VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

PC jede na 100%, objevil se vir Policie ČR

https://forum.viry.cz:443/viewtopic.php?t=136092

Stránka 1 z 4

PC jede na 100%, objevil se vir Policie ČR

Napsal: 10 úno 2014 19:37
od jmeno1
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2014-02-10 19:23:39
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 55 GB (55%) free of 100 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:52, on 10.2.2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SecretSauce\updateSecretSauce.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SecretSauce\bin\utilSecretSauce.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\InstallDir\Server.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Administrator\Data aplikací\Trojan.exe
C:\WINDOWS\WinRAR.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe
C:\WINDOWS\?µTorrent.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ffffffft.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Google.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\yay.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Data aplikací\System.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\svhost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\System32.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\system.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Data aplikací\taskhost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Ch Cyber.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HAckeD.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tata.exe
C:\Documents and Settings\Administrator\Data aplikací\IDM.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\win.exe
C:\Documents and Settings\Administrator\Data aplikací\torgan.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Windows.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Computer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\saysteme32.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Google.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\torndt.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\taki.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Data aplikací\chrome.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\iexplorer.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\systeme32.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\11.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\9.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Data aplikací\ide.exe
C:\Documents and Settings\Administrator\Data aplikací\server.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\photo.exe
C:\Documents and Settings\Administrator\Data aplikací\njrat.exe
C:\Documents and Settings\Administrator\server.exe
C:\Documents and Settings\All Users\rgdgei.exe
C:\Documents and Settings\Administrator\Winrar.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\go0gle.exe
C:\Documents and Settings\All Users\server.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Data aplikací\windows.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\firfox.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\abd_almajed.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\avira.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Mozilla Firefox.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Torgan.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\RtHDVpl.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\avast.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Chrome\Explorer.exe
C:\Documents and Settings\Administrator\Data aplikací\R3365FM4QH3VCO020PT48H3H2\25A7SV61J7MUJ1HVNMWUAC5HJ.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
K:\RSIT (1).exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: CrossriderApp0049040 - {11111111-1111-1111-1111-110411901140} - C:\Program Files\Torntv V7.0\Torntv V7.0-bho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [8515eb34d8f9de5af815466e9715b3e5] "C:\Documents and Settings\Administrator\Data aplikací\Trojan.exe" ..
O4 - HKLM\..\Run: [686c771e3c059c35db6274668d61361c] "C:\WINDOWS\WinRAR.exe" ..
O4 - HKLM\..\Run: [ba4c12bee3027d94da5c81db2d196bfd] "C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe" ..
O4 - HKLM\..\Run: [c0dfd206df5f0389c3eb91c78d81bb3e] "C:\WINDOWS\?µTorrent.exe" ..
O4 - HKLM\..\Run: [da9e0b58b4f7fba5f8cc884a0980ca77] "C:\Documents and Settings\Administrator\Local Settings\Temp\ffffffft.exe" ..
O4 - HKLM\..\Run: [13e5090cee57967233f9b6a72ec1c5dd] "C:\Documents and Settings\Administrator\Local Settings\Temp\Google.exe" ..
O4 - HKLM\..\Run: [4c43b68280c8e2855fc15ed589cd9888] "C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe" ..
O4 - HKLM\..\Run: [gauswqussd] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs"
O4 - HKLM\..\Run: [2abfcd66b0c6b9c9c508f5b1ed61ce2b] "C:\Documents and Settings\Administrator\Local Settings\Temp\yay.exe" ..
O4 - HKLM\..\Run: [knphxyhaar] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs"
O4 - HKLM\..\Run: [0937ecfd078670c0cd5006135073aeda] "C:\Documents and Settings\Administrator\Data aplikací\System.exe" ..
O4 - HKLM\..\Run: [tmp4D] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4D.tmp.vbs"
O4 - HKLM\..\Run: [tmp4E] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4E.tmp.vbs"
O4 - HKLM\..\Run: [430001ee777c7146029dc9c4a8d25bfa] "C:\Documents and Settings\Administrator\Local Settings\Temp\svhost.exe" ..
O4 - HKLM\..\Run: [tmp50] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp50.tmp.vbs"
O4 - HKLM\..\Run: [tmp51] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp51.tmp.vbs"
O4 - HKLM\..\Run: [tmp52] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp52.tmp.vbs"
O4 - HKLM\..\Run: [2320633bbd5b9c41d628d6d2b760a34d] "C:\Documents and Settings\Administrator\Local Settings\Temp\System32.exe" ..
O4 - HKLM\..\Run: [xaioytkasp] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs"
O4 - HKLM\..\Run: [12ce4e06a81e8d54fd01d9b762f1b1bb] "C:\Documents and Settings\Administrator\Local Settings\Temp\system.exe" ..
O4 - HKLM\..\Run: [wyfwklxkzm] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfwklxkzm.vbs"
O4 - HKLM\..\Run: [tmp144] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp144.tmp.vbs"
O4 - HKLM\..\Run: [abb278f5f94f5be17c28e4761048b650] "C:\Documents and Settings\Administrator\Data aplikací\taskhost.exe" ..
O4 - HKLM\..\Run: [tmp248] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp248.tmp.vbs"
O4 - HKLM\..\Run: [tmp249] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp249.tmp.vbs"
O4 - HKLM\..\Run: [tmp24A] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp24A.tmp.vbs"
O4 - HKLM\..\Run: [tmp2A9] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2A9.tmp.vbs"
O4 - HKLM\..\Run: [ojnreyupor] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ojnreyupor.vbs"
O4 - HKLM\..\Run: [shbdwdtkli] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\shbdwdtkli.vbs"
O4 - HKLM\..\Run: [pcczgzvsoj] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pcczgzvsoj.vbs"
O4 - HKLM\..\Run: [tmp3A8] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3A8.tmp.vbs"
O4 - HKLM\..\Run: [f6f4805cef84053137ddba2e1538eea5] "C:\Documents and Settings\Administrator\Local Settings\Temp\Ch Cyber.exe" ..
O4 - HKLM\..\Run: [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe" ..
O4 - HKLM\..\Run: [df2a88d096b0675487ae4668b623d794] "C:\Documents and Settings\Administrator\Local Settings\Temp\HAckeD.exe" ..
O4 - HKLM\..\Run: [ea245fdc7eb8b9a02f20365bd1579c02] "C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe" ..
O4 - HKLM\..\Run: [wyfhxjicra] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs"
O4 - HKLM\..\Run: [aa8e5b50d669aecb759f39b0de43a315] "C:\Documents and Settings\Administrator\Local Settings\Temp\tata.exe" ..
O4 - HKLM\..\Run: [c61dfebbd841e9a2cf833a4df4e04423] "C:\Documents and Settings\Administrator\Data aplikací\IDM.exe" ..
O4 - HKLM\..\Run: [0f2ca73cfc01a1cdff66f73f54410096] "C:\Documents and Settings\Administrator\Local Settings\Temp\win.exe" ..
O4 - HKLM\..\Run: [56abf2286f04ae92141911abfd2f05bb] "C:\Documents and Settings\Administrator\Data aplikací\torgan.exe" ..
O4 - HKLM\..\Run: [55b3825ee39ada2fcddf7c7accbde69e] "C:\Documents and Settings\Administrator\Local Settings\Temp\Windows.exe" ..
O4 - HKLM\..\Run: [2c38cf2388374a93568a4045e16e79fd] "C:\Documents and Settings\Administrator\Local Settings\Temp\Computer.exe" ..
O4 - HKLM\..\Run: [dd230003a4ee720b25082b75f8442b85] "C:\Documents and Settings\Administrator\Local Settings\Temp\saysteme32.exe" ..
O4 - HKLM\..\Run: [xjvlxdcaay] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs"
O4 - HKLM\..\Run: [zofcilpicj] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zofcilpicj..vbs"
O4 - HKLM\..\Run: [92f014c544d1f6ba9a2bd7bc0c76a04d] "C:\Documents and Settings\Administrator\Google.exe" ..
O4 - HKLM\..\Run: [tmpA1B] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1B.tmp.vbs"
O4 - HKLM\..\Run: [tmpA1C] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1C.tmp.vbs"
O4 - HKLM\..\Run: [tmpA1D] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1D.tmp.vbs"
O4 - HKLM\..\Run: [tmpA1E] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1E.tmp.vbs"
O4 - HKLM\..\Run: [rswfguhvuz] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs"
O4 - HKLM\..\Run: [111f9610405fef9aac046ba3f0964d3b] "C:\Documents and Settings\Administrator\Local Settings\Temp\torndt.exe" ..
O4 - HKLM\..\Run: [wvfszvuopj] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wvfszvuopj..vbs"
O4 - HKLM\..\Run: [bpryiwaiow] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bpryiwaiow..vbs"
O4 - HKLM\..\Run: [tmp115] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp115.tmp.vbs"
O4 - HKLM\..\Run: [tmp11C] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp11C.tmp.vbs"
O4 - HKLM\..\Run: [260c9128c15f15ea2236f0c7f1853b94] "C:\Documents and Settings\Administrator\Local Settings\Temp\taki.exe" ..
O4 - HKLM\..\Run: [eupyaraolh] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eupyaraolh..vbs"
O4 - HKLM\..\Run: [351e3643d9060767869a6a4fdd56abee] "C:\Documents and Settings\Administrator\Data aplikací\chrome.exe" ..
O4 - HKLM\..\Run: [tmp15C] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15C.tmp.vbs"
O4 - HKLM\..\Run: [tmp15D] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15D.tmp.vbs"
O4 - HKLM\..\Run: [0e479c56ed994fcb827e75e9beeec84b] "C:\Documents and Settings\Administrator\Local Settings\Temp\iexplorer.exe" ..
O4 - HKLM\..\Run: [20919c87e749acdfdfee7a147b904bb6] "C:\Documents and Settings\Administrator\Local Settings\Temp\systeme32.exe" ..
O4 - HKLM\..\Run: [rxnaowisbo] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxnaowisbo..vbs"
O4 - HKLM\..\Run: [zhqyzximlz] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zhqyzximlz..vbs"
O4 - HKLM\..\Run: [zvzxlqmjpw] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zvzxlqmjpw..vbs"
O4 - HKLM\..\Run: [rvezltwmzh] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rvezltwmzh..vbs"
O4 - HKLM\..\Run: [2bd0c57c82eb9fcfe246f0e8bf7d37de] "C:\Documents and Settings\Administrator\Local Settings\Temp\11.exe" ..
O4 - HKLM\..\Run: [a072bdf45970705c00d71b81813e62d5] "C:\Documents and Settings\Administrator\server.exe" ..
O4 - HKLM\..\Run: [ae5175946e372dbd8dc68648563564ff] "C:\Documents and Settings\Administrator\Local Settings\Temp\9.exe" ..
O4 - HKLM\..\Run: [tmp1A0] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1A0.tmp.vbs"
O4 - HKLM\..\Run: [tmp1A1] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1A1.tmp.vbs"
O4 - HKLM\..\Run: [0cc25ddbe65da3a895e33aed8557cc44] "C:\Documents and Settings\Administrator\Data aplikací\ide.exe" ..
O4 - HKLM\..\Run: [030da8038c12fa369d906277cce4201e] "C:\Documents and Settings\Administrator\Data aplikací\server.exe" ..
O4 - HKLM\..\Run: [a10bbc47dd4a1b4b4afd7c797ba765bb] "C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe" ..
O4 - HKLM\..\Run: [08f4dc96bbb7af09d1a37fe35c75a42f] "C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe" ..
O4 - HKLM\..\Run: [a227b42a3d99b13534b6c73d8df8ac56] "C:\Documents and Settings\Administrator\Local Settings\Temp\photo.exe" ..
O4 - HKLM\..\Run: [67646fee7c94ba8794860eb8b33bc1c4] "C:\Documents and Settings\Administrator\Data aplikací\njrat.exe" ..
O4 - HKLM\..\Run: [8f67cfd31393fcfcdcd3cc631bf658d6] "C:\Documents and Settings\All Users\rgdgei.exe" ..
O4 - HKLM\..\Run: [db7da02fe690f6fcf079052b5d2cd473] "C:\Documents and Settings\Administrator\Winrar.exe" ..
O4 - HKLM\..\Run: [tmp62] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs"
O4 - HKLM\..\Run: [tmp67] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs"
O4 - HKLM\..\Run: [tmp68] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs"
O4 - HKLM\..\Run: [tmp6E] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs"
O4 - HKLM\..\Run: [tmp6F] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs"
O4 - HKLM\..\Run: [2088a7581ca9138eb6b495a7e2a61563] "C:\Documents and Settings\Administrator\Local Settings\Temp\go0gle.exe" ..
O4 - HKLM\..\Run: [f3dfe1343af279606090d5deb2cb7bca] "C:\Documents and Settings\All Users\server.exe" ..
O4 - HKLM\..\Run: [nzfqtgxiuu] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs"
O4 - HKLM\..\Run: [f745de9c10a759e3fdbb7fd429f8a0a0] "C:\Documents and Settings\Administrator\Data aplikací\windows.exe" ..
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\InstallDir\Server.exe
O4 - HKLM\..\Run: [306b4bfe3a202356bb0073c109163df0] "C:\Documents and Settings\Administrator\Local Settings\Temp\firfox.exe" ..
O4 - HKLM\..\Run: [tmpA2] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA2.tmp.vbs"
O4 - HKLM\..\Run: [tmpA3] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA3.tmp.vbs"
O4 - HKLM\..\Run: [tmpA4] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA4.tmp.vbs"
O4 - HKLM\..\Run: [tmpAD] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs"
O4 - HKLM\..\Run: [7f85c10bf3570ca4bf813f5711fb5984] "C:\Documents and Settings\Administrator\Local Settings\Temp\abd_almajed.exe" ..
O4 - HKLM\..\Run: [0af5f76d92e1e19f8f89aed57dbd9557] "C:\Documents and Settings\Administrator\Local Settings\Temp\avira.exe" ..
O4 - HKLM\..\Run: [1ac54efef229386218f9defd73c9fae1] "C:\Documents and Settings\Administrator\Local Settings\Temp\Mozilla Firefox.exe" ..
O4 - HKLM\..\Run: [ydtuatabjo] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ydtuatabjo..vbs"
O4 - HKLM\..\Run: [glypewebwp] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\glypewebwp..vbs"
O4 - HKLM\..\Run: [43190f6ea67f8c9457cd78e7088e3aa6] "C:\Documents and Settings\Administrator\Local Settings\Temp\Torgan.exe" ..
O4 - HKLM\..\Run: [e101a39ab5de59589562aa0ff3295ba5] "C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe" ..
O4 - HKLM\..\Run: [3a7da78435e1522e6c0ff55db7f9983c] "C:\Documents and Settings\Administrator\Local Settings\Temp\RtHDVpl.exe" ..
O4 - HKLM\..\Run: [af029b7100cbb27d8c0472b97315e8d5] "C:\Documents and Settings\Administrator\Local Settings\Temp\avast.exe" ..
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [RGSC] E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [8515eb34d8f9de5af815466e9715b3e5] "C:\Documents and Settings\Administrator\Data aplikací\Trojan.exe" ..
O4 - HKCU\..\Run: [686c771e3c059c35db6274668d61361c] "C:\WINDOWS\WinRAR.exe" ..
O4 - HKCU\..\Run: [ba4c12bee3027d94da5c81db2d196bfd] "C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe" ..
O4 - HKCU\..\Run: [c0dfd206df5f0389c3eb91c78d81bb3e] "C:\WINDOWS\?µTorrent.exe" ..
O4 - HKCU\..\Run: [da9e0b58b4f7fba5f8cc884a0980ca77] "C:\Documents and Settings\Administrator\Local Settings\Temp\ffffffft.exe" ..
O4 - HKCU\..\Run: [13e5090cee57967233f9b6a72ec1c5dd] "C:\Documents and Settings\Administrator\Local Settings\Temp\Google.exe" ..
O4 - HKCU\..\Run: [4c43b68280c8e2855fc15ed589cd9888] "C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe" ..
O4 - HKCU\..\Run: [gauswqussd] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs"
O4 - HKCU\..\Run: [2abfcd66b0c6b9c9c508f5b1ed61ce2b] "C:\Documents and Settings\Administrator\Local Settings\Temp\yay.exe" ..
O4 - HKCU\..\Run: [knphxyhaar] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs"
O4 - HKCU\..\Run: [0937ecfd078670c0cd5006135073aeda] "C:\Documents and Settings\Administrator\Data aplikací\System.exe" ..
O4 - HKCU\..\Run: [tmp4D] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4D.tmp.vbs"
O4 - HKCU\..\Run: [tmp4E] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4E.tmp.vbs"
O4 - HKCU\..\Run: [430001ee777c7146029dc9c4a8d25bfa] "C:\Documents and Settings\Administrator\Local Settings\Temp\svhost.exe" ..
O4 - HKCU\..\Run: [tmp50] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp50.tmp.vbs"
O4 - HKCU\..\Run: [tmp51] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp51.tmp.vbs"
O4 - HKCU\..\Run: [tmp52] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp52.tmp.vbs"
O4 - HKCU\..\Run: [2320633bbd5b9c41d628d6d2b760a34d] "C:\Documents and Settings\Administrator\Local Settings\Temp\System32.exe" ..
O4 - HKCU\..\Run: [xaioytkasp] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs"
O4 - HKCU\..\Run: [12ce4e06a81e8d54fd01d9b762f1b1bb] "C:\Documents and Settings\Administrator\Local Settings\Temp\system.exe" ..
O4 - HKCU\..\Run: [wyfwklxkzm] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfwklxkzm.vbs"
O4 - HKCU\..\Run: [tmp144] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp144.tmp.vbs"
O4 - HKCU\..\Run: [abb278f5f94f5be17c28e4761048b650] "C:\Documents and Settings\Administrator\Data aplikací\taskhost.exe" ..
O4 - HKCU\..\Run: [tmp248] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp248.tmp.vbs"
O4 - HKCU\..\Run: [tmp249] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp249.tmp.vbs"
O4 - HKCU\..\Run: [tmp24A] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp24A.tmp.vbs"
O4 - HKCU\..\Run: [tmp2A9] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2A9.tmp.vbs"
O4 - HKCU\..\Run: [ojnreyupor] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ojnreyupor.vbs"
O4 - HKCU\..\Run: [shbdwdtkli] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\shbdwdtkli.vbs"
O4 - HKCU\..\Run: [pcczgzvsoj] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pcczgzvsoj.vbs"
O4 - HKCU\..\Run: [Explorer] C:\Documents and Settings\Administrator\Local Settings\Temp\Chrome\Explorer.exe
O4 - HKCU\..\Run: [tmp3A8] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3A8.tmp.vbs"
O4 - HKCU\..\Run: [f6f4805cef84053137ddba2e1538eea5] "C:\Documents and Settings\Administrator\Local Settings\Temp\Ch Cyber.exe" ..
O4 - HKCU\..\Run: [5cd8f17f4086744065eb0992a09e05a2] "C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe" ..
O4 - HKCU\..\Run: [df2a88d096b0675487ae4668b623d794] "C:\Documents and Settings\Administrator\Local Settings\Temp\HAckeD.exe" ..
O4 - HKCU\..\Run: [ea245fdc7eb8b9a02f20365bd1579c02] "C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe" ..
O4 - HKCU\..\Run: [wyfhxjicra] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs"
O4 - HKCU\..\Run: [aa8e5b50d669aecb759f39b0de43a315] "C:\Documents and Settings\Administrator\Local Settings\Temp\tata.exe" ..
O4 - HKCU\..\Run: [c61dfebbd841e9a2cf833a4df4e04423] "C:\Documents and Settings\Administrator\Data aplikací\IDM.exe" ..
O4 - HKCU\..\Run: [0f2ca73cfc01a1cdff66f73f54410096] "C:\Documents and Settings\Administrator\Local Settings\Temp\win.exe" ..
O4 - HKCU\..\Run: [56abf2286f04ae92141911abfd2f05bb] "C:\Documents and Settings\Administrator\Data aplikací\torgan.exe" ..
O4 - HKCU\..\Run: [55b3825ee39ada2fcddf7c7accbde69e] "C:\Documents and Settings\Administrator\Local Settings\Temp\Windows.exe" ..
O4 - HKCU\..\Run: [2c38cf2388374a93568a4045e16e79fd] "C:\Documents and Settings\Administrator\Local Settings\Temp\Computer.exe" ..
O4 - HKCU\..\Run: [dd230003a4ee720b25082b75f8442b85] "C:\Documents and Settings\Administrator\Local Settings\Temp\saysteme32.exe" ..
O4 - HKCU\..\Run: [xjvlxdcaay] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs"
O4 - HKCU\..\Run: [zofcilpicj] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zofcilpicj..vbs"
O4 - HKCU\..\Run: [92f014c544d1f6ba9a2bd7bc0c76a04d] "C:\Documents and Settings\Administrator\Google.exe" ..
O4 - HKCU\..\Run: [tmpA1B] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1B.tmp.vbs"
O4 - HKCU\..\Run: [tmpA1C] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1C.tmp.vbs"
O4 - HKCU\..\Run: [tmpA1D] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1D.tmp.vbs"
O4 - HKCU\..\Run: [tmpA1E] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1E.tmp.vbs"
O4 - HKCU\..\Run: [rswfguhvuz] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs"
O4 - HKCU\..\Run: [111f9610405fef9aac046ba3f0964d3b] "C:\Documents and Settings\Administrator\Local Settings\Temp\torndt.exe" ..
O4 - HKCU\..\Run: [wvfszvuopj] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wvfszvuopj..vbs"
O4 - HKCU\..\Run: [bpryiwaiow] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bpryiwaiow..vbs"
O4 - HKCU\..\Run: [tmp115] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp115.tmp.vbs"
O4 - HKCU\..\Run: [tmp11C] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp11C.tmp.vbs"
O4 - HKCU\..\Run: [260c9128c15f15ea2236f0c7f1853b94] "C:\Documents and Settings\Administrator\Local Settings\Temp\taki.exe" ..
O4 - HKCU\..\Run: [eupyaraolh] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eupyaraolh..vbs"
O4 - HKCU\..\Run: [351e3643d9060767869a6a4fdd56abee] "C:\Documents and Settings\Administrator\Data aplikací\chrome.exe" ..
O4 - HKCU\..\Run: [tmp15C] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15C.tmp.vbs"
O4 - HKCU\..\Run: [tmp15D] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15D.tmp.vbs"
O4 - HKCU\..\Run: [0e479c56ed994fcb827e75e9beeec84b] "C:\Documents and Settings\Administrator\Local Settings\Temp\iexplorer.exe" ..
O4 - HKCU\..\Run: [20919c87e749acdfdfee7a147b904bb6] "C:\Documents and Settings\Administrator\Local Settings\Temp\systeme32.exe" ..
O4 - HKCU\..\Run: [rxnaowisbo] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxnaowisbo..vbs"
O4 - HKCU\..\Run: [zhqyzximlz] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zhqyzximlz..vbs"
O4 - HKCU\..\Run: [zvzxlqmjpw] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zvzxlqmjpw..vbs"
O4 - HKCU\..\Run: [rvezltwmzh] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rvezltwmzh..vbs"
O4 - HKCU\..\Run: [2bd0c57c82eb9fcfe246f0e8bf7d37de] "C:\Documents and Settings\Administrator\Local Settings\Temp\11.exe" ..
O4 - HKCU\..\Run: [a072bdf45970705c00d71b81813e62d5] "C:\Documents and Settings\Administrator\server.exe" ..
O4 - HKCU\..\Run: [ae5175946e372dbd8dc68648563564ff] "C:\Documents and Settings\Administrator\Local Settings\Temp\9.exe" ..
O4 - HKCU\..\Run: [tmp1A0] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1A0.tmp.vbs"
O4 - HKCU\..\Run: [tmp1A1] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1A1.tmp.vbs"
O4 - HKCU\..\Run: [0cc25ddbe65da3a895e33aed8557cc44] "C:\Documents and Settings\Administrator\Data aplikací\ide.exe" ..
O4 - HKCU\..\Run: [030da8038c12fa369d906277cce4201e] "C:\Documents and Settings\Administrator\Data aplikací\server.exe" ..
O4 - HKCU\..\Run: [a10bbc47dd4a1b4b4afd7c797ba765bb] "C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe" ..
O4 - HKCU\..\Run: [08f4dc96bbb7af09d1a37fe35c75a42f] "C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe" ..
O4 - HKCU\..\Run: [a227b42a3d99b13534b6c73d8df8ac56] "C:\Documents and Settings\Administrator\Local Settings\Temp\photo.exe" ..
O4 - HKCU\..\Run: [67646fee7c94ba8794860eb8b33bc1c4] "C:\Documents and Settings\Administrator\Data aplikací\njrat.exe" ..
O4 - HKCU\..\Run: [8f67cfd31393fcfcdcd3cc631bf658d6] "C:\Documents and Settings\All Users\rgdgei.exe" ..
O4 - HKCU\..\Run: [db7da02fe690f6fcf079052b5d2cd473] "C:\Documents and Settings\Administrator\Winrar.exe" ..
O4 - HKCU\..\Run: [tmp62] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs"
O4 - HKCU\..\Run: [tmp67] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs"
O4 - HKCU\..\Run: [tmp68] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs"
O4 - HKCU\..\Run: [tmp6E] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs"
O4 - HKCU\..\Run: [tmp6F] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs"
O4 - HKCU\..\Run: [2088a7581ca9138eb6b495a7e2a61563] "C:\Documents and Settings\Administrator\Local Settings\Temp\go0gle.exe" ..
O4 - HKCU\..\Run: [f3dfe1343af279606090d5deb2cb7bca] "C:\Documents and Settings\All Users\server.exe" ..
O4 - HKCU\..\Run: [nzfqtgxiuu] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs"
O4 - HKCU\..\Run: [f745de9c10a759e3fdbb7fd429f8a0a0] "C:\Documents and Settings\Administrator\Data aplikací\windows.exe" ..
O4 - HKCU\..\Run: [system] C:\WINDOWS\system32\InstallDir\Server.exe
O4 - HKCU\..\Run: [306b4bfe3a202356bb0073c109163df0] "C:\Documents and Settings\Administrator\Local Settings\Temp\firfox.exe" ..
O4 - HKCU\..\Run: [tmpA2] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA2.tmp.vbs"
O4 - HKCU\..\Run: [tmpA3] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA3.tmp.vbs"
O4 - HKCU\..\Run: [tmpA4] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA4.tmp.vbs"
O4 - HKCU\..\Run: [tmpAD] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs"
O4 - HKCU\..\Run: [7f85c10bf3570ca4bf813f5711fb5984] "C:\Documents and Settings\Administrator\Local Settings\Temp\abd_almajed.exe" ..
O4 - HKCU\..\Run: [0af5f76d92e1e19f8f89aed57dbd9557] "C:\Documents and Settings\Administrator\Local Settings\Temp\avira.exe" ..
O4 - HKCU\..\Run: [1ac54efef229386218f9defd73c9fae1] "C:\Documents and Settings\Administrator\Local Settings\Temp\Mozilla Firefox.exe" ..
O4 - HKCU\..\Run: [ydtuatabjo] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ydtuatabjo..vbs"
O4 - HKCU\..\Run: [glypewebwp] wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\glypewebwp..vbs"
O4 - HKCU\..\Run: [43190f6ea67f8c9457cd78e7088e3aa6] "C:\Documents and Settings\Administrator\Local Settings\Temp\Torgan.exe" ..
O4 - HKCU\..\Run: [e101a39ab5de59589562aa0ff3295ba5] "C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe" ..
O4 - HKCU\..\Run: [3a7da78435e1522e6c0ff55db7f9983c] "C:\Documents and Settings\Administrator\Local Settings\Temp\RtHDVpl.exe" ..
O4 - HKCU\..\Run: [25A7SV61J7MUJ1HVNMWUAC5HJ] C:\Documents and Settings\Administrator\Data aplikací\R3365FM4QH3VCO020PT48H3H2\25A7SV61J7MUJ1HVNMWUAC5HJ.exe
O4 - HKCU\..\Run: [af029b7100cbb27d8c0472b97315e8d5] "C:\Documents and Settings\Administrator\Local Settings\Temp\avast.exe" ..
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: 08f4dc96bbb7af09d1a37fe35c75a42f.exe
O4 - Startup: 0af5f76d92e1e19f8f89aed57dbd9557.exe
O4 - Startup: 0cc25ddbe65da3a895e33aed8557cc44.exe
O4 - Startup: 0e479c56ed994fcb827e75e9beeec84b.exe
O4 - Startup: 111f9610405fef9aac046ba3f0964d3b.exe
O4 - Startup: 12ce4e06a81e8d54fd01d9b762f1b1bb.exe
O4 - Startup: 1ac54efef229386218f9defd73c9fae1.exe
O4 - Startup: 1e50ad0.exe
O4 - Startup: 2088a7581ca9138eb6b495a7e2a61563.exe
O4 - Startup: 20919c87e749acdfdfee7a147b904bb6.exe
O4 - Startup: 21C2XRQNR6L5ZLmYdwuZVOAfQ2nKI5.exe
O4 - Startup: 2320633bbd5b9c41d628d6d2b760a34d.exe
O4 - Startup: 2abfcd66b0c6b9c9c508f5b1ed61ce2b.exe
O4 - Startup: 2bd0c57c82eb9fcfe246f0e8bf7d37de.exe
O4 - Startup: 2c38cf2388374a93568a4045e16e79fd.exe
O4 - Startup: 351e3643d9060767869a6a4fdd56abee.exe
O4 - Startup: 3a7da78435e1522e6c0ff55db7f9983c.exe
O4 - Startup: 430001ee777c7146029dc9c4a8d25bfa.exe
O4 - Startup: 43190f6ea67f8c9457cd78e7088e3aa6.exe
O4 - Startup: 4c43b68280c8e2855fc15ed589cd9888.exe
O4 - Startup: 55b3825ee39ada2fcddf7c7accbde69e.exe
O4 - Startup: 56abf2286f04ae92141911abfd2f05bb.exe
O4 - Startup: 5cd8f17f4086744065eb0992a09e05a2.exe
O4 - Startup: 67646fee7c94ba8794860eb8b33bc1c4.exe
O4 - Startup: 686c771e3c059c35db6274668d61361c.exe
O4 - Startup: 7f85c10bf3570ca4bf813f5711fb5984.exe
O4 - Startup: 8515eb34d8f9de5af815466e9715b3e5.exe
O4 - Startup: 92f014c544d1f6ba9a2bd7bc0c76a04d.exe
O4 - Startup: a10bbc47dd4a1b4b4afd7c797ba765bb.exe
O4 - Startup: a227b42a3d99b13534b6c73d8df8ac56.exe
O4 - Startup: aa8e5b50d669aecb759f39b0de43a315.exe
O4 - Startup: ac8a034e.exe
O4 - Startup: ae5175946e372dbd8dc68648563564ff.exe
O4 - Startup: ba4c12bee3027d94da5c81db2d196bfd.exe
O4 - Startup: bb60c054.exe
O4 - Startup: bcb47d76.exe
O4 - Startup: bpryiwaiow..vbs
O4 - Startup: c0dfd206df5f0389c3eb91c78d81bb3e.exe
O4 - Startup: c61dfebbd841e9a2cf833a4df4e04423.exe
O4 - Startup: CEsFJyX3QBHm4n4XvAoOVfYhFuOf.exe
O4 - Startup: db7da02fe690f6fcf079052b5d2cd473.exe
O4 - Startup: dd230003a4ee720b25082b75f8442b85.exe
O4 - Startup: df2a88d096b0675487ae4668b623d794.exe
O4 - Startup: ea245fdc7eb8b9a02f20365bd1579c02.exe
O4 - Startup: eQlkG2ZL4Cbe5e6OBaRYSOb2J57.exe
O4 - Startup: eupyaraolh..vbs
O4 - Startup: f6f4805cef84053137ddba2e1538eea5.exe
O4 - Startup: f745de9c10a759e3fdbb7fd429f8a0a0.exe
O4 - Startup: gauswqussd.vbs
O4 - Startup: glypewebwp..vbs
O4 - Startup: hRBFcGkmiBSJ61o9mgukvcrDnOVW.exe
O4 - Startup: JaUvPY5tMDQFrf3YuSK1BbT8np19.exe
O4 - Startup: knphxyhaar.vbs
O4 - Startup: NW2AoAW9SrIAOK28bMQVDH3aUSc.exe
O4 - Startup: nzfqtgxiuu.vbs
O4 - Startup: nzOfZK3NfYUzowTaTQ8ZAZ91sbUv.exe
O4 - Startup: oJB8JLKyx9RIw7JeCfOOFzyBDs7MA4.exe
O4 - Startup: ojnreyupor.vbs
O4 - Startup: pcczgzvsoj.vbs
O4 - Startup: rswfguhvuz.vbs
O4 - Startup: rvezltwmzh..vbs
O4 - Startup: rxnaowisbo..vbs
O4 - Startup: shbdwdtkli.vbs
O4 - Startup: tmp115.tmp.vbs
O4 - Startup: tmp11C.tmp.vbs
O4 - Startup: tmp144.tmp.vbs
O4 - Startup: tmp15C.tmp.vbs
O4 - Startup: tmp15D.tmp.vbs
O4 - Startup: tmp1A0.tmp.vbs
O4 - Startup: tmp1A1.tmp.vbs
O4 - Startup: tmp248.tmp.vbs
O4 - Startup: tmp249.tmp.vbs
O4 - Startup: tmp24A.tmp.vbs
O4 - Startup: tmp2A9.tmp.vbs
O4 - Startup: tmp3A8.tmp.vbs
O4 - Startup: tmp4D.tmp.vbs
O4 - Startup: tmp4E.tmp.vbs
O4 - Startup: tmp50.tmp.vbs
O4 - Startup: tmp51.tmp.vbs
O4 - Startup: tmp52.tmp.vbs
O4 - Startup: tmp62.tmp.vbs
O4 - Startup: tmp67.tmp.vbs
O4 - Startup: tmp68.tmp.vbs
O4 - Startup: tmp6E.tmp.vbs
O4 - Startup: tmp6F.tmp.vbs
O4 - Startup: tmpA1B.tmp.vbs
O4 - Startup: tmpA1C.tmp.vbs
O4 - Startup: tmpA1D.tmp.vbs
O4 - Startup: tmpA1E.tmp.vbs
O4 - Startup: tmpA2.tmp.vbs
O4 - Startup: tmpA3.tmp.vbs
O4 - Startup: tmpA4.tmp.vbs
O4 - Startup: tmpAD.tmp.vbs
O4 - Startup: V7PJZSnxJT8y4fbYploQagGtOlM.exe
O4 - Startup: wvfszvuopj..vbs
O4 - Startup: wyfhxjicra.vbs
O4 - Startup: wyfwklxkzm.vbs
O4 - Startup: xaioytkasp.vbs
O4 - Startup: xjvlxdcaay.vbs
O4 - Startup: ydtuatabjo..vbs
O4 - Startup: zhqyzximlz..vbs
O4 - Startup: zofcilpicj..vbs
O4 - Startup: zvzxlqmjpw..vbs
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Update SecretSauce - Unknown owner - C:\Program Files\SecretSauce\updateSecretSauce.exe
O23 - Service: Util SecretSauce - Unknown owner - C:\Program Files\SecretSauce\bin\utilSecretSauce.exe

--
End of file - 41946 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf24d31b49ec04.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1844237615-725345543-500Core1cef2b9e0448402.job
C:\WINDOWS\tasks\Torntv V7.0-chromeinstaller-dev.job
C:\WINDOWS\tasks\Torntv V7.0-codedownloader.job
C:\WINDOWS\tasks\Torntv V7.0-enabler.job
C:\WINDOWS\tasks\Torntv V7.0-firefoxinstaller.job
C:\WINDOWS\tasks\Torntv V7.0-updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1mtrmgsn.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.171 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46]
"Description"=6.0.12.46
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
talkback@mozilla.org
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
FeedConverter.js
FeedProcessor.js
FeedWriter.js
jar50.dll
jsconsole-clhandler.js
jsd3250.dll
myspell.dll
nppl3260.xpt
nsBookmarkTransactionManager.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsCloseAllWindows.js
nsDefaultCLH.js
nsDictionary.js
nsExtensionManager.js
nsHelperAppDlg.js
nsJSRealPlayerPlugin.xpt
nsMicrosummaryService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsUrlClassifierTable.js
nsURLFormatter.js
nsXmlRpcClient.js
spellchk.dll
WebContentConverter.js
xpinstal.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
nprpjplug.dll

C:\Program Files\Mozilla Firefox\searchplugins\
centrum-cz.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1mtrmgsn.default\extensions\
00cf4073-9c0d-4c73-823c-9627a9ebda10@5ce0c315-7a90-4c46-8428-5c0df674cab0.com
{91da5e8a-3318-4f8c-b67e-5964de3ab546}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901140}]
Torntv V7.0 - C:\Program Files\Torntv V7.0\Torntv V7.0-bho.dll [2014-01-11 640512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-01 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-01 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-31 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-17 1953792]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-27 98304]
"8515eb34d8f9de5af815466e9715b3e5"=C:\Documents and Settings\Administrator\Data aplikací\Trojan.exe [2014-02-08 29696]
"686c771e3c059c35db6274668d61361c"=C:\WINDOWS\WinRAR.exe [2014-01-27 24064]
"ba4c12bee3027d94da5c81db2d196bfd"=C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe [2014-02-05 29696]
"c0dfd206df5f0389c3eb91c78d81bb3e"=C:\WINDOWS\آµTorrent.exe [2014-02-05 24064]
"da9e0b58b4f7fba5f8cc884a0980ca77"=C:\Documents and Settings\Administrator\Local Settings\Temp\ffffffft.exe [2014-02-05 28672]
"13e5090cee57967233f9b6a72ec1c5dd"=C:\Documents and Settings\Administrator\Local Settings\Temp\Google.exe [2014-02-06 29696]
"4c43b68280c8e2855fc15ed589cd9888"=C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe [2014-02-06 24064]
"gauswqussd"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs []
"2abfcd66b0c6b9c9c508f5b1ed61ce2b"=C:\Documents and Settings\Administrator\Local Settings\Temp\yay.exe [2014-02-06 24064]
"knphxyhaar"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs []
"0937ecfd078670c0cd5006135073aeda"=C:\Documents and Settings\Administrator\Data aplikací\System.exe [2014-02-06 24064]
"tmp4D"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4D.tmp.vbs []
"tmp4E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4E.tmp.vbs []
"430001ee777c7146029dc9c4a8d25bfa"=C:\Documents and Settings\Administrator\Local Settings\Temp\svhost.exe [2014-02-06 16384]
"tmp50"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp50.tmp.vbs []
"tmp51"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp51.tmp.vbs []
"tmp52"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp52.tmp.vbs []
"2320633bbd5b9c41d628d6d2b760a34d"=C:\Documents and Settings\Administrator\Local Settings\Temp\System32.exe [2014-02-06 10240]
"xaioytkasp"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs []
"12ce4e06a81e8d54fd01d9b762f1b1bb"=C:\Documents and Settings\Administrator\Local Settings\Temp\system.exe [2014-02-06 29184]
"wyfwklxkzm"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfwklxkzm.vbs []
"tmp144"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp144.tmp.vbs []
"abb278f5f94f5be17c28e4761048b650"=C:\Documents and Settings\Administrator\Data aplikací\taskhost.exe [2014-02-07 130560]
"tmp248"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp248.tmp.vbs []
"tmp249"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp249.tmp.vbs []
"tmp24A"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp24A.tmp.vbs []
"tmp2A9"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2A9.tmp.vbs []
"ojnreyupor"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ojnreyupor.vbs []
"shbdwdtkli"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\shbdwdtkli.vbs []
"pcczgzvsoj"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pcczgzvsoj.vbs []
"tmp3A8"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3A8.tmp.vbs []
"f6f4805cef84053137ddba2e1538eea5"=C:\Documents and Settings\Administrator\Local Settings\Temp\Ch Cyber.exe [2014-02-07 38912]
"5cd8f17f4086744065eb0992a09e05a2"=C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe [2014-02-07 29696]
"df2a88d096b0675487ae4668b623d794"=C:\Documents and Settings\Administrator\Local Settings\Temp\HAckeD.exe [2014-02-07 29696]
"ea245fdc7eb8b9a02f20365bd1579c02"=C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe [2014-02-07 29696]
"wyfhxjicra"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs []
"aa8e5b50d669aecb759f39b0de43a315"=C:\Documents and Settings\Administrator\Local Settings\Temp\tata.exe [2014-02-08 23040]
"c61dfebbd841e9a2cf833a4df4e04423"=C:\Documents and Settings\Administrator\Data aplikací\IDM.exe [2014-02-08 24064]
"0f2ca73cfc01a1cdff66f73f54410096"=C:\Documents and Settings\Administrator\Local Settings\Temp\win.exe [2014-02-08 24064]
"56abf2286f04ae92141911abfd2f05bb"=C:\Documents and Settings\Administrator\Data aplikací\torgan.exe [2014-02-08 44544]
"55b3825ee39ada2fcddf7c7accbde69e"=C:\Documents and Settings\Administrator\Local Settings\Temp\Windows.exe [2014-02-08 24576]
"2c38cf2388374a93568a4045e16e79fd"=C:\Documents and Settings\Administrator\Local Settings\Temp\Computer.exe [2014-02-08 44544]
"dd230003a4ee720b25082b75f8442b85"=C:\Documents and Settings\Administrator\Local Settings\Temp\saysteme32.exe [2014-02-08 44544]
"xjvlxdcaay"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs []
"zofcilpicj"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zofcilpicj..vbs []
"92f014c544d1f6ba9a2bd7bc0c76a04d"=C:\Documents and Settings\Administrator\Google.exe [2014-02-08 24064]
"tmpA1B"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1B.tmp.vbs []
"tmpA1C"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1C.tmp.vbs []
"tmpA1D"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1D.tmp.vbs []
"tmpA1E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1E.tmp.vbs []
"rswfguhvuz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs []
"111f9610405fef9aac046ba3f0964d3b"=C:\Documents and Settings\Administrator\Local Settings\Temp\torndt.exe [2014-02-08 29696]
"wvfszvuopj"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wvfszvuopj..vbs []
"bpryiwaiow"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bpryiwaiow..vbs []
"tmp115"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp115.tmp.vbs []
"tmp11C"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp11C.tmp.vbs []
"260c9128c15f15ea2236f0c7f1853b94"=C:\Documents and Settings\Administrator\Local Settings\Temp\taki.exe [2014-02-08 24064]
"eupyaraolh"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eupyaraolh..vbs []
"351e3643d9060767869a6a4fdd56abee"=C:\Documents and Settings\Administrator\Data aplikací\chrome.exe [2014-02-08 24064]
"tmp15C"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15C.tmp.vbs []
"tmp15D"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15D.tmp.vbs []
"0e479c56ed994fcb827e75e9beeec84b"=C:\Documents and Settings\Administrator\Local Settings\Temp\iexplorer.exe [2014-02-08 24064]
"20919c87e749acdfdfee7a147b904bb6"=C:\Documents and Settings\Administrator\Local Settings\Temp\systeme32.exe [2014-02-08 44544]
"rxnaowisbo"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxnaowisbo..vbs []
"zhqyzximlz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zhqyzximlz..vbs []
"zvzxlqmjpw"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zvzxlqmjpw..vbs []
"rvezltwmzh"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rvezltwmzh..vbs []
"2bd0c57c82eb9fcfe246f0e8bf7d37de"=C:\Documents and Settings\Administrator\Local Settings\Temp\11.exe [2014-02-08 29696]
"a072bdf45970705c00d71b81813e62d5"=C:\Documents and Settings\Administrator\server.exe [2014-02-08 271360]
"ae5175946e372dbd8dc68648563564ff"=C:\Documents and Settings\Administrator\Local Settings\Temp\9.exe [2014-02-08 44544]
"tmp1A0"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1A0.tmp.vbs []
"tmp1A1"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1A1.tmp.vbs []
"0cc25ddbe65da3a895e33aed8557cc44"=C:\Documents and Settings\Administrator\Data aplikací\ide.exe [2014-02-08 24064]
"030da8038c12fa369d906277cce4201e"=C:\Documents and Settings\Administrator\Data aplikací\server.exe [2014-02-08 24064]
"a10bbc47dd4a1b4b4afd7c797ba765bb"=C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe [2014-02-08 24064]
"08f4dc96bbb7af09d1a37fe35c75a42f"=C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe [2014-02-09 264192]
"a227b42a3d99b13534b6c73d8df8ac56"=C:\Documents and Settings\Administrator\Local Settings\Temp\photo.exe [2014-02-09 31232]
"67646fee7c94ba8794860eb8b33bc1c4"=C:\Documents and Settings\Administrator\Data aplikací\njrat.exe [2014-02-09 34816]
"8f67cfd31393fcfcdcd3cc631bf658d6"=C:\Documents and Settings\All Users\rgdgei.exe [2014-02-09 26112]
"db7da02fe690f6fcf079052b5d2cd473"=C:\Documents and Settings\Administrator\Winrar.exe [2014-02-09 62976]
"tmp62"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs []
"tmp67"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs []
"tmp68"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs []
"tmp6E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs []
"tmp6F"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs []
"2088a7581ca9138eb6b495a7e2a61563"=C:\Documents and Settings\Administrator\Local Settings\Temp\go0gle.exe [2014-02-09 23040]
"f3dfe1343af279606090d5deb2cb7bca"=C:\Documents and Settings\All Users\server.exe [2014-02-09 24064]
"nzfqtgxiuu"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs []
"f745de9c10a759e3fdbb7fd429f8a0a0"=C:\Documents and Settings\Administrator\Data aplikací\windows.exe [2014-02-09 24064]
"system"=C:\WINDOWS\system32\InstallDir\Server.exe [2014-02-09 449024]
"306b4bfe3a202356bb0073c109163df0"=C:\Documents and Settings\Administrator\Local Settings\Temp\firfox.exe [2014-02-09 29696]
"tmpA2"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA2.tmp.vbs []
"tmpA3"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA3.tmp.vbs []
"tmpA4"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA4.tmp.vbs []
"tmpAD"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Steam"=C:\Program Files\Steam\Steam.exe [2014-01-27 1815976]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2013-03-14 3093624]
"RGSC"=E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"8515eb34d8f9de5af815466e9715b3e5"=C:\Documents and Settings\Administrator\Data aplikací\Trojan.exe [2014-02-08 29696]
"686c771e3c059c35db6274668d61361c"=C:\WINDOWS\WinRAR.exe [2014-01-27 24064]
"ba4c12bee3027d94da5c81db2d196bfd"=C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe [2014-02-05 29696]
"c0dfd206df5f0389c3eb91c78d81bb3e"=C:\WINDOWS\آµTorrent.exe [2014-02-05 24064]
"da9e0b58b4f7fba5f8cc884a0980ca77"=C:\Documents and Settings\Administrator\Local Settings\Temp\ffffffft.exe [2014-02-05 28672]
"13e5090cee57967233f9b6a72ec1c5dd"=C:\Documents and Settings\Administrator\Local Settings\Temp\Google.exe [2014-02-06 29696]
"4c43b68280c8e2855fc15ed589cd9888"=C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe [2014-02-06 24064]
"gauswqussd"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs []
"2abfcd66b0c6b9c9c508f5b1ed61ce2b"=C:\Documents and Settings\Administrator\Local Settings\Temp\yay.exe [2014-02-06 24064]
"knphxyhaar"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs []
"0937ecfd078670c0cd5006135073aeda"=C:\Documents and Settings\Administrator\Data aplikací\System.exe [2014-02-06 24064]
"tmp4D"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4D.tmp.vbs []
"tmp4E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp4E.tmp.vbs []
"430001ee777c7146029dc9c4a8d25bfa"=C:\Documents and Settings\Administrator\Local Settings\Temp\svhost.exe [2014-02-06 16384]
"tmp50"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp50.tmp.vbs []
"tmp51"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp51.tmp.vbs []
"tmp52"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp52.tmp.vbs []
"2320633bbd5b9c41d628d6d2b760a34d"=C:\Documents and Settings\Administrator\Local Settings\Temp\System32.exe [2014-02-06 10240]
"xaioytkasp"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs []
"12ce4e06a81e8d54fd01d9b762f1b1bb"=C:\Documents and Settings\Administrator\Local Settings\Temp\system.exe [2014-02-06 29184]
"wyfwklxkzm"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfwklxkzm.vbs []
"tmp144"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp144.tmp.vbs []
"abb278f5f94f5be17c28e4761048b650"=C:\Documents and Settings\Administrator\Data aplikací\taskhost.exe [2014-02-07 130560]
"tmp248"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp248.tmp.vbs []
"tmp249"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp249.tmp.vbs []
"tmp24A"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp24A.tmp.vbs []
"tmp2A9"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2A9.tmp.vbs []
"ojnreyupor"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ojnreyupor.vbs []
"shbdwdtkli"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\shbdwdtkli.vbs []
"pcczgzvsoj"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pcczgzvsoj.vbs []
"Explorer"=C:\Documents and Settings\Administrator\Local Settings\Temp\Chrome\Explorer.exe [2014-02-07 301056]
"tmp3A8"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3A8.tmp.vbs []
"f6f4805cef84053137ddba2e1538eea5"=C:\Documents and Settings\Administrator\Local Settings\Temp\Ch Cyber.exe [2014-02-07 38912]
"5cd8f17f4086744065eb0992a09e05a2"=C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe [2014-02-07 29696]
"df2a88d096b0675487ae4668b623d794"=C:\Documents and Settings\Administrator\Local Settings\Temp\HAckeD.exe [2014-02-07 29696]
"ea245fdc7eb8b9a02f20365bd1579c02"=C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe [2014-02-07 29696]
"wyfhxjicra"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs []
"aa8e5b50d669aecb759f39b0de43a315"=C:\Documents and Settings\Administrator\Local Settings\Temp\tata.exe [2014-02-08 23040]
"c61dfebbd841e9a2cf833a4df4e04423"=C:\Documents and Settings\Administrator\Data aplikací\IDM.exe [2014-02-08 24064]
"0f2ca73cfc01a1cdff66f73f54410096"=C:\Documents and Settings\Administrator\Local Settings\Temp\win.exe [2014-02-08 24064]
"56abf2286f04ae92141911abfd2f05bb"=C:\Documents and Settings\Administrator\Data aplikací\torgan.exe [2014-02-08 44544]
"55b3825ee39ada2fcddf7c7accbde69e"=C:\Documents and Settings\Administrator\Local Settings\Temp\Windows.exe [2014-02-08 24576]
"2c38cf2388374a93568a4045e16e79fd"=C:\Documents and Settings\Administrator\Local Settings\Temp\Computer.exe [2014-02-08 44544]
"dd230003a4ee720b25082b75f8442b85"=C:\Documents and Settings\Administrator\Local Settings\Temp\saysteme32.exe [2014-02-08 44544]
"xjvlxdcaay"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs []
"zofcilpicj"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zofcilpicj..vbs []
"92f014c544d1f6ba9a2bd7bc0c76a04d"=C:\Documents and Settings\Administrator\Google.exe [2014-02-08 24064]
"tmpA1B"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1B.tmp.vbs []
"tmpA1C"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1C.tmp.vbs []
"tmpA1D"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1D.tmp.vbs []
"tmpA1E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA1E.tmp.vbs []
"rswfguhvuz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs []
"111f9610405fef9aac046ba3f0964d3b"=C:\Documents and Settings\Administrator\Local Settings\Temp\torndt.exe [2014-02-08 29696]
"wvfszvuopj"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wvfszvuopj..vbs []
"bpryiwaiow"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bpryiwaiow..vbs []
"tmp115"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp115.tmp.vbs []
"tmp11C"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp11C.tmp.vbs []
"260c9128c15f15ea2236f0c7f1853b94"=C:\Documents and Settings\Administrator\Local Settings\Temp\taki.exe [2014-02-08 24064]
"eupyaraolh"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eupyaraolh..vbs []
"351e3643d9060767869a6a4fdd56abee"=C:\Documents and Settings\Administrator\Data aplikací\chrome.exe [2014-02-08 24064]
"tmp15C"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15C.tmp.vbs []
"tmp15D"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15D.tmp.vbs []
"0e479c56ed994fcb827e75e9beeec84b"=C:\Documents and Settings\Administrator\Local Settings\Temp\iexplorer.exe [2014-02-08 24064]
"20919c87e749acdfdfee7a147b904bb6"=C:\Documents and Settings\Administrator\Local Settings\Temp\systeme32.exe [2014-02-08 44544]
"rxnaowisbo"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxnaowisbo..vbs []
"zhqyzximlz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zhqyzximlz..vbs []
"zvzxlqmjpw"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zvzxlqmjpw..vbs []
"rvezltwmzh"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rvezltwmzh..vbs []
"2bd0c57c82eb9fcfe246f0e8bf7d37de"=C:\Documents and Settings\Administrator\Local Settings\Temp\11.exe [2014-02-08 29696]
"a072bdf45970705c00d71b81813e62d5"=C:\Documents and Settings\Administrator\server.exe [2014-02-08 271360]
"ae5175946e372dbd8dc68648563564ff"=C:\Documents and Settings\Administrator\Local Settings\Temp\9.exe [2014-02-08 44544]
"tmp1A0"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1A0.tmp.vbs []
"tmp1A1"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1A1.tmp.vbs []
"0cc25ddbe65da3a895e33aed8557cc44"=C:\Documents and Settings\Administrator\Data aplikací\ide.exe [2014-02-08 24064]
"030da8038c12fa369d906277cce4201e"=C:\Documents and Settings\Administrator\Data aplikací\server.exe [2014-02-08 24064]
"a10bbc47dd4a1b4b4afd7c797ba765bb"=C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe [2014-02-08 24064]
"08f4dc96bbb7af09d1a37fe35c75a42f"=C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe [2014-02-09 264192]
"a227b42a3d99b13534b6c73d8df8ac56"=C:\Documents and Settings\Administrator\Local Settings\Temp\photo.exe [2014-02-09 31232]
"67646fee7c94ba8794860eb8b33bc1c4"=C:\Documents and Settings\Administrator\Data aplikací\njrat.exe [2014-02-09 34816]
"8f67cfd31393fcfcdcd3cc631bf658d6"=C:\Documents and Settings\All Users\rgdgei.exe [2014-02-09 26112]
"db7da02fe690f6fcf079052b5d2cd473"=C:\Documents and Settings\Administrator\Winrar.exe [2014-02-09 62976]
"tmp62"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs []
"tmp67"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs []
"tmp68"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs []
"tmp6E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs []
"tmp6F"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs []
"2088a7581ca9138eb6b495a7e2a61563"=C:\Documents and Settings\Administrator\Local Settings\Temp\go0gle.exe [2014-02-09 23040]
"f3dfe1343af279606090d5deb2cb7bca"=C:\Documents and Settings\All Users\server.exe [2014-02-09 24064]
"nzfqtgxiuu"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs []
"f745de9c10a759e3fdbb7fd429f8a0a0"=C:\Documents and Settings\Administrator\Data aplikací\windows.exe [2014-02-09 24064]
"system"=C:\WINDOWS\system32\InstallDir\Server.exe [2014-02-09 449024]
"306b4bfe3a202356bb0073c109163df0"=C:\Documents and Settings\Administrator\Local Settings\Temp\firfox.exe [2014-02-09 29696]
"tmpA2"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA2.tmp.vbs []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [2007-09-06 406944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-05-02 136176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
08f4dc96bbb7af09d1a37fe35c75a42f.exe
0af5f76d92e1e19f8f89aed57dbd9557.exe
0cc25ddbe65da3a895e33aed8557cc44.exe
0e479c56ed994fcb827e75e9beeec84b.exe
111f9610405fef9aac046ba3f0964d3b.exe
12ce4e06a81e8d54fd01d9b762f1b1bb.exe
1ac54efef229386218f9defd73c9fae1.exe
1e50ad0.exe
2088a7581ca9138eb6b495a7e2a61563.exe
20919c87e749acdfdfee7a147b904bb6.exe
21C2XRQNR6L5ZLmYdwuZVOAfQ2nKI5.exe
2320633bbd5b9c41d628d6d2b760a34d.exe
2abfcd66b0c6b9c9c508f5b1ed61ce2b.exe
2bd0c57c82eb9fcfe246f0e8bf7d37de.exe
2c38cf2388374a93568a4045e16e79fd.exe
351e3643d9060767869a6a4fdd56abee.exe
3a7da78435e1522e6c0ff55db7f9983c.exe
430001ee777c7146029dc9c4a8d25bfa.exe
43190f6ea67f8c9457cd78e7088e3aa6.exe
4c43b68280c8e2855fc15ed589cd9888.exe
55b3825ee39ada2fcddf7c7accbde69e.exe
56abf2286f04ae92141911abfd2f05bb.exe
5cd8f17f4086744065eb0992a09e05a2.exe
67646fee7c94ba8794860eb8b33bc1c4.exe
686c771e3c059c35db6274668d61361c.exe
7f85c10bf3570ca4bf813f5711fb5984.exe
8515eb34d8f9de5af815466e9715b3e5.exe
92f014c544d1f6ba9a2bd7bc0c76a04d.exe
a10bbc47dd4a1b4b4afd7c797ba765bb.exe
a227b42a3d99b13534b6c73d8df8ac56.exe
aa8e5b50d669aecb759f39b0de43a315.exe
ac8a034e.exe
ae5175946e372dbd8dc68648563564ff.exe
ba4c12bee3027d94da5c81db2d196bfd.exe
bb60c054.exe
bcb47d76.exe
bpryiwaiow..vbs
c0dfd206df5f0389c3eb91c78d81bb3e.exe
c61dfebbd841e9a2cf833a4df4e04423.exe
CEsFJyX3QBHm4n4XvAoOVfYhFuOf.exe
db7da02fe690f6fcf079052b5d2cd473.exe
dd230003a4ee720b25082b75f8442b85.exe
df2a88d096b0675487ae4668b623d794.exe
ea245fdc7eb8b9a02f20365bd1579c02.exe
eQlkG2ZL4Cbe5e6OBaRYSOb2J57.exe
eupyaraolh..vbs
f6f4805cef84053137ddba2e1538eea5.exe
f745de9c10a759e3fdbb7fd429f8a0a0.exe
gauswqussd.vbs
glypewebwp..vbs
hRBFcGkmiBSJ61o9mgukvcrDnOVW.exe
JaUvPY5tMDQFrf3YuSK1BbT8np19.exe
knphxyhaar.vbs
NW2AoAW9SrIAOK28bMQVDH3aUSc.exe
nzfqtgxiuu.vbs
nzOfZK3NfYUzowTaTQ8ZAZ91sbUv.exe
oJB8JLKyx9RIw7JeCfOOFzyBDs7MA4.exe
ojnreyupor.vbs
pcczgzvsoj.vbs
rswfguhvuz.vbs
rvezltwmzh..vbs
rxnaowisbo..vbs
shbdwdtkli.vbs
tmp115.tmp.vbs
tmp11C.tmp.vbs
tmp144.tmp.vbs
tmp15C.tmp.vbs
tmp15D.tmp.vbs
tmp1A0.tmp.vbs
tmp1A1.tmp.vbs
tmp248.tmp.vbs
tmp249.tmp.vbs
tmp24A.tmp.vbs
tmp2A9.tmp.vbs
tmp3A8.tmp.vbs
tmp4D.tmp.vbs
tmp4E.tmp.vbs
tmp50.tmp.vbs
tmp51.tmp.vbs
tmp52.tmp.vbs
tmp62.tmp.vbs
tmp67.tmp.vbs
tmp68.tmp.vbs
tmp6E.tmp.vbs
tmp6F.tmp.vbs
tmpA1B.tmp.vbs
tmpA1C.tmp.vbs
tmpA1D.tmp.vbs
tmpA1E.tmp.vbs
tmpA2.tmp.vbs
tmpA3.tmp.vbs
tmpA4.tmp.vbs
tmpAD.tmp.vbs
V7PJZSnxJT8y4fbYploQagGtOlM.exe
wvfszvuopj..vbs
wyfhxjicra.vbs
wyfwklxkzm.vbs
xaioytkasp.vbs
xjvlxdcaay.vbs
ydtuatabjo..vbs
zhqyzximlz..vbs
zofcilpicj..vbs
zvzxlqmjpw..vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-28 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Games\CoD_4\iw3mp.exe"="E:\Games\CoD_4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"E:\Games\AoE_III\age3x.exe"="E:\Games\AoE_III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"E:\Games\AoE_III\age3y.exe"="E:\Games\AoE_III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe"="E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"E:\Games\Empire_Earth_III\EE3.exe"="E:\Games\Empire_Earth_III\EE3.exe:*:Enabled:Empire Earth III"
"E:\Games\Zoo_tycoon_2\zt.exe"="E:\Games\Zoo_tycoon_2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\Games\Mass Effect\Binaries\MassEffect.exe"="E:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"E:\Games\Mass Effect\MassEffectLauncher.exe"="E:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"E:\Games\CoD_5\CoDWaWmp.exe"="E:\Games\CoD_5\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\CoD_5\CoDWaW.exe"="E:\Games\CoD_5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\Settlers_6\base\bin\Settlers6.exe"="E:\Games\Settlers_6\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"E:\Games\Settlers_6\extra1\bin\Settlers6.exe"="E:\Games\Settlers_6\extra1\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire - The Eastern Realm"
"E:\Games\Dungeon_Siege_II\DungeonSiege2.exe"="E:\Games\Dungeon_Siege_II\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe"="C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express"
"E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe"="E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7 - Paths to a Kingdom"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe"="E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe"="E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe:*:Enabled:Zataženo, občas trakaře"
"E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe"="E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe:*:Enabled:Borderlands 2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Games\World_of_Tanks\WorldOfTanks.exe"="E:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Games\Avatar\bin\Avatar.exe"="E:\Games\Avatar\bin\Avatar.exe:*:Enabled:James Cameron's AVATAR(tm): THE GAME"
"E:\Games\Avatar\bin\AvatarLauncher.exe"="E:\Games\Avatar\bin\AvatarLauncher.exe:*:Enabled:Updater"
"E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Games\LOTR_II\game.dat"="D:\Games\LOTR_II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"D:\LOTR_II\game.dat"="D:\LOTR_II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"E:\Games\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Games\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Hra"
"E:\Games\Mass Effect 2\MassEffect2Launcher.exe"="E:\Games\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Spustit"
"E:\Games\TmNationsForever\TmForever.exe"="E:\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe"="D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe:*:Enabled:Cook, Serve, Delicious!"
"E:\Games\World_of_Tanks\WOTLauncher.exe"="E:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\Techland\Call of Juarez\CoJ.exe"="C:\Program Files\Techland\Call of Juarez\CoJ.exe:*:Enabled:The Call of Juarez"
"C:\Documents and Settings\Administrator\Local Settings\Temp\System32.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\System32.exe:*:Enabled:System32.exe"
"C:\Documents and Settings\Administrator\Local Settings\temp\gta 5.exe"="C:\Documents and Settings\Administrator\Local Settings\temp\gta 5.exe:*:Enabled:gta 5.exe"
"C:\Documents and Settings\Administrator\Local Settings\temp\system 32.exe"="C:\Documents and Settings\Administrator\Local Settings\temp\system 32.exe:*:Enabled:system 32.exe"
"C:\Documents and Settings\Administrator\Data aplikací\Trojan.exe"="C:\Documents and Settings\Administrator\Data aplikací\Trojan.exe:*:Enabled:Trojan.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\yay.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\yay.exe:*:Enabled:yay.exe"
"C:\WINDOWS\آµTorrent.exe"="C:\WINDOWS\آµTorrent.exe:*:Enabled:آµTorrent.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\Google.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\Google.exe:*:Enabled:Google.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe:*:Enabled:svchost.exe"
"C:\WINDOWS\WinRAR.exe"="C:\WINDOWS\WinRAR.exe:*:Enabled:WinRAR.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\ffffffft.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\ffffffft.exe:*:Enabled:ffffffft.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe:*:Enabled:server.exe"
"C:\Documents and Settings\Administrator\Data aplikací\System.exe"="C:\Documents and Settings\Administrator\Data aplikací\System.exe:*:Enabled:System.exe"
"C:\Documents and Settings\Administrator\Data aplikací\IDM.exe"="C:\Documents and Settings\Administrator\Data aplikací\IDM.exe:*:Enabled:IDM.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\win.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\win.exe:*:Enabled:win.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\torndt.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\torndt.exe:*:Enabled:torndt.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\tata.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\tata.exe:*:Enabled:tata.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\32Bit.exe:*:Enabled:32Bit.exe"
"C:\Documents and Settings\Administrator\Google.exe"="C:\Documents and Settings\Administrator\Google.exe:*:Enabled:Google.exe"
"C:\Documents and Settings\Administrator\Data aplikací\njrat.exe"="C:\Documents and Settings\Administrator\Data aplikací\njrat.exe:*:Enabled:njrat.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\Ch Cyber.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\Ch Cyber.exe:*:Enabled:Ch Cyber.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\system.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\system.exe:*:Enabled:system.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\Windows.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\Windows.exe:*:Enabled:Windows.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\HAckeD.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\HAckeD.exe:*:Enabled:HAckeD.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\go0gle.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\go0gle.exe:*:Enabled:go0gle.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe:*:Enabled:dwm.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\taki.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\taki.exe:*:Enabled:taki.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\photo.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\photo.exe:*:Enabled:photo.exe"
"C:\Documents and Settings\Administrator\Data aplikací\taskhost.exe"="C:\Documents and Settings\Administrator\Data aplikací\taskhost.exe:*:Enabled:taskhost.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe:*:Enabled:Trojan.exe"
"C:\Documents and Settings\Administrator\Winrar.exe"="C:\Documents and Settings\Administrator\Winrar.exe:*:Enabled:Winrar.exe"
"C:\Documents and Settings\Administrator\server.exe"="C:\Documents and Settings\Administrator\server.exe:*:Enabled:server.exe"
"C:\Documents and Settings\Administrator\Data aplikací\server.exe"="C:\Documents and Settings\Administrator\Data aplikací\server.exe:*:Enabled:server.exe"
"C:\Documents and Settings\Administrator\Data aplikací\chrome.exe"="C:\Documents and Settings\Administrator\Data aplikací\chrome.exe:*:Enabled:chrome.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\iexplorer.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\iexplorer.exe:*:Enabled:iexplorer.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\11.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\11.exe:*:Enabled:11.exe"
"C:\Documents and Settings\All Users\rgdgei.exe"="C:\Documents and Settings\All Users\rgdgei.exe:*:Enabled:rgdgei.exe"
"C:\Documents and Settings\Administrator\Data aplikací\ide.exe"="C:\Documents and Settings\Administrator\Data aplikací\ide.exe:*:Enabled:ide.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\saysteme32.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\saysteme32.exe:*:Enabled:saysteme32.exe"
"C:\Documents and Settings\Administrator\Data aplikací\torgan.exe"="C:\Documents and Settings\Administrator\Data aplikací\torgan.exe:*:Enabled:torgan.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\Computer.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\Computer.exe:*:Enabled:Computer.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe:*:Enabled:explorer.exe"
"C:\Documents and Settings\Administrator\Data aplikací\windows.exe"="C:\Documents and Settings\Administrator\Data aplikací\windows.exe:*:Enabled:windows.exe"
"C:\Documents and Settings\All Users\server.exe"="C:\Documents and Settings\All Users\server.exe:*:Enabled:server.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\firfox.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\firfox.exe:*:Enabled:firfox.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\systeme32.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\systeme32.exe:*:Enabled:systeme32.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\abd_almajed.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\abd_almajed.exe:*:Enabled:abd_almajed.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\avast.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\avast.exe:*:Enabled:avast.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\Torgan.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\Torgan.exe:*:Enabled:Torgan.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\9.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\9.exe:*:Enabled:9.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe:*:Enabled:csrss.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\avira.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\avira.exe:*:Enabled:avira.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\RtHDVpl.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\RtHDVpl.exe:*:Enabled:RtHDVpl.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\Mozilla Firefox.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\Mozilla Firefox.exe:*:Enabled:Mozilla Firefox.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\svhost.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\svhost.exe:*:Enabled:svhost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=iyvu9_32.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv41"=ir41_32.ax

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-02-10 14:54:55 ----D---- C:\Documents and Settings\Administrator\Data aplikací\R3365FM4QH3VCO020PT48H3H2
2014-02-10 14:54:37 ----H---- C:\FirFox.exe
2014-02-09 20:06:10 ----RSHD---- C:\WINDOWS\system32\InstallDir
2014-02-09 20:03:52 ----A---- C:\Documents and Settings\Administrator\Data aplikací\windows.exe
2014-02-09 12:55:02 ----A---- C:\Documents and Settings\Administrator\Data aplikací\njrat.exe.tmp
2014-02-09 12:54:32 ----A---- C:\Documents and Settings\Administrator\Data aplikací\njrat.exe
2014-02-08 21:39:42 ----A---- C:\Documents and Settings\Administrator\Data aplikací\server.exe
2014-02-08 21:26:20 ----A---- C:\Documents and Settings\Administrator\Data aplikací\ide.exe
2014-02-08 19:20:55 ----A---- C:\Documents and Settings\Administrator\Data aplikací\chrome.exe
2014-02-08 12:20:43 ----A---- C:\Documents and Settings\Administrator\Data aplikací\torgan.exe.tmp
2014-02-08 12:20:38 ----A---- C:\Documents and Settings\Administrator\Data aplikací\torgan.exe
2014-02-08 10:14:47 ----A---- C:\Documents and Settings\Administrator\Data aplikací\IDM.exe
2014-02-06 15:51:47 ----A---- C:\Documents and Settings\Administrator\Data aplikací\System.exe
2014-02-06 13:02:46 ----A---- C:\Documents and Settings\Administrator\Data aplikací\taskhost.exe.tmp
2014-02-06 13:02:26 ----A---- C:\Documents and Settings\Administrator\Data aplikací\taskhost.exe
2014-02-05 19:08:59 ----A---- C:\WINDOWS\آµTorrent.exe
2014-01-27 20:00:13 ----A---- C:\WINDOWS\WinRAR.exe
2014-01-22 10:28:31 ----A---- C:\Documents and Settings\Administrator\Data aplikací\Trojan.exe.tmp
2014-01-22 10:28:26 ----A---- C:\Documents and Settings\Administrator\Data aplikací\Trojan.exe
2014-01-18 19:25:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2014-01-11 12:15:18 ----D---- C:\Program Files\The Stalin Subway
2014-01-11 12:04:28 ----D---- C:\Program Files\Torntv V7.0
2014-01-11 12:04:22 ----D---- C:\Program Files\SecretSauce
2014-01-11 12:04:01 ----D---- C:\Program Files\TornTV.com

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 10 úno 2014 19:38
od jmeno1
======List of files/folders modified in the last 1 month======

2014-02-10 19:23:45 ----D---- C:\Program Files\trend micro
2014-02-10 19:13:49 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-10 19:13:14 ----D---- C:\Program Files\Steam
2014-02-10 19:11:01 ----D---- C:\WINDOWS\temp
2014-02-10 19:10:59 ----SHD---- C:\WINDOWS\CSC
2014-02-10 19:10:58 ----D---- C:\WINDOWS
2014-02-09 20:06:10 ----D---- C:\WINDOWS\system32
2014-02-08 14:39:27 ----SHD---- C:\WINDOWS\Installer
2014-02-08 14:39:19 ----RD---- C:\Program Files
2014-02-08 14:38:53 ----SD---- C:\WINDOWS\Tasks
2014-01-18 19:24:00 ----RSD---- C:\WINDOWS\assembly
2014-01-18 19:23:43 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-08 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-11-21 43648]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-01-31 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-09-04 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-05 281760]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-05 25888]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-28 6646784]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-26 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2011-07-28 1763584]
S3 asl665ln;asl665ln; C:\WINDOWS\system32\drivers\asl665ln.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest Ultimate WAR\kerneld.wnt []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-28 643072]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2008-03-17 46080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-01 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-03-19 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 Update SecretSauce;Update SecretSauce; C:\Program Files\SecretSauce\updateSecretSauce.exe [2014-02-05 80160]
R2 Util SecretSauce;Util SecretSauce; C:\Program Files\SecretSauce\bin\utilSecretSauce.exe [2014-02-05 80160]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-10 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Musel jsem to vložit na 2x, je to moc velké. PC je od syna, nevím co tam kutil. Díky.

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 11 úno 2014 07:18
od cernohous13
Zdravím,

tak toto jsme tu ještě neviděli :shock:

Nejprve otázka:
Systém je legální? proč tam ještě není SP3? :?:

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 11 úno 2014 13:40
od jmeno1
PC je staré 7-8 let a vůbec se o toto PC nestarám. Jak jsem už uvedl patří synovi 15 let a vůbec jsem neřešil co tam kutí a přiznám se, že ani nevím zda je OS legální či nikoliv. PC je z druhé ruky. Až teď přišel syn ke křížku, že má problém. Když jsem tak očima přeletěl některé ty viry, tak asi nejjednodušší bude kompletní formát a přeinstalace, že? Ono po těch letech už na to má ten comp asi i nárok a žádná data tam nejsou.

PS: Na to, že tam není SP3, antivirák, firewall jen z OS, tak to vydrželo docela dost. :)

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 11 úno 2014 17:02
od cernohous13
Pokud si troufáš na reinstal tak by to asi bylo nejčistější :wink:
Problém může nastat při hledání instalačního CD, instalace ovladačů a všech aktualizací :?:

Napiš jestli to zkusíme vyčistit a zkusíme to (máme na to páky) je to jen otázka tvého volného času :D

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 11 úno 2014 17:43
od jmeno1
OK, zkusíme to, jinak bych to kompletně přeinstaloval. Musel bych koupit Win 7, což by kluk uvítal, protože některé hry už stejně XP nechtějí (F1 2012, 2013).

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 11 úno 2014 18:08
od cernohous13
:arrow:Stáhni si zde :arrow: : ComboFix
a ulož ho na plochu.

:arrow: Stáhni Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkus stáhnout jiný - ulož na plochu
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

:arrow: Restartuj do nouzového režimu.

-spusť Rkill a nechej ho pracovat. Sám se ukončí.

- :!: Teď nesmíš restartovat počítač!

:arrow: Spusť ComboFix.exe
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
:arrow: Pokud vyskočí hláška "Pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění", tak jen restartuj PC - registr se dá do kupy
:arrow: Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a "Poslední známá funkční konfigurace"

:arrow: při problému se ozvi

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 11 úno 2014 18:51
od jmeno1
ComboFix 14-02-11.01 - Administrator 11.02.2014 18:19:40.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1363 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Microsoft\Windows\limwk6pDsCFw.dat
c:\documents and settings\Administrator\Data aplikací\Microsoft\Windows\limwk6pDsCFw.xtr
c:\documents and settings\Jan Kubesa\WINDOWS
C:\Install.exe
C:\Thumbs.db
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-11 do 2014-02-11 )))))))))))))))))))))))))))))))
.
.
2014-02-08 14:01 . 2014-02-08 14:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Torntv V7.0
2014-02-01 13:41 . 2014-02-01 22:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\CSDSteamBuild
2014-01-23 16:28 . 2014-01-23 16:28 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Activision
2014-01-18 18:25 . 2014-02-08 10:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 17:09 . 2007-11-11 06:30 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 17:09 . 2007-11-11 06:30 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 17:09 . 2007-11-11 06:30 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 17:09 . 2007-11-11 06:30 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 17:09 . 2007-11-11 06:30 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"Steam"="c:\program files\Steam\Steam.exe" [2014-01-27 1815976]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-03-14 3093624]
"RGSC"="e:\games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-27 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
gauswqussd.vbs [2014-2-6 156546]
knphxyhaar.vbs [2014-2-6 156546]
nzfqtgxiuu.vbs [2014-2-9 156546]
pcczgzvsoj.vbs [2014-2-7 156546]
rswfguhvuz.vbs [2014-2-8 156546]
tmp62.tmp.vbs [2014-2-9 156460]
tmp67.tmp.vbs [2014-2-9 156460]
tmp68.tmp.vbs [2014-2-9 156460]
tmp6E.tmp.vbs [2014-2-9 156460]
tmp6F.tmp.vbs [2014-2-9 156460]
tmpAD.tmp.vbs [2014-2-9 1990166]
wyfhxjicra.vbs [2014-2-7 156518]
xaioytkasp.vbs [2014-2-6 156546]
xjvlxdcaay.vbs [2014-2-8 156546]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\CoD_4\\iw3mp.exe"=
"e:\\Games\\AoE_III\\age3x.exe"=
"e:\\Games\\AoE_III\\age3y.exe"=
"e:\\Games\\Supreme_commander\\Supreme Commander\\bin\\SupremeCommander.exe"=
"e:\\Games\\Empire_Earth_III\\EE3.exe"=
"e:\\Games\\Zoo_tycoon_2\\zt.exe"=
"e:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"e:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"e:\\Games\\CoD_5\\CoDWaWmp.exe"=
"e:\\Games\\CoD_5\\CoDWaW.exe"=
"e:\\Games\\Settlers_6\\base\\bin\\Settlers6.exe"=
"e:\\Games\\Settlers_6\\extra1\\bin\\Settlers6.exe"=
"e:\\Games\\Dungeon_Siege_II\\DungeonSiege2.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"e:\\Games\\Settlers_7\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Games\\MoH_Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"e:\\Games\\Zatazeno_obcas_trakare\\Zataženo, občas trakaře\\JadeEngine_Final.exe"=
"e:\\Games\\Borderlands 2\\Binaries\\Win32\\Borderlands2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\Avatar\\bin\\Avatar.exe"=
"e:\\Games\\Avatar\\bin\\AvatarLauncher.exe"=
"e:\\Games\\GTA_IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\LOTR_II\\game.dat"=
"e:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"e:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"e:\\Games\\TmNationsForever\\TmForever.exe"=
"d:\\SteamLibrary\\SteamApps\\common\\CookServeDelicious\\CSDSteamBuild.exe"=
"e:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\Program Files\\Techland\\Call of Juarez\\CoJ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56640:TCP"= 56640:TCP:Pando Media Booster
"56640:UDP"= 56640:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.11.2007 7:37 717296]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [4.9.2010 12:44 38144]
R2 Update SecretSauce;Update SecretSauce;c:\program files\SecretSauce\updateSecretSauce.exe [10.1.2014 20:45 80160]
R2 Util SecretSauce;Util SecretSauce;c:\program files\SecretSauce\bin\utilSecretSauce.exe [11.1.2014 14:34 80160]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30.12.2007 11:29 47360]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [11.11.2007 7:53 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [11.11.2007 7:54 64896]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [17.12.2012 21:44 1763584]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe [24.1.2010 12:15 406016]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest Ultimate WAR\kerneld.wnt [8.4.2007 10:07 20856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [6.9.2013 18:29 235216]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 16:32]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf24d31b49ec04.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-09 14:30]
.
2014-01-11 c:\windows\Tasks\Torntv V7.0-chromeinstaller-dev.job
- c:\program files\Torntv V7.0\Torntv V7.0-chromeinstaller.exe [2014-01-11 11:08]
.
2014-01-11 c:\windows\Tasks\Torntv V7.0-codedownloader.job
- c:\program files\Torntv V7.0\Torntv V7.0-codedownloader.exe [2014-01-11 11:08]
.
2014-01-11 c:\windows\Tasks\Torntv V7.0-enabler.job
- c:\program files\Torntv V7.0\Torntv V7.0-enabler.exe [2014-01-11 11:08]
.
2014-01-11 c:\windows\Tasks\Torntv V7.0-firefoxinstaller.job
- c:\program files\Torntv V7.0\Torntv V7.0-firefoxinstaller.exe [2014-01-11 11:08]
.
2014-01-11 c:\windows\Tasks\Torntv V7.0-updater.job
- c:\program files\Torntv V7.0\Torntv V7.0-updater.exe [2014-01-11 11:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechny FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1mtrmgsn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-11 18:22
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest Ultimate WAR\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2014-02-11 18:24:33
ComboFix-quarantined-files.txt 2014-02-11 17:24
ComboFix2.txt 2011-03-25 18:46
.
Před spuštěním: Volných bajtů: 57 697 447 936
Po spuštění: Volných bajtů: 57 820 663 808
.
- - End Of File - - 04982979C0A983FBCCA36FA1B5995836
413FC2A0C716421B3158746D63736515

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 12 úno 2014 06:59
od cernohous13
Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „MoveIt!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dej mi ho sem na kontrolu
Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]
[emptyflash]
[emptyjava]
[clearallrestorepoints]
[ResetHosts]

:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
c:\windows\Tasks\*.job
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\*.vbs

:Reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56640:TCP"=-
"56640:UDP"=-

:Services
:arrow: Kdyby se nedařilo tak proveď v Nouzovém režimu

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 13 úno 2014 16:17
od jmeno1
Sorry, byl jsem mimo. Log:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3868339 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jan Kubesa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Simca

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Jan Kubesa
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Simca

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: Jan Kubesa
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Simca

Total Java Files Cleaned = 0,00 mb


Restore point Set: OTM Restore Point
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\system32\DirectX\DX2F.tmp\system folder moved successfully.
C:\WINDOWS\system32\DirectX\DX2F.tmp\sysbckup folder moved successfully.
C:\WINDOWS\system32\DirectX\DX2F.tmp\inf folder moved successfully.
C:\WINDOWS\system32\DirectX\DX2F.tmp\help folder moved successfully.
C:\WINDOWS\system32\DirectX\DX2F.tmp\drivers folder moved successfully.
C:\WINDOWS\system32\DirectX\DX2F.tmp\directx folder moved successfully.
C:\WINDOWS\system32\DirectX\DX2F.tmp folder moved successfully.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf24d31b49ec04.job moved successfully.
c:\windows\Tasks\Torntv V7.0-chromeinstaller-dev.job moved successfully.
c:\windows\Tasks\Torntv V7.0-codedownloader.job moved successfully.
c:\windows\Tasks\Torntv V7.0-enabler.job moved successfully.
c:\windows\Tasks\Torntv V7.0-firefoxinstaller.job moved successfully.
c:\windows\Tasks\Torntv V7.0-updater.job moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\gauswqussd.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\knphxyhaar.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\nzfqtgxiuu.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\pcczgzvsoj.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\rswfguhvuz.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp62.tmp.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp67.tmp.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp68.tmp.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp6E.tmp.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\tmp6F.tmp.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\tmpAD.tmp.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\wyfhxjicra.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\xaioytkasp.vbs moved successfully.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\xjvlxdcaay.vbs moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== SERVICES/DRIVERS ==========

OTM by OldTimer - Version 3.1.21.0 log created on 02132014_155141

Files moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temp\gauswqussd.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\knphxyhaar.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\nzfqtgxiuu.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\rswfguhvuz.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp62.tmp.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp67.tmp.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp68.tmp.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp6E.tmp.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp6F.tmp.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpAD.tmp.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\wyfhxjicra.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\xaioytkasp.vbs moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\xjvlxdcaay.vbs moved successfully.

Registry entries deleted on Reboot...

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 13 úno 2014 16:38
od cernohous13
Teď bych potřeboval nový RSIT
a budeme pokračovat :wink:

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 13 úno 2014 16:41
od jmeno1
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2014-02-13 16:31:01
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 55 GB (55%) free of 100 GB
Total RAM: 2046 MB (65% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-01 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-01 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-31 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-17 1953792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-27 98304]
"knphxyhaar"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs []
"nzfqtgxiuu"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs []
"wyfhxjicra"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs []
"rswfguhvuz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs []
"xjvlxdcaay"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs []
"tmp67"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs []
"xaioytkasp"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs []
"tmp62"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs []
"tmp6F"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs []
"tmp6E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs []
"tmp68"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs []
"gauswqussd"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs []
"tmpAD"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]
"Steam"=C:\Program Files\Steam\Steam.exe [2014-01-27 1815976]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2013-03-14 3093624]
"RGSC"=E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"knphxyhaar"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs []
"nzfqtgxiuu"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs []
"wyfhxjicra"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs []
"rswfguhvuz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs []
"xjvlxdcaay"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs []
"tmp67"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs []
"tmp62"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs []
"xaioytkasp"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs []
"tmp6F"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs []
"tmp6E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs []
"tmp68"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs []
"gauswqussd"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs []
"tmpAD"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
gauswqussd.vbs
knphxyhaar.vbs
nzfqtgxiuu.vbs
rswfguhvuz.vbs
tmp62.tmp.vbs
tmp67.tmp.vbs
tmp68.tmp.vbs
tmp6E.tmp.vbs
tmp6F.tmp.vbs
tmpAD.tmp.vbs
wyfhxjicra.vbs
xaioytkasp.vbs
xjvlxdcaay.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-28 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Games\CoD_4\iw3mp.exe"="E:\Games\CoD_4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"E:\Games\AoE_III\age3x.exe"="E:\Games\AoE_III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"E:\Games\AoE_III\age3y.exe"="E:\Games\AoE_III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe"="E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"E:\Games\Empire_Earth_III\EE3.exe"="E:\Games\Empire_Earth_III\EE3.exe:*:Enabled:Empire Earth III"
"E:\Games\Zoo_tycoon_2\zt.exe"="E:\Games\Zoo_tycoon_2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\Games\Mass Effect\Binaries\MassEffect.exe"="E:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"E:\Games\Mass Effect\MassEffectLauncher.exe"="E:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"E:\Games\CoD_5\CoDWaWmp.exe"="E:\Games\CoD_5\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\CoD_5\CoDWaW.exe"="E:\Games\CoD_5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\Settlers_6\base\bin\Settlers6.exe"="E:\Games\Settlers_6\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"E:\Games\Settlers_6\extra1\bin\Settlers6.exe"="E:\Games\Settlers_6\extra1\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire - The Eastern Realm"
"E:\Games\Dungeon_Siege_II\DungeonSiege2.exe"="E:\Games\Dungeon_Siege_II\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe"="C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express"
"E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe"="E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7 - Paths to a Kingdom"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe"="E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe"="E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe:*:Enabled:Zataženo, občas trakaře"
"E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe"="E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe:*:Enabled:Borderlands 2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Games\World_of_Tanks\WorldOfTanks.exe"="E:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Games\Avatar\bin\Avatar.exe"="E:\Games\Avatar\bin\Avatar.exe:*:Enabled:James Cameron's AVATAR(tm): THE GAME"
"E:\Games\Avatar\bin\AvatarLauncher.exe"="E:\Games\Avatar\bin\AvatarLauncher.exe:*:Enabled:Updater"
"E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\LOTR_II\game.dat"="D:\LOTR_II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"E:\Games\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Games\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Hra"
"E:\Games\Mass Effect 2\MassEffect2Launcher.exe"="E:\Games\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Spustit"
"E:\Games\TmNationsForever\TmForever.exe"="E:\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe"="D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe:*:Enabled:Cook, Serve, Delicious!"
"E:\Games\World_of_Tanks\WOTLauncher.exe"="E:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\Techland\Call of Juarez\CoJ.exe"="C:\Program Files\Techland\Call of Juarez\CoJ.exe:*:Enabled:The Call of Juarez"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-02-13 15:51:43 ----SHD---- C:\RECYCLER
2014-02-11 18:24:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-02-11 18:24:33 ----A---- C:\ComboFix.txt
2014-02-11 16:38:08 ----A---- C:\WINDOWS\ntbtlog.txt
2014-01-18 19:25:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania

======List of files/folders modified in the last 1 months======

2014-02-13 16:31:04 ----D---- C:\Program Files\trend micro
2014-02-13 16:11:43 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-13 16:11:03 ----D---- C:\Program Files\Steam
2014-02-13 15:52:01 ----SD---- C:\WINDOWS\Tasks
2014-02-13 15:51:57 ----D---- C:\WINDOWS\system32\DirectX
2014-02-13 15:51:52 ----SHD---- C:\WINDOWS\CSC
2014-02-13 15:51:42 ----D---- C:\WINDOWS\temp
2014-02-11 19:15:17 ----D---- C:\WINDOWS\Prefetch
2014-02-11 18:24:35 ----D---- C:\Qoobox
2014-02-11 18:24:33 ----D---- C:\WINDOWS
2014-02-11 18:22:58 ----A---- C:\WINDOWS\system.ini
2014-02-11 18:22:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-11 18:21:36 ----D---- C:\WINDOWS\system32\drivers
2014-02-11 18:21:36 ----D---- C:\WINDOWS\system32
2014-02-11 18:21:36 ----D---- C:\WINDOWS\AppPatch
2014-02-11 18:21:36 ----D---- C:\Program Files\Common Files
2014-02-11 17:23:44 ----SHD---- C:\System Volume Information
2014-02-11 17:23:19 ----HD---- C:\WINDOWS\inf
2014-02-11 15:25:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-02-11 15:13:35 ----D---- C:\Program Files\TornTV.com
2014-02-11 15:12:54 ----RD---- C:\Program Files
2014-02-11 15:12:27 ----D---- C:\WINDOWS\pss
2014-02-11 15:04:29 ----D---- C:\WINDOWS\Minidump
2014-02-08 14:39:27 ----SHD---- C:\WINDOWS\Installer
2014-01-18 19:24:00 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-09-04 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-05 281760]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-05 25888]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2011-07-28 1763584]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-28 6646784]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-26 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
S3 a2rq16ao;a2rq16ao; C:\WINDOWS\system32\drivers\a2rq16ao.sys []
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest Ultimate WAR\kerneld.wnt []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-28 643072]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2008-03-17 46080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-01 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-03-19 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 Update SecretSauce;Update SecretSauce; C:\Program Files\SecretSauce\updateSecretSauce.exe [2014-02-05 80160]
R2 Util SecretSauce;Util SecretSauce; C:\Program Files\SecretSauce\bin\utilSecretSauce.exe [2014-02-13 80672]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-10 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 13 úno 2014 16:54
od cernohous13
:arrow: stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
některé Antiviry jej mohou blokovat, proto je budeš muset na tu chvíli odstavit
vyčkej až se program spustí a provede prescan, pak
- Zvol možnost Prohledat a poté Smazat a následně Zpráva - otevře se log, ten sem vlož

:arrow: Stáhni Ccleaner - http://www.filehippo.com/download_ccleaner
Při instalaci vyhodit fajfku u nabízených toolbarů

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

:arrow: po restartu nový RSIT

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 13 úno 2014 17:01
od jmeno1
RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Administrator [Práva správce]
Mód : Odebrat -- Datum : 02/13/2014 16:51:24
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 41 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : knphxyhaar (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : nzfqtgxiuu (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : wyfhxjicra (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : rswfguhvuz (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : xjvlxdcaay (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : tmp67 (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : tmp62 (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : xaioytkasp (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : tmp6F (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : tmp6E (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : tmp68 (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : gauswqussd (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : tmpAD (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : knphxyhaar (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : nzfqtgxiuu (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : wyfhxjicra (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : rswfguhvuz (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : xjvlxdcaay (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : tmp67 (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : xaioytkasp (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : tmp62 (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : tmp6F (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : tmp6E (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : tmp68 (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : gauswqussd (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKLM\[...]\Run : tmpAD (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs" [x][-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : knphxyhaar (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : nzfqtgxiuu (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : wyfhxjicra (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : rswfguhvuz (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : xjvlxdcaay (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : tmp67 (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : tmp62 (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : xaioytkasp (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : tmp6F (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : tmp6E (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : tmp68 (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : gauswqussd (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-2052111302-1844237615-725345543-500\[...]\Run : tmpAD (wscript.exe //B "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs" [x][-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD321KJ +++++
--- User ---
[MBR] 5e1b83919c931b5df91f9f81f205ab8c
[BSP] 2c462566301a39aa1afe5f8bb9d1c550 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD321KJ +++++
--- User ---
[MBR] 4eb210007a49688f1cd8aaac777ee4ae
[BSP] 29326a20708ae3012dc31d058420a7a1 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 205236 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_02132014_165124.txt >>
RKreport[0]_S_02132014_165056.txt

Re: PC jede na 100%, objevil se vir Policie ČR

Napsal: 13 úno 2014 17:06
od jmeno1
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2014-02-13 16:56:25
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 55 GB (55%) free of 100 GB
Total RAM: 2046 MB (62% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-01 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-01 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-31 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-17 1953792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-27 98304]
"tmp67"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs []
"rswfguhvuz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs []
"knphxyhaar"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs []
"xjvlxdcaay"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs []
"xaioytkasp"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs []
"tmp6E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs []
"tmp62"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs []
"tmp68"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs []
"tmp6F"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs []
"gauswqussd"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs []
"nzfqtgxiuu"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs []
"tmpAD"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs []
"wyfhxjicra"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]
"Steam"=C:\Program Files\Steam\Steam.exe [2014-01-27 1815976]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2013-03-14 3093624]
"RGSC"=E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"tmp67"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs []
"rswfguhvuz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs []
"knphxyhaar"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs []
"xjvlxdcaay"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs []
"xaioytkasp"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs []
"tmp6E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs []
"tmp62"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs []
"tmp68"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs []
"tmp6F"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs []
"gauswqussd"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs []
"nzfqtgxiuu"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs []
"tmpAD"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs []
"wyfhxjicra"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs []

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
gauswqussd.vbs
knphxyhaar.vbs
nzfqtgxiuu.vbs
rswfguhvuz.vbs
tmp62.tmp.vbs
tmp67.tmp.vbs
tmp68.tmp.vbs
tmp6E.tmp.vbs
tmp6F.tmp.vbs
tmpAD.tmp.vbs
wyfhxjicra.vbs
xaioytkasp.vbs
xjvlxdcaay.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-28 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Games\CoD_4\iw3mp.exe"="E:\Games\CoD_4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"E:\Games\AoE_III\age3x.exe"="E:\Games\AoE_III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"E:\Games\AoE_III\age3y.exe"="E:\Games\AoE_III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe"="E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"E:\Games\Empire_Earth_III\EE3.exe"="E:\Games\Empire_Earth_III\EE3.exe:*:Enabled:Empire Earth III"
"E:\Games\Zoo_tycoon_2\zt.exe"="E:\Games\Zoo_tycoon_2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\Games\Mass Effect\Binaries\MassEffect.exe"="E:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"E:\Games\Mass Effect\MassEffectLauncher.exe"="E:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"E:\Games\CoD_5\CoDWaWmp.exe"="E:\Games\CoD_5\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\CoD_5\CoDWaW.exe"="E:\Games\CoD_5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\Settlers_6\base\bin\Settlers6.exe"="E:\Games\Settlers_6\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"E:\Games\Settlers_6\extra1\bin\Settlers6.exe"="E:\Games\Settlers_6\extra1\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire - The Eastern Realm"
"E:\Games\Dungeon_Siege_II\DungeonSiege2.exe"="E:\Games\Dungeon_Siege_II\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe"="C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express"
"E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe"="E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7 - Paths to a Kingdom"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe"="E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe"="E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe:*:Enabled:Zataženo, občas trakaře"
"E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe"="E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe:*:Enabled:Borderlands 2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Games\World_of_Tanks\WorldOfTanks.exe"="E:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Games\Avatar\bin\Avatar.exe"="E:\Games\Avatar\bin\Avatar.exe:*:Enabled:James Cameron's AVATAR(tm): THE GAME"
"E:\Games\Avatar\bin\AvatarLauncher.exe"="E:\Games\Avatar\bin\AvatarLauncher.exe:*:Enabled:Updater"
"E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\LOTR_II\game.dat"="D:\LOTR_II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"E:\Games\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Games\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Hra"
"E:\Games\Mass Effect 2\MassEffect2Launcher.exe"="E:\Games\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Spustit"
"E:\Games\TmNationsForever\TmForever.exe"="E:\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe"="D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe:*:Enabled:Cook, Serve, Delicious!"
"E:\Games\World_of_Tanks\WOTLauncher.exe"="E:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\Techland\Call of Juarez\CoJ.exe"="C:\Program Files\Techland\Call of Juarez\CoJ.exe:*:Enabled:The Call of Juarez"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-02-13 15:51:43 ----SHD---- C:\RECYCLER
2014-02-11 18:24:33 ----A---- C:\ComboFix.txt
2014-01-18 19:25:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania

======List of files/folders modified in the last 1 months======

2014-02-13 16:56:26 ----D---- C:\Program Files\trend micro
2014-02-13 16:54:36 ----D---- C:\Program Files\Steam
2014-02-13 16:54:32 ----D---- C:\WINDOWS\Logs
2014-02-13 16:54:32 ----D---- C:\WINDOWS
2014-02-13 16:54:00 ----D---- C:\Program Files\CCleaner
2014-02-13 16:51:56 ----D---- C:\WINDOWS\system32
2014-02-13 16:50:55 ----D---- C:\WINDOWS\system32\drivers
2014-02-13 16:11:43 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-13 16:09:46 ----D---- C:\WINDOWS\temp
2014-02-13 15:52:01 ----SD---- C:\WINDOWS\Tasks
2014-02-13 15:51:57 ----D---- C:\WINDOWS\system32\DirectX
2014-02-13 15:51:52 ----SHD---- C:\WINDOWS\CSC
2014-02-11 19:15:17 ----D---- C:\WINDOWS\Prefetch
2014-02-11 18:24:35 ----D---- C:\Qoobox
2014-02-11 18:22:58 ----A---- C:\WINDOWS\system.ini
2014-02-11 18:22:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-11 18:21:36 ----D---- C:\WINDOWS\AppPatch
2014-02-11 18:21:36 ----D---- C:\Program Files\Common Files
2014-02-11 17:23:44 ----SHD---- C:\System Volume Information
2014-02-11 17:23:19 ----HD---- C:\WINDOWS\inf
2014-02-11 15:25:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-02-11 15:13:35 ----D---- C:\Program Files\TornTV.com
2014-02-11 15:12:54 ----RD---- C:\Program Files
2014-02-11 15:12:27 ----D---- C:\WINDOWS\pss
2014-02-11 15:04:29 ----D---- C:\WINDOWS\Minidump
2014-02-08 14:39:27 ----SHD---- C:\WINDOWS\Installer
2014-01-18 19:24:00 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-09-04 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-05 281760]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-05 25888]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2011-07-28 1763584]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-28 6646784]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-26 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
S3 a2rq16ao;a2rq16ao; C:\WINDOWS\system32\drivers\a2rq16ao.sys []
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest Ultimate WAR\kerneld.wnt []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-28 643072]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2008-03-17 46080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-01 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-03-19 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 Update SecretSauce;Update SecretSauce; C:\Program Files\SecretSauce\updateSecretSauce.exe [2014-02-13 80672]
R2 Util SecretSauce;Util SecretSauce; C:\Program Files\SecretSauce\bin\utilSecretSauce.exe [2014-02-13 80672]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-10 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
Všechny časy jsou v UTC+01:00
Stránka 1 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz