47:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2013-12-31 19:35:00 ----AD---- C:\WINDOWS
2013-12-31 19:31:02 ----SHD---- C:\WINDOWS\Installer
2013-12-31 19:31:02 ----AD---- C:\Program Files
2013-12-31 19:30:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-12-31 19:30:26 ----D---- C:\WINDOWS\system32\drivers
2013-12-31 19:30:22 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-12-31 19:30:18 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-31 19:22:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-12-31 19:22:33 ----HD---- C:\WINDOWS\inf
2013-12-28 23:29:11 ----D---- C:\Program Files\PhotoScape
2013-12-26 17:27:47 ----D---- C:\WINDOWS\system32\NtmsData
2013-12-26 16:45:20 ----D---- C:\WINDOWS\Registration
2013-12-25 05:05:12 ----D---- C:\Program Files\SpeedFan
2013-12-21 18:47:26 ----D---- C:\Program Files\FlatOut2
2013-12-21 18:47:26 ----D---- C:\DOWNLOADS-Movies
2013-12-12 17:20:03 ----D---- C:\WINDOWS\Microsoft.NET
2013-12-12 16:30:54 ----RSD---- C:\WINDOWS\assembly
2013-12-12 16:28:27 ----D---- C:\Program Files\eM Client
2013-12-11 17:24:36 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-06 06:05:12 ----D---- C:\BD-WRITE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 mv614x;mv614x; C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-02-16 35200]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\system32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\system32\drivers\sfsync04.sys [2006-08-11 59776]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2012-12-29 24184]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2013-12-18 135648]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2013-08-14 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2013-12-18 90400]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver; C:\WINDOWS\system32\DRIVERS\thdudf.sys [2012-01-10 66944]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2010-07-22 108480]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-10-12 7206400]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2010-03-18 99416]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2010-03-18 511064]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2010-03-18 528472]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2010-03-18 555096]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2010-03-18 14424]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2010-03-18 566360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2010-03-18 157272]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2010-03-18 92760]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2010-03-18 798808]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2010-03-18 189528]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2010-03-18 127576]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-03-24 244608]
S1 ArcCtrl;ArcCtrl; C:\WINDOWS\system32\drivers\ArcCtrl.sys []
S3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys []
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2011-08-08 100368]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2010-03-18 99416]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2010-03-18 555096]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2010-03-18 347144]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2010-03-18 100952]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2010-03-18 566360]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2012-02-18 25280]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2010-03-18 162904]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
S3 SkLaggProtocol;SysKonnect Link Aggregation Protocol (LAGG) Support; C:\WINDOWS\system32\DRIVERS\yk51lagg.sys []
S3 SkVlanProtocol;SysKonnect Virtual LAN (VLAN) Support; C:\WINDOWS\system32\DRIVERS\skvlan.sys [2005-11-30 19328]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-11-14 440376]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-12-18 440376]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-10-12 643072]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2010-02-12 286720]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [2012-07-05 1564368]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-10-08 182696]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 PCSUService;PC Speed Up Service; C:\Program Files\Zrychleni Pocitace\PCSUService.exe [2012-06-05 289544]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-11-13 76888]
S2 ADExchange;ArcSoft Exchange Service; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-07-05 358008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-05 79360]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2013-09-03 759192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-12-18 1011768]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: Vi nekdo co to je?

Napsal: 05 led 2014 06:17
od vyosek
Zdravim :)

:arrow: Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: Vi nekdo co to je?

Napsal: 05 led 2014 14:23
od Trubecka
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Microsoft Windows XP x86
Ran by ****** on ne 05.01.2014 at 13:23:19,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] pcsuservice
Successfully deleted: [Service] pcsuservice



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pcspeedup
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1606980848-1123561945-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\Tasks\pc speedup service deactivator.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\******\Data aplikacˇ\opencandy"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 05.01.2014 at 13:25:53,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Vi nekdo co to je?

Napsal: 05 led 2014 14:23
od Trubecka
# AdwCleaner v3.016 - Report created 05/01/2014 at 14:06:21
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ****** - PIXLA-SOPRANO
# Running from : D:\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\******\Dokumenty\PCSpeedUp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Speedchecker Limited
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Google Chrome v

[ File : C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3537 octets] - [05/01/2014 14:02:55]
AdwCleaner[S0].txt - [3516 octets] - [05/01/2014 14:06:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3576 octets] ##########

Re: Vi nekdo co to je?

Napsal: 05 led 2014 21:55
od vyosek
Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: Vi nekdo co to je?

Napsal: 06 led 2014 14:00
od Trubecka
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by ****** (administrator) on PIXLA-SOPRANO on 06-01-2014 13:36:00
Running from C:\Documents and Settings\******\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Guard-ICQ\GuardICQ.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\rapimgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ICQ, LLC.) C:\Program Files\ICQ7M\ICQ.exe
(eM Client, Inc.) C:\Program Files\eM Client\MailClient.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\******\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [Lexmark 1200 Series] - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [57344 2006-07-13] (Lexmark International, Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-10-12] (Advanced Micro Devices, Inc.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKCU\...\Run: [ERGOM DayOrganizer] - C:\Program Files\DayOrganizer\dayorganizer.exe /automat
HKCU\...\Run: [Google Update] - C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [136176 2010-08-19] (Google Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.vscht.cz:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 29 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage: hxxp://www.ask.com/?l=dis&o=15383cr
CHR RestoreOnStartup: "hxxp://www.google.cz/"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\******\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\******\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\******\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\******\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2012-07-05] ()
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2006-04-17] (Lexmark International, Inc.)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2013-11-13] ()
S2 sfrem01; C:\Windows\system32\sfrem01.exe [358008 2006-07-05] (Protection Technology (StarForce))
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108480 2010-07-22] (SlySoft, Inc.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [100368 2011-08-08] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2010-01-01] (Elaborate Bytes AG)
S3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40704 2001-08-17] (Creative Technology Ltd.)
S3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [798808 2010-03-18] (Creative Technology Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-02-18] (LogMeIn, Inc.)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [162904 2010-03-18] (Creative Technology Ltd)
R3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189528 2010-03-18] (Creative Technology Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R0 mv614x; C:\Windows\System32\DRIVERS\mv614x.sys [35200 2006-02-16] ()
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-10-25] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-25] (Microsoft Corporation)
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
S3 SkVlanProtocol; C:\Windows\System32\DRIVERS\skvlan.sys [19328 2005-11-30] (SysKonnect)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R2 thdudf; C:\Windows\System32\DRIVERS\thdudf.sys [66944 2012-01-10] (TOSHIBA Corporation)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [244608 2006-03-24] (Marvell)
S3 ADIDTSFiltService; system32\drivers\adidts.sys [x]
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [x]
S3 AEAudio; system32\drivers\AEAudio.sys [x]
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [x]
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SenFiltService; system32\drivers\Senfilt.sys [x]
S3 SkLaggProtocol; system32\DRIVERS\yk51lagg.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-06 13:36 - 2014-01-06 13:36 - 00015818 _____ C:\Documents and Settings\******\Plocha\FRST.txt
2014-01-06 13:35 - 2014-01-06 13:35 - 00000000 ____D C:\FRST
2014-01-06 13:33 - 2014-01-06 13:34 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\******\Plocha\FRSTLauncher.exe
2014-01-06 13:30 - 2014-01-06 13:30 - 01064805 _____ (Farbar) C:\Documents and Settings\******\Plocha\FRST.exe
2014-01-05 14:02 - 2014-01-05 14:06 - 00000000 ____D C:\AdwCleaner
2014-01-05 13:23 - 2014-01-05 13:23 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-05 04:54 - 2014-01-05 04:54 - 00000000 ____D C:\rsit
2013-12-31 19:34 - 2013-12-31 19:34 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ATI
2013-12-31 19:31 - 2013-12-31 19:31 - 00000000 ____D C:\Program Files\AMD APP
2013-12-31 19:30 - 2013-12-31 19:30 - 00000000 ____D C:\Program Files\ATI Technologies
2013-12-31 19:30 - 2013-12-31 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Catalyst Control Center
2013-12-30 21:28 - 2013-12-30 21:33 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2013-12-30 18:49 - 2014-01-05 04:54 - 00000000 ____D C:\Program Files\trend micro
2013-12-29 19:14 - 2013-12-29 20:31 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2013-12-29 19:14 - 2013-12-29 20:30 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-29 19:14 - 2013-12-29 19:14 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-12-29 19:12 - 2013-12-29 20:30 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-29 19:12 - 2013-12-29 19:12 - 00000000 ____D C:\Program Files\MalwareAR
2013-12-17 14:47 - 2013-12-17 14:47 - 00000000 ____D C:\AMD
2013-12-14 05:30 - 2013-12-14 05:30 - 00000634 _____ C:\Documents and Settings\******\Plocha\Zástupce - iw3mp.exe.lnk

==================== One Month Modified Files and Folders =======

2014-01-06 13:36 - 2014-01-06 13:36 - 00015818 _____ C:\Documents and Settings\******\Plocha\FRST.txt
2014-01-06 13:36 - 2010-08-19 02:01 - 00000000 ____D C:\Documents and Settings\******\Plocha
2014-01-06 13:35 - 2014-01-06 13:35 - 00000000 ____D C:\FRST
2014-01-06 13:34 - 2014-01-06 13:33 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\******\Plocha\FRSTLauncher.exe
2014-01-06 13:34 - 2010-08-19 02:01 - 00000000 ___HD C:\Documents and Settings\******\Local Settings\Data aplikací
2014-01-06 13:32 - 2010-08-19 04:09 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003UA.job
2014-01-06 13:30 - 2014-01-06 13:30 - 01064805 _____ (Farbar) C:\Documents and Settings\******\Plocha\FRST.exe
2014-01-06 13:24 - 2013-06-29 19:57 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-06 13:13 - 2012-07-05 02:57 - 00000000 ____D C:\Documents and Settings\******\Data aplikací\ICQ
2014-01-06 13:07 - 2010-08-19 01:44 - 00428656 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-06 13:01 - 2010-08-19 03:17 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-06 13:00 - 2010-08-19 03:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-06 13:00 - 2010-08-19 03:35 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-01-06 13:00 - 2010-08-19 01:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-06 04:50 - 2010-08-19 02:01 - 00000178 ___SH C:\Documents and Settings\******\ntuser.ini
2014-01-06 04:50 - 2010-08-19 01:51 - 00032442 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-06 03:15 - 2012-05-12 16:10 - 00000000 ____D C:\Documents and Settings\******\Data aplikací\Tunngle
2014-01-06 02:33 - 2013-09-19 00:24 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Tunngle
2014-01-05 23:12 - 2013-11-20 07:17 - 00074254 _____ C:\WINDOWS\setupapi.log
2014-01-05 14:33 - 2012-05-12 16:14 - 00000000 _____ C:\WINDOWS\system32\Access.dat
2014-01-05 14:06 - 2014-01-05 14:02 - 00000000 ____D C:\AdwCleaner
2014-01-05 14:06 - 2010-08-19 03:33 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2014-01-05 13:23 - 2014-01-05 13:23 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-05 13:23 - 2010-08-19 02:01 - 00000000 __RHD C:\Documents and Settings\******\Data aplikací
2014-01-05 12:47 - 2012-09-29 06:20 - 00000000 ____D C:\Program Files\Zrychleni Pocitace
2014-01-05 04:54 - 2014-01-05 04:54 - 00000000 ____D C:\rsit
2014-01-05 04:54 - 2013-12-30 18:49 - 00000000 ____D C:\Program Files\trend micro
2014-01-04 19:51 - 2010-08-19 03:32 - 00201049 _____ C:\WINDOWS\setupact.log
2014-01-04 05:01 - 2013-10-29 08:03 - 00281768 _____ C:\WINDOWS\system32\PnkBstrB.xtr
2014-01-04 05:01 - 2013-10-29 08:03 - 00281768 _____ C:\WINDOWS\system32\PnkBstrB.exe
2014-01-04 05:01 - 2013-10-29 08:03 - 00139832 _____ C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2014-01-04 01:35 - 2013-10-29 08:03 - 00281768 _____ C:\WINDOWS\system32\PnkBstrB.ex0
2014-01-02 01:47 - 2012-04-03 11:36 - 00000000 ____D C:\Documents and Settings\******\Local Settings\Data aplikací\Canon Easy-PhotoPrint EX
2014-01-02 01:47 - 2011-02-25 16:34 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2014-01-01 13:14 - 2010-08-19 01:42 - 00056317 _____ C:\WINDOWS\wmsetup.log
2013-12-31 19:34 - 2013-12-31 19:34 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ATI
2013-12-31 19:31 - 2013-12-31 19:31 - 00000000 ____D C:\Program Files\AMD APP
2013-12-31 19:30 - 2013-12-31 19:30 - 00000000 ____D C:\Program Files\ATI Technologies
2013-12-31 19:30 - 2013-12-31 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Catalyst Control Center
2013-12-31 19:30 - 2010-08-19 03:33 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-12-31 19:30 - 2010-08-19 02:29 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-12-31 06:32 - 2010-08-19 04:09 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003Core.job
2013-12-30 21:33 - 2013-12-30 21:28 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2013-12-30 21:28 - 2010-08-19 01:51 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2013-12-29 20:31 - 2013-12-29 19:14 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2013-12-29 20:30 - 2013-12-29 19:14 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-29 20:30 - 2013-12-29 19:12 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-29 19:29 - 2010-08-19 03:33 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-12-29 19:14 - 2013-12-29 19:14 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-12-29 19:12 - 2013-12-29 19:12 - 00000000 ____D C:\Program Files\MalwareAR
2013-12-29 14:03 - 2011-03-26 18:56 - 00050240 _____ C:\Documents and Settings\******\Local Settings\Data aplikací\SRDownloader.nast
2013-12-29 14:01 - 2011-04-01 02:55 - 01867371 _____ C:\Documents and Settings\******\Local Settings\Data aplikací\SRDownloader.err
2013-12-28 23:29 - 2011-04-01 22:35 - 00000710 _____ C:\Documents and Settings\******\Plocha\PhotoScape.lnk
2013-12-28 23:29 - 2011-04-01 22:35 - 00000000 ____D C:\Program Files\PhotoScape
2013-12-26 17:27 - 2010-08-31 23:48 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-12-26 16:45 - 2010-08-19 01:42 - 00000000 ____D C:\WINDOWS\Registration
2013-12-25 05:05 - 2013-07-06 09:31 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-21 18:47 - 2011-04-28 05:49 - 00000000 ____D C:\DOWNLOADS-Movies
2013-12-21 18:47 - 2010-08-26 03:54 - 00000000 ____D C:\Program Files\FlatOut2
2013-12-18 10:15 - 2013-08-14 08:39 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-18 10:15 - 2013-08-14 08:39 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-17 14:47 - 2013-12-17 14:47 - 00000000 ____D C:\AMD
2013-12-17 09:15 - 2010-08-19 02:01 - 00000000 ___RD C:\Documents and Settings\******\Dokumenty
2013-12-14 05:30 - 2013-12-14 05:30 - 00000634 _____ C:\Documents and Settings\******\Plocha\Zástupce - iw3mp.exe.lnk
2013-12-12 17:20 - 2010-08-19 03:10 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-12 16:28 - 2012-11-16 20:07 - 00000711 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\eM Client.lnk
2013-12-12 16:28 - 2012-06-20 23:24 - 00000000 ____D C:\Program Files\eM Client
2013-12-11 17:24 - 2012-11-06 04:06 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 17:24 - 2011-05-13 20:06 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Documents and Settings\******\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\******\Local Settings\Temp\rtdrvmon.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0108544 ____A (Microsoft Corporation) f0d2ae69035092bf22dad6b50fab85c2

C:\Windows\System32\User32.dll
[2004-08-17 14:49] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2004-08-17 14:49] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\rpcss.dll
[2004-08-17 14:49] - [2008-04-14 07:51] - 0399360 ____A (Microsoft Corporation) c868f3ae15cf71a93f2aa3a32856d839

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-17 14:44] - [2008-04-14 06:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1





===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Work) (Fixed) (Total:126.96 GB) (Free:1.79 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:105.92 GB) (Free:0.51 GB) NTFS
Drive e: (FV25) (CDROM) (Total:4.35 GB) (Free:0 GB) UDF2.5
Drive g: (BD Temp) (Fixed) (Total:152.66 GB) (Free:17.03 GB) NTFS

Available physical RAM: 1672.9 MB
Total physical RAM: 3070.92 MB
Percentage of memory in use: 45%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 153 GB) (Disk ID: F92AF92A)
Partition 1: (Not Active) - (Size=153 GB) - (Type=07 NTFS)
Disk: 1 (Size: 233 GB) (Disk ID: 4C4B653B)
Partition 1: (Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=106 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003Core.job => C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003UA.job => C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\WINDOWS:D54D78431B8232E6
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:98353363

==================== Security Center ==================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\******\Plocha" je 1 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\ICQ7M\\ICQ.exe"="C:\\Program Files\\ICQ7M\\ICQ.exe:*:Enabled:ICQ7M"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Downloads\\starftp.exe"="D:\\Downloads\\starftp.exe:*:Enabled:Star FTP Server"
"C:\\Program Files\\Need for Speed Underground 2\\SPEED2.EXE"="C:\\Program Files\\Need for Speed Underground 2\\SPEED2.EXE:*:Enabled:SPEED2"
"C:\\Program Files\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe"="C:\\Program Files\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\\Program Files\\FlatOut2\\FlatOut2.exe"="C:\\Program Files\\FlatOut2\\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\\Program Files\\FlatOut\\flatout.exe"="C:\\Program Files\\FlatOut\\flatout.exe:*:Enabled:flatout"
"C:\\Program Files\\Photobie\\Photobie.exe"="C:\\Program Files\\Photobie\\Photobie.exe:*:Enabled:Photobie Design Studio"
"C:\\Program Files\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe"="C:\\Program Files\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"
"H:\\Photobie\\Photobie.exe"="H:\\Photobie\\Photobie.exe:*:Enabled:Photobie Design Studio"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager"
"C:\\Casino\\Bwin Casino\\casino.exe"="C:\\Casino\\Bwin Casino\\casino.exe:*:Disabled:casino"
"C:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\Bin\\IncMail.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\Bin\\ImApp.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\mph.exe"="C:\\Program Files\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\mph.exe:*:Disabled:mph"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ7M\\ICQ.exe"="C:\\Program Files\\ICQ7M\\ICQ.exe:*:Enabled:ICQ7M"
"C:\\Program Files\\Steam\\steamapps\\common\\post apocalyptic mayhem\\PAMMainGame.exe"="C:\\Program Files\\Steam\\steamapps\\common\\post apocalyptic mayhem\\PAMMainGame.exe:*:Enabled:Post Apocalyptic Mayhem"
"C:\\Program Files\\Steam\\steamapps\\common\\Sonic and SEGA All Stars Racing\\Sonic & SEGA All-Stars Racing.exe"="C:\\Program Files\\Steam\\steamapps\\common\\Sonic and SEGA All Stars Racing\\Sonic & SEGA All-Stars Racing.exe:*:Enabled:Sonic and SEGA All Stars Racing"
"C:\\Program Files\\Steam\\steamapps\\common\\Sonic and SEGA All Stars Racing\\Config.exe"="C:\\Program Files\\Steam\\steamapps\\common\\Sonic and SEGA All Stars Racing\\Config.exe:*:Enabled:Sonic and SEGA All Stars Racing"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Disabled:Winamp"
"C:\\Program Files Selfinstall\\Star FTP\\starftp.exe"="C:\\Program Files Selfinstall\\Star FTP\\starftp.exe:*:Enabled:Star FTP Server"
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\ViRC\\ViRC.exe"="C:\\Program Files\\ViRC\\ViRC.exe:*:Enabled:Visual IRC Client"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\\Documents and Settings\\******\\Data aplikac\\GameRanger\\GameRanger\\GameRanger.exe"="C:\\Documents and Settings\\******\\Data aplikac\\GameRanger\\GameRanger\\GameRanger.exe:*:Enabled:GameRanger"
"D:\\Downloads\\DTS-HD_Master_Audio_Suite_Encoder_2.50.20_Portable\\DTS-HD Master Audio Suite Encoder 2.50.20 Portable\\DTS-HD Master Audio Suite Encoder 2.50.20 Portable.exe"="D:\\Downloads\\DTS-HD_Master_Audio_Suite_Encoder_2.50.20_Portable\\DTS-HD Master Audio Suite Encoder 2.50.20 Portable\\DTS-HD Master Audio Suite Encoder 2.50.20 Portable.exe:*:Disabled:DTS-HD Master Audio Suite Encoder 2.50.20 Portable"
"C:\\Program Files Selfinstall\\DTS-HD_Master_Audio_Suite_Encoder_2.50.20_Portable\\DTS-HD Master Audio Suite Encoder 2.50.20 Portable\\DTS-HD Master Audio Suite Encoder 2.50.20 Portable.exe"="C:\\Program Files Selfinstall\\DTS-HD_Master_Audio_Suite_Encoder_2.50.20_Portable\\DTS-HD Master Audio Suite Encoder 2.50.20 Portable\\DTS-HD Master Audio Suite Encoder 2.50.20 Portable.exe:*:Disabled:DTS-HD Master Audio Suite Encoder 2.50.20 Portable"
"C:\\Program Files\\Tunngle\\tnglctrl.exe"="C:\\Program Files\\Tunngle\\tnglctrl.exe:*:Enabled:Tunngle Service"
"C:\\Program Files\\Tunngle\\tunngle.exe"="C:\\Program Files\\Tunngle\\tunngle.exe:*:Enabled:Tunngle Client"
"C:\\Program Files\\ArcSoft\\TotalMedia Theatre 6\\TotalMedia Server\\TM Server.exe"="C:\\Program Files\\ArcSoft\\TotalMedia Theatre 6\\TotalMedia Server\\TM Server.exe:*:Disabled:TM Server Application"
"C:\\BD-WRITE\\COD 4\\iw3mp.exe"="C:\\BD-WRITE\\COD 4\\iw3mp.exe:*:Enabled:iw3mp"
"C:\\Program Files Selfinstall\\COD 4\\iw3mp.exe"="C:\\Program Files Selfinstall\\COD 4\\iw3mp.exe:*:Enabled:iw3mp"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Vi nekdo co to je?

Napsal: 06 led 2014 14:04
od Trubecka
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by ****** at 2014-01-06 13:52:59
Running from C:\Documents and Settings\******\Plocha
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Czech (Version: 10.1.4 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AnyDVD (Version: 6.6.8.3 - SlySoft)
aTube Catcher (Version: 2.9.1496 - DsNET Corp)
Audacity 2.0.3 (Version: 2.0.3 - Audacity Team)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
AviSynth 2.5 (Version: - )
AVS Audio Editor 7.1 (Version: - Online Media Technologies Ltd.)
AVS DVD Player version 2.4 (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (Version: - Online Media Technologies Ltd.)
BDtoAVCHD 1.8.8 (Version: 1.8.8 - Joel Gali)
Bytescout XLS Viewer 2.30a (FREEWARE) (Version: - Bytescout Software)
Canon Easy-PhotoPrint EX (Version: - )
Canon iP1900 series Printer Driver (Version: - )
Canon My Printer (Version: - )
Canon Utilities Solution Menu (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (Version: 2011.1012.1558.26748 - Název společnosti:) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.1012.1558.26748 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.1116.1445.26409 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2011.1012.1557.26748 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2011.1012.1558.26748 - Advanced Micro Devices, Inc.) Hidden
Command & Conquer The First Decade (Version: 1.00.0000 - Electronic Arts)
Creative Audio Console (Version: 1.33 - Creative Technology Limited)
Creative Software AutoUpdate (Version: 1.40 - Creative Technology Limited)
Crystal Reports Basic Runtime for Visual Studio 2008 (Version: 10.5.0.0 - Business Objects)
DVDFab 8.1.9.0 (06/07/2012) Qt (Version: - Fengtao Software Inc.)
DynavixManager.exe (Version: 2.3.6.0 - Dynavix)
Easy CD-DA Extractor Free 2010 (Version: 2010.6 - Poikosoft)
eM Client (Version: 5.0.19406.0 - eM Client Inc.)
FLAC 1.2.1b (remove only) (Version: 1.2.1b - Xiph.org)
FlatOut 2 Mod Manager 1.0.0.4 (Version: - pixel::doc)
FlatOut2 (Version: 1.0 - US - ACTION, s.r.o.)
FM Screen Capture Codec (Remove Only) (Version: - )
Fraps (Version: - )
GamePark (Version: - GamePark)
GameRanger (Version: - GameRanger Technologies)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Guard.ICQ (Version: - Mail.ru)
HotForex MetaTrader (Version: 4.00 - MetaQuotes Software Corp.)
ICQ7M (Version: 7.8 - ICQ)
ImgBurn (Version: 2.5.4.0 - LIGHTNING UK!)
Inkjet Printer/Scanner Extended Survey Program (Version: - )
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
K-Lite Mega Codec Pack 9.1.0 (Version: 9.1.0 - )
Lexmark 1200 Series (Version: - )
Magic ISO Maker v5.5 (build 0265) (Version: - )
Marvell CPA (Version: 5.57.3.3 - Marvell)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - csy (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft ActiveSync (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Silverlight (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (Version: - )
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Need for Speed Underground 2 (Version: - )
Noise Reduction Plug-In 2.0 (Version: 2.0.502 - Sony)
NTFS Undelete v0.93 (Version: 0.93 - Atola Technology)
NVIDIA PhysX (Version: 9.09.0720 - NVIDIA Corporation)
Oprava Hotfix systému Windows XP (KB942288-v3) (Version: 3 - Microsoft Corporation)
PC Probe II (Version: 1.04.88 - ASUSTeK Computer Inc.)
Photobie -- photo editing software from Photobie Design (Version: - )
PhotoScape (Version: - )
Plus500 (Version: - )
Post Apocalyptic Mayhem (Version: - )
Registrace uživatele zařízení Canon iP1900 series (Version: - )
Sonic and SEGA All Stars Racing (Version: - developer)
Sound Forge Pro 10.0 (Version: 10.0.506 - Sony)
SpeedFan (remove only) (Version: - )
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Steam (Version: 1.0.0.0 - Valve Corporation)
Total Commander (Remove or Repair) (Version: 8.01 - Ghisler Software GmbH)
Tunngle beta (Version: - Tunngle.net GmbH)
Unreal Commander v0.96 (Version: - Max Diesel)
Visual IRC 2.0 (Version: - MeGALiTH Software)
VSO AVCHD Editor_0.4.4.1 (Version: 0.4.4.1 - VSO Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (Version: 5.623 - Nullsoft, Inc)
Winamp Detector Plug-in (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (Version: 20080414.031517 - Microsoft Corporation)
WinRAR (Version: - )
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
Zrychleni Pocitace - Kompletně odinstalovat (Version: 3.1.2 - Speedchecker Limited)

==================== Restore Points =========================

01-01-2014 12:46:30 Kontrolní bod systému
03-01-2014 01:25:18 Kontrolní bod systému
04-01-2014 12:03:00 Kontrolní bod systému
05-01-2014 12:09:03 Kontrolní bod systému

==================== Hosts content: ==========================

2001-10-25 13:00 - 2011-11-13 03:04 - 00000737 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003Core.job => C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003UA.job => C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-27 23:43 - 2006-01-19 05:33 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXCZPP5C.dll
2013-08-14 08:39 - 2013-08-14 02:38 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2010-09-13 02:38 - 2010-02-10 17:10 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-09-13 02:38 - 2010-02-17 23:49 - 00323584 _____ () C:\Program Files\WinRAR\rarlng.dll
2010-03-16 12:22 - 2010-03-16 12:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2011-10-12 15:57 - 2011-10-12 15:57 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-12-12 16:28 - 2013-12-12 16:28 - 00928768 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HTMLEditorControl\d88482871a7086e92890e471db635c42\HTMLEditorControl.ni.dll
2013-12-12 16:28 - 2013-12-12 16:28 - 00506880 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Mail\a4d3383167bc1b804b41cea05b82314c\MailClient.Mail.ni.dll
2013-12-12 16:28 - 2013-12-12 16:28 - 00138240 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Collecti#\0b63706dc7a4d2274131d96dc93e855f\MailClient.Collections.ni.dll
2013-12-12 16:28 - 2013-12-12 16:28 - 00025600 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Interop\a0940fedd2f3495ac6a3edf00606498e\MailClient.Interop.ni.dll
2012-12-17 22:36 - 2012-12-17 22:36 - 01451008 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsAPICodePack\921afe834de3c8eb88ce6ac33636ddf3\WindowsAPICodePack.ni.dll
2012-12-17 22:36 - 2012-12-17 22:36 - 00584704 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\LinqBridge\65ca36ff84950b2c52297d5de3d00edd\LinqBridge.ni.dll
2013-08-28 14:50 - 2013-08-28 14:50 - 00589824 _____ () C:\Program Files\eM Client\cs\MailClient.resources.dll
2012-02-23 18:33 - 2012-02-23 18:33 - 00590336 _____ () C:\Program Files\eM Client\SQLite\x86\sqlite3.dll
2013-11-22 14:13 - 2013-11-22 14:13 - 00106496 _____ () C:\Program Files\eM Client\MailClient.XmlSerializers.dll
2012-12-17 22:36 - 2012-12-17 22:36 - 00366080 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HtmlInterop\97436a8a08788c2f60f5b428afb17527\HtmlInterop.ni.dll
2013-12-12 16:28 - 2013-12-12 16:28 - 00107008 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MailClient.Sasl\19245048a04402a757541c2d8ac38bb7\MailClient.Sasl.ni.dll
2004-08-17 14:49 - 2008-04-14 07:51 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-11-06 04:11 - 2012-07-19 23:46 - 01112816 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avformat-lav-54.dll
2012-11-06 04:11 - 2012-07-19 23:46 - 06902354 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
2012-11-06 04:11 - 2012-07-19 23:46 - 00235846 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll
2012-11-06 04:11 - 2012-07-19 23:46 - 00172544 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\libbluray.dll
2012-11-06 04:11 - 2012-07-20 19:00 - 03476480 _____ () C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax
2013-12-06 01:34 - 2013-12-04 03:47 - 00702416 _____ () C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 01:34 - 2013-12-04 03:47 - 00099792 _____ () C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 01:34 - 2013-12-04 03:48 - 04055504 _____ () C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 01:34 - 2013-12-04 03:48 - 00399312 _____ () C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 01:34 - 2013-12-04 03:47 - 01619408 _____ () C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 01:34 - 2013-12-04 03:48 - 13586896 _____ () C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS:D54D78431B8232E6
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:98353363

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Marvell
Service: yukonwxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2014 09:50:38 PM) (Source: Application Error) (User: )
Description: Chybující aplikace flatout2.exe, verze 0.0.0.0, chybující modul flatout2.exe, verze 0.0.0.0, adresa chyby 0x000e22c0.
Zpracování události, specifické pro médium ([flatout2.exe!ws!])

Error: (01/03/2014 01:36:58 AM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace yct.exe, verze 3.8.0.1496, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/31/2013 07:09:58 PM) (Source: Application Error) (User: )
Description: Chybující aplikace photoscape.exe, verze 1.0.0.1301, chybující modul gdiplus.dll, verze 5.1.3102.5512, adresa chyby 0x0000942a.
Zpracování události, specifické pro médium ([photoscape.exe!ws!])

Error: (12/31/2013 04:10:22 PM) (Source: Application Error) (User: )
Description: Chybující aplikace photoscape.exe, verze 1.0.0.1301, chybující modul gdiplus.dll, verze 5.1.3102.5512, adresa chyby 0x000022cd.
Zpracování události, specifické pro médium ([photoscape.exe!ws!])

Error: (12/30/2013 07:03:17 PM) (Source: Application Error) (User: )
Description: Chybující aplikace photoscape.exe, verze 1.0.0.1301, chybující modul gdiplus.dll, verze 5.1.3102.5512, adresa chyby 0x0000942a.
Zpracování události, specifické pro médium ([photoscape.exe!ws!])

Error: (12/30/2013 04:02:54 AM) (Source: Application Error) (User: )
Description: Chybující aplikace photoscape.exe, verze 1.0.0.1301, chybující modul gdiplus.dll, verze 5.1.3102.5512, adresa chyby 0x000022cd.
Zpracování události, specifické pro médium ([photoscape.exe!ws!])

Error: (12/29/2013 04:17:15 PM) (Source: Application Error) (User: )
Description: Chybující aplikace photoscape.exe, verze 1.0.0.1301, chybující modul gdiplus.dll, verze 5.1.3102.5512, adresa chyby 0x000022cd.
Zpracování události, specifické pro médium ([photoscape.exe!ws!])

Error: (12/29/2013 01:53:06 AM) (Source: Application Error) (User: )
Description: Chybující aplikace avgnt.exe, verze 14.0.2.254, chybující modul gdiplus.dll, verze 5.1.3102.5512, adresa chyby 0x0000942a.
Zpracování události, specifické pro médium ([avgnt.exe!ws!])

Error: (12/28/2013 11:25:31 PM) (Source: Application Error) (User: )
Description: Chybující aplikace photoscape.exe, verze 1.0.0.1298, chybující modul gdiplus.dll, verze 5.1.3102.5512, adresa chyby 0x000022cd.
Zpracování události, specifické pro médium ([photoscape.exe!ws!])

Error: (12/27/2013 08:14:14 PM) (Source: Application Error) (User: )
Description: Chybující aplikace iw3mp.exe, verze 0.0.0.0, chybující modul iw3mp.exe, verze 0.0.0.0, adresa chyby 0x0027cc1a.
Zpracování události, specifické pro médium ([iw3mp.exe!ws!])


System errors:
=============
Error: (01/06/2014 01:02:44 PM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
ArcCtrl

Error: (01/06/2014 02:35:11 AM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP 7.51.87.196 pro síťovou kartu s adresou 00FFED439551 byla
serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (01/05/2014 09:27:21 PM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP 7.51.87.196 pro síťovou kartu s adresou 00FFED439551 byla
serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (01/05/2014 07:55:35 PM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
ArcCtrl

Error: (01/05/2014 02:10:34 PM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
ArcCtrl

Error: (01/05/2014 01:23:37 PM) (Source: Service Control Manager) (User: )
Description: Služba PC Speed Up Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/05/2014 00:47:27 PM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
ArcCtrl

Error: (01/05/2014 00:20:01 AM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP 7.51.87.196 pro síťovou kartu s adresou 00FFED439551 byla
serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (01/05/2014 00:17:37 AM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
ArcCtrl

Error: (01/04/2014 08:08:10 PM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP 7.51.87.196 pro síťovou kartu s adresou 00FFED439551 byla
serverem DHCP 7.254.254.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).


Microsoft Office Sessions:
=========================
Error: (01/04/2014 09:50:38 PM) (Source: Application Error)(User: )
Description: flatout2.exe0.0.0.0flatout2.exe0.0.0.0000e22c0

Error: (01/03/2014 01:36:58 AM) (Source: Application Hang)(User: )
Description: yct.exe3.8.0.1496hungapp0.0.0.000000000

Error: (12/31/2013 07:09:58 PM) (Source: Application Error)(User: )
Description: photoscape.exe1.0.0.1301gdiplus.dll5.1.3102.55120000942a

Error: (12/31/2013 04:10:22 PM) (Source: Application Error)(User: )
Description: photoscape.exe1.0.0.1301gdiplus.dll5.1.3102.5512000022cd

Error: (12/30/2013 07:03:17 PM) (Source: Application Error)(User: )
Description: photoscape.exe1.0.0.1301gdiplus.dll5.1.3102.55120000942a

Error: (12/30/2013 04:02:54 AM) (Source: Application Error)(User: )
Description: photoscape.exe1.0.0.1301gdiplus.dll5.1.3102.5512000022cd

Error: (12/29/2013 04:17:15 PM) (Source: Application Error)(User: )
Description: photoscape.exe1.0.0.1301gdiplus.dll5.1.3102.5512000022cd

Error: (12/29/2013 01:53:06 AM) (Source: Application Error)(User: )
Description: avgnt.exe14.0.2.254gdiplus.dll5.1.3102.55120000942a

Error: (12/28/2013 11:25:31 PM) (Source: Application Error)(User: )
Description: photoscape.exe1.0.0.1298gdiplus.dll5.1.3102.5512000022cd

Error: (12/27/2013 08:14:14 PM) (Source: Application Error)(User: )
Description: iw3mp.exe0.0.0.0iw3mp.exe0.0.0.00027cc1a


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3070.92 MB
Available physical RAM: 1671.9 MB
Total Pagefile: 2910.12 MB
Available Pagefile: 1365.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.21 MB

==================== Drives ================================

Drive c: (Work) (Fixed) (Total:126.96 GB) (Free:1.79 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:105.92 GB) (Free:0.51 GB) NTFS
Drive e: (FV25) (CDROM) (Total:4.35 GB) (Free:0 GB) UDF2.5
Drive g: (BD Temp) (Fixed) (Total:152.66 GB) (Free:17.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 153 GB) (Disk ID: F92AF92A)
Partition 1: (Not Active) - (Size=153 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 4C4B653B)
Partition 1: (Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=106 GB) - (Type=OF Extended)

==================== End Of Log ============================

Re: Vi nekdo co to je?

Napsal: 06 led 2014 14:35
od Trubecka
Ještě k těm akcím ADWC a JRT, význam smazaných registrů mi není znám ale všiml jsem si že mi to napůl promazalo ten program "ZrychleníPočítače" jenž už samozřejmě kvůli tomu nefunguje ale důvod jsem nikde nevyčetl, mám to chápat jako že ten program byl napadený nebo je malware či tak něco sám o sobě nebo může být chybně detekován jako škodlivý jen proto že modifikuje start OS????

Jinak ten soubor původně detekovaný spybotem jako malware tam stále je.

Re: Vi nekdo co to je?

Napsal: 06 led 2014 19:03
od vyosek
:arrow: Vy ty logy upravujete aby nebyl videt jmeno uzivatele, to jetak tajne nebo co?? Ono pak nejde napsat opravny skript jaksi

Re: Vi nekdo co to je?

Napsal: 07 led 2014 00:29
od Trubecka
Jen je tam nahrazeno username timhle ******. Já ho používám i ve spoustě dalších věcí a nemusí to viset na foru ještě ke všemu 150x na jedný stránce. A script na opravu čeho? To nechápu, tak tam napište místo toho "username", já si to nahradím nebo vám ho pošlu v soukromý zprávě...

Re: Vi nekdo co to je?

Napsal: 07 led 2014 11:01
od vyosek
:arrow: Skript na opravu chyb, ktere jsou videt v logu

:arrow: Poslete mi prosim FRST.txt mailem, ja vam pak fixlist poslu taky mailem

:arrow: Soukromou zpravu bohuzel neposlete, jelikoz ta je povolena az uzivatelum s hodnosti Vzorny navstevnik

Re: Vi nekdo co to je?

Napsal: 07 led 2014 14:40
od Trubecka
Ja jsem ale myslel jakych chyb, to ze jsou videt v logu me je jasne :wink: Ten pozadovany soubor byl odeslan na mail uvedeny ve vasem podpisu... ale myslim ze je treba zduraznit ze hlavni prioritou je aby ten OS potom bootoval a zustal plne funkcni jinak zinfarktuji :roll:

Re: Vi nekdo co to je?

Napsal: 07 led 2014 17:45
od vyosek
:arrow: Nebojte, myslite ze je ucelem nam tu bourat PC :?:

:arrow: Jsou tam pozustatky po malware, neplatne zaznamy atd...

:arrow: Ulozte fixlist co jsem Vam poslal mailem vedle FRST.exe

:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Vi nekdo co to je?

Napsal: 08 led 2014 14:02
od Trubecka
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-01-2014
Ran by ****** at 2014-01-08 13:51:04 Run:1
Running from C:\Documents and Settings\******\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKCU\...\Run: [Google Update] - C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [136176 2010-08-19] (Google Inc.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.

CHR HomePage: hxxp://www.ask.com/?l=dis&o=15383cr
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2012-07-05] ()

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003Core.job => C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003UA.job => C:\Documents and Settings\******\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\WINDOWS:D54D78431B8232E6
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:98353363

DisableService: JavaQuickStarterService

C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}\{9bed5ee2-0547-4706-8600-d3897629ade0}
C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4D0C-9E5F-43462BC13E3B}\
C:\Program Files\Guard-ICQ
C:\Program Files\Zrychleni Pocitace

CMD: sc stop "PCSUService"
CMD: sc delete "PCSUService"


CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
CHR HomePage: hxxp://www.ask.com/?l=dis&o=15383cr ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
Guard.Mail.ru => Service deleted successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003Core.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1123561945-725345543-1003UA.job => Moved successfully.
C:\WINDOWS => ":D54D78431B8232E6" ADS removed successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":98353363" ADS removed successfully.
JavaQuickStarterService service was disabled
C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}\{9bed5ee2-0547-4706-8600-d3897629ade0} => Moved successfully.
C:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4D0C-9E5F-43462BC13E3B}\ => Moved successfully.
C:\Program Files\Guard-ICQ => Moved successfully.
C:\Program Files\Zrychleni Pocitace => Moved successfully.

========= sc stop "PCSUService" =========

[SC] OpenService FAILED 1060:

Zadan slu

========= End of CMD: =========


========= sc delete "PCSUService" =========

[SC] OpenService FAILED 1060:

Zadan slu

========= End of CMD: =========


========= shutdown /r /f /t 2 =========


========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====

Re: Vi nekdo co to je?

Napsal: 08 led 2014 14:07
od vyosek
Jak se chova PC??
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz