zde je log z smazat:
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : TEST1 [Práva správce]
Mód : Odebrat -- Datum : 04/26/2014 15:05:21
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\bin\libfoxloader.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] RogueKiller.exe -- C:\Documents and Settings\TEST1\Plocha\RogueKiller.exe [-] -> SMAZÁNO [Tree]
¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Seznam.chromeUpdatePref (C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\bin\chromeUpdatePref.exe 12454 [-]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\szninstall.exe" -c [7]) -> VYMAZÁNO
[RUN][SUSP PATH] HKUS\S-1-5-21-1292428093-308236825-725345543-1010\[...]\Run : Seznam.chromeUpdatePref (C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\bin\chromeUpdatePref.exe 12454 [-]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-1292428093-308236825-725345543-1010\[...]\Run : cz.seznam.software.szndesktop ("C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-1292428093-308236825-725345543-1010\[...]\Run : cz.seznam.software.autoupdate ("C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\szninstall.exe" -c [7]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 1 ¤¤¤
[test][SUSP PATH] _uninst_.lnk : C:\Documents and Settings\test\Nabídka Start\Programy\Po spuštění\_uninst_.lnk @C:\Documents and Settings\test\Local Settings\Temp\_uninst_.bat [-][x] -> VYMAZÁNO
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) STM3500418AS +++++
--- User ---
[MBR] ea4ddc648bcf3fd43fceb96b92f62c9b
[BSP] 6aaac283bc1c43f143ba4ebed6aa5462 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476939 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kingston DataTraveler 410 USB Device +++++
--- User ---
[MBR] ef61382e5fd608f24668f46e6f78169b
[BSP] ca12035a0089fdf7b8ef6c18327dfefc : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3696 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )
Dokončeno : << RKreport[0]_D_04262014_150521.txt >>
RKreport[0]_S_04262014_144528.txt
a zde je log z oprava host:
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : TEST1 [Práva správce]
Mód : Oprava HOSTS -- Datum : 04/26/2014 15:06:29
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\bin\libfoxloader.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] RogueKiller.exe -- C:\Documents and Settings\TEST1\Plocha\RogueKiller.exe [-] -> SMAZÁNO [Tree]
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[0]_H_04262014_150629.txt >>
RKreport[0]_D_04262014_150521.txt;RKreport[0]_S_04262014_144528.txt
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zahlcené PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Zahlcené PC
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
:services
GarenaPEngine
JavaQuickStarterService
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem
gusvc
NBService
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Documents and Settings\test\Local Settings\Data aplikací\shiogrl.dll
C:\Documents and Settings\test\Local Settings\Data aplikací\chaiglr.dll
C:\Documents and Settings\test\Nabídka Start\Programy\Po spuštění\_uninst_.lnk
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dcb7100-df86-4384-8842-8fa844297b3f}"=-
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"seznam-listicka-distribuce"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"cz.seznam.software.autoupdate"=-
"cz.seznam.software.szndesktop"=-
"Google Update"=-
"shiogrl"=-
"chaiglr"=-
"Skype"=-
"MSMSGS"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\chaiglr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\shiogrl]
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
papperwing
- Návštěvník
- Příspěvky: 139
- Registrován: 13 bře 2013 20:34
Re: Zahlcené PC
Vypadá to, jako by zamrzl počítač. Restart to vůbec nevyžádalo, pouze jakoby se ukončil explorer a poté se už nic neděje. Myš se však hýbe.
Re: Zahlcené PC
Zkuste to v nouzovem rezimu.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
papperwing
- Návštěvník
- Příspěvky: 139
- Registrován: 13 bře 2013 20:34
Re: Zahlcené PC
zde je log:
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: test
->Temp folder emptied: 312883022 bytes
->Temporary Internet Files folder emptied: 298839732 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 436362562 bytes
->Opera cache emptied: 26554 bytes
->Flash cache emptied: 38549 bytes
User: TEST1
->Temp folder emptied: 2089464 bytes
->Temporary Internet Files folder emptied: 71165 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9051955 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 418115107 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 409,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Guest
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: test
->Flash cache emptied: 0 bytes
User: TEST1
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Error creating restore point.
========== SERVICES/DRIVERS ==========
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
DllUnregisterServer procedure not found in C:\Documents and Settings\test\Local Settings\Data aplikací\shiogrl.dll
C:\Documents and Settings\test\Local Settings\Data aplikací\shiogrl.dll moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\test\Local Settings\Data aplikací\chaiglr.dll
C:\Documents and Settings\test\Local Settings\Data aplikací\chaiglr.dll moved successfully.
File/Folder C:\Documents and Settings\test\Nabídka Start\Programy\Po spuštění\_uninst_.lnk not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\shiogrl not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\chaiglr not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\chaiglr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\shiogrl\ deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 04262014_171504
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: test
->Temp folder emptied: 312883022 bytes
->Temporary Internet Files folder emptied: 298839732 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 436362562 bytes
->Opera cache emptied: 26554 bytes
->Flash cache emptied: 38549 bytes
User: TEST1
->Temp folder emptied: 2089464 bytes
->Temporary Internet Files folder emptied: 71165 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9051955 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 418115107 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 409,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Guest
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: test
->Flash cache emptied: 0 bytes
User: TEST1
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Error creating restore point.
========== SERVICES/DRIVERS ==========
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
DllUnregisterServer procedure not found in C:\Documents and Settings\test\Local Settings\Data aplikací\shiogrl.dll
C:\Documents and Settings\test\Local Settings\Data aplikací\shiogrl.dll moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\test\Local Settings\Data aplikací\chaiglr.dll
C:\Documents and Settings\test\Local Settings\Data aplikací\chaiglr.dll moved successfully.
File/Folder C:\Documents and Settings\test\Nabídka Start\Programy\Po spuštění\_uninst_.lnk not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\shiogrl not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\chaiglr not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\chaiglr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\shiogrl\ deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 04262014_171504
Re: Zahlcené PC
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
papperwing
- Návštěvník
- Příspěvky: 139
- Registrován: 13 bře 2013 20:34
Re: Zahlcené PC
Combofix nic nedělá ja jsem si ale vzpomněl že u nás Combofix nefunguje dokuď se nepřejmenuje ale nevím na co se má přejmenovat vím jenom že je to nějak Nombr nebo nějak tak
Re: Zahlcené PC
Na jmene az tak nezalezi, jen to musi byt neco jineho, nez ComboFix 
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
papperwing
- Návštěvník
- Příspěvky: 139
- Registrován: 13 bře 2013 20:34
Re: Zahlcené PC
ComboFix 14-04-26.01 - TEST1 26.04.2014 19:38:23.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1339 [GMT 2:00]
Sputìný z: c:\documents and settings\TEST1\Plocha\Nombr.exe
AV: avast! antivirus 4.8.1368 [VPS 100630-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvoøené od 2014-03-26 do 2014-04-26 )))))))))))))))))))))))))))))))
.
.
2014-04-26 14:04 . 2014-04-26 14:04 -------- d-----w- C:\_OTM
2014-04-26 12:35 . 2014-04-26 12:35 -------- d-----w- c:\documents and settings\TEST1\Local Settings\Data aplikací\Sun
2014-04-26 10:05 . 2014-04-26 10:05 -------- d-----w- c:\documents and settings\TEST1\Data aplikací\Malwarebytes
2014-04-26 09:38 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-26 09:38 . 2014-04-26 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-04-26 09:08 . 2014-04-26 09:08 -------- d-----w- c:\program files\trend micro
2014-04-26 08:30 . 2014-04-26 08:30 -------- d-----w- C:\rsit
2014-04-26 08:22 . 2014-04-26 08:22 -------- d-sh--w- c:\documents and settings\TEST1\PrivacIE
2014-04-26 08:22 . 2014-04-26 08:22 -------- d-----w- c:\documents and settings\TEST1\Local Settings\Data aplikací\Google
2014-04-26 08:21 . 2014-04-26 12:35 -------- d-----w- c:\documents and settings\TEST1\Data aplikací\Seznam.cz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:50 . 2012-06-10 16:10 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:50 . 2011-08-22 10:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-06 17:58 . 2004-08-18 04:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2004-08-18 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2004-08-18 04:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:58 . 2004-08-18 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2004-08-18 04:00 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-27 06:00 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2004-08-18 04:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-18 04:00 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spoutìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\World_of_Warplanes\\World_of_Warplanes\\WorldOfWarplanes.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.patch.exe"=
"c:\\Program Files\\World_of_Warplanes\\World_of_Warplanes\\WOWpLauncher.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dota 2 beta\\dota.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\MountBlade Warband\\mb_warband.exe"=
"c:\\Soldat\\Soldat.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\test\\Plocha\\Age of Empires II - Conquerors\\age2_x1.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Loadout\\Loadout.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.beta.2638\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.beta.2737\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.2717\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.2816\\Agent.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.4.2010 8:59 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.12.2009 15:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.12.2009 15:30 20560]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [14.7.2012 9:22 8704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.4.2014 11:38 701512]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [4.3.2011 19:38 685816]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [29.12.2009 15:19 38656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.4.2014 11:38 22856]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [4.3.2011 19:38 27136]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
Obsah adresáøe 'Naplánované úlohy'
.
2014-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 18:50]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 11:55]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 11:55]
.
2014-04-08 c:\windows\Tasks\Mìsíèní oznamování konce poskytování slueb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-04-26 c:\windows\Tasks\Pøihláení k oznamování konce poskytování slueb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-04-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-27 20:18]
.
.
------- Doplòkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-26 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesù ...
.
skenování skrytých poloek 'Po sputìní' ...
.
skenování skrytých souborù ...
.
sken byl úspenì dokonèen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍÈE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový èas: 2014-04-26 19:51:30
ComboFix-quarantined-files.txt 2014-04-26 17:51
.
Pøed sputìním: Volných bajtù: 147 741 167 616
Po sputìní: Volných bajtù: 147 684 544 512
.
- - End Of File - - D5D3EF0B7E9480E87AF0BDC1B8389358
5FB38429D5D77768867C76DCBDB35194
tady je log
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1339 [GMT 2:00]
Sputìný z: c:\documents and settings\TEST1\Plocha\Nombr.exe
AV: avast! antivirus 4.8.1368 [VPS 100630-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvoøené od 2014-03-26 do 2014-04-26 )))))))))))))))))))))))))))))))
.
.
2014-04-26 14:04 . 2014-04-26 14:04 -------- d-----w- C:\_OTM
2014-04-26 12:35 . 2014-04-26 12:35 -------- d-----w- c:\documents and settings\TEST1\Local Settings\Data aplikací\Sun
2014-04-26 10:05 . 2014-04-26 10:05 -------- d-----w- c:\documents and settings\TEST1\Data aplikací\Malwarebytes
2014-04-26 09:38 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-26 09:38 . 2014-04-26 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-04-26 09:08 . 2014-04-26 09:08 -------- d-----w- c:\program files\trend micro
2014-04-26 08:30 . 2014-04-26 08:30 -------- d-----w- C:\rsit
2014-04-26 08:22 . 2014-04-26 08:22 -------- d-sh--w- c:\documents and settings\TEST1\PrivacIE
2014-04-26 08:22 . 2014-04-26 08:22 -------- d-----w- c:\documents and settings\TEST1\Local Settings\Data aplikací\Google
2014-04-26 08:21 . 2014-04-26 12:35 -------- d-----w- c:\documents and settings\TEST1\Data aplikací\Seznam.cz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:50 . 2012-06-10 16:10 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:50 . 2011-08-22 10:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-06 17:58 . 2004-08-18 04:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2004-08-18 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2004-08-18 04:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:58 . 2004-08-18 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2004-08-18 04:00 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-27 06:00 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2004-08-18 04:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-18 04:00 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spoutìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\World_of_Warplanes\\World_of_Warplanes\\WorldOfWarplanes.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.patch.exe"=
"c:\\Program Files\\World_of_Warplanes\\World_of_Warplanes\\WOWpLauncher.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dota 2 beta\\dota.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\MountBlade Warband\\mb_warband.exe"=
"c:\\Soldat\\Soldat.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\test\\Plocha\\Age of Empires II - Conquerors\\age2_x1.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Loadout\\Loadout.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.beta.2638\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.beta.2737\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.2717\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.2816\\Agent.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.4.2010 8:59 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.12.2009 15:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.12.2009 15:30 20560]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [14.7.2012 9:22 8704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.4.2014 11:38 701512]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [4.3.2011 19:38 685816]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [29.12.2009 15:19 38656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.4.2014 11:38 22856]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [4.3.2011 19:38 27136]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
Obsah adresáøe 'Naplánované úlohy'
.
2014-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 18:50]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 11:55]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 11:55]
.
2014-04-08 c:\windows\Tasks\Mìsíèní oznamování konce poskytování slueb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-04-26 c:\windows\Tasks\Pøihláení k oznamování konce poskytování slueb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-04-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-27 20:18]
.
.
------- Doplòkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-26 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesù ...
.
skenování skrytých poloek 'Po sputìní' ...
.
skenování skrytých souborù ...
.
sken byl úspenì dokonèen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍÈE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový èas: 2014-04-26 19:51:30
ComboFix-quarantined-files.txt 2014-04-26 17:51
.
Pøed sputìním: Volných bajtù: 147 741 167 616
Po sputìní: Volných bajtù: 147 684 544 512
.
- - End Of File - - D5D3EF0B7E9480E87AF0BDC1B8389358
5FB38429D5D77768867C76DCBDB35194
tady je log
Re: Zahlcené PC
Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
papperwing
- Návštěvník
- Příspěvky: 139
- Registrován: 13 bře 2013 20:34
Re: Zahlcené PC
Bohužel log se neobjevil, a nemohu ho najít ani nikde v počítači.
Re: Zahlcené PC
Dejte novy log z RSIT
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
papperwing
- Návštěvník
- Příspěvky: 139
- Registrován: 13 bře 2013 20:34
Re: Zahlcené PC
RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by TEST1 at 2014-04-26 22:12:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 141 GB (30%) free of 477 GB
Total RAM: 2047 MB (70% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-16 462248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-16 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\World_of_Warplanes\World_of_Warplanes\WorldOfWarplanes.exe"="C:\Program Files\World_of_Warplanes\World_of_Warplanes\WorldOfWarplanes.exe:*:Enabled:World of Warplanes"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\World of Warcraft\Launcher.patch.exe"="C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World_of_Warplanes\World_of_Warplanes\WOWpLauncher.exe"="C:\Program Files\World_of_Warplanes\World_of_Warplanes\WOWpLauncher.exe:*:Enabled:World of Warplanes Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Steam\SteamApps\common\dota 2 beta\dota.exe"="C:\Program Files\Steam\SteamApps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe"="C:\Program Files\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe:*:Enabled:Mount & Blade: Warband"
"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\test\Plocha\Age of Empires II - Conquerors\age2_x1.exe"="C:\Documents and Settings\test\Plocha\Age of Empires II - Conquerors\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Battle.net\Battle.net.exe"="C:\Program Files\Battle.net\Battle.net.exe:*:Enabled:Battle.net"
"C:\Program Files\Hearthstone\Hearthstone.exe"="C:\Program Files\Hearthstone\Hearthstone.exe:*:Enabled:Hearthstone"
"C:\Program Files\Steam\SteamApps\common\Loadout\Loadout.exe"="C:\Program Files\Steam\SteamApps\common\Loadout\Loadout.exe:*:Enabled:Loadout"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.beta.2638\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.beta.2638\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.beta.2737\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.beta.2737\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.2717\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.2717\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.2816\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.2816\Agent.exe:*:Enabled:Battle.net Update Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll
======List of files/folders created in the last 1 month======
2014-04-26 20:57:15 ----SHD---- C:\RECYCLER
2014-04-26 20:30:11 ----SD---- C:\Nombr
2014-04-26 18:19:18 ----A---- C:\WINDOWS\zip.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\SWSC.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\SWREG.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\sed.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\PEV.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\NIRCMD.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\MBR.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\grep.exe
2014-04-26 18:13:58 ----D---- C:\WINDOWS\erdnt
2014-04-26 16:04:25 ----D---- C:\_OTM
2014-04-26 14:35:27 ----D---- C:\Documents and Settings\TEST1\Data aplikací\Sun
2014-04-26 12:05:06 ----D---- C:\Documents and Settings\TEST1\Data aplikací\Malwarebytes
2014-04-26 12:02:00 ----A---- C:\WINDOWS\ntbtlog.txt
2014-04-26 11:38:51 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-04-26 11:38:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-04-26 11:08:29 ----D---- C:\Program Files\trend micro
2014-04-26 10:30:10 ----D---- C:\rsit
2014-04-26 10:22:20 ----D---- C:\Documents and Settings\TEST1\Data aplikací\Google
2014-04-26 10:21:46 ----D---- C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz
2014-04-09 21:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-03-28 00:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2934207$
2014-03-27 08:00:23 ----N---- C:\WINDOWS\system32\xp_eos.exe
======List of files/folders modified in the last 1 month======
2014-04-26 22:12:52 ----D---- C:\WINDOWS\Prefetch
2014-04-26 20:54:33 ----D---- C:\WINDOWS\temp
2014-04-26 20:33:44 ----D---- C:\Qoobox
2014-04-26 20:33:30 ----D---- C:\WINDOWS\system32
2014-04-26 20:33:30 ----D---- C:\WINDOWS
2014-04-26 20:30:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-04-26 19:51:01 ----SD---- C:\WINDOWS\Tasks
2014-04-26 19:48:05 ----A---- C:\WINDOWS\system.ini
2014-04-26 19:47:56 ----D---- C:\WINDOWS\system32\drivers\etc
2014-04-26 19:43:49 ----D---- C:\WINDOWS\system32\drivers
2014-04-26 19:43:49 ----D---- C:\WINDOWS\AppPatch
2014-04-26 19:43:47 ----D---- C:\Program Files\Common Files
2014-04-26 19:36:27 ----D---- C:\WINDOWS\system32\CatRoot2
2014-04-26 14:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2014-04-26 11:38:50 ----D---- C:\Program Files
2014-04-26 10:22:14 ----SD---- C:\Documents and Settings\TEST1\Data aplikací\Microsoft
2014-04-26 10:20:06 ----SHD---- C:\WINDOWS\Installer
2014-04-26 00:13:12 ----RSD---- C:\WINDOWS\assembly
2014-04-25 23:10:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2014-04-25 20:29:37 ----D---- C:\Program Files\Warcraft III
2014-04-21 21:47:21 ----A---- C:\WINDOWS\NeroDigital.ini
2014-04-11 08:00:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-10 14:29:23 ----HD---- C:\WINDOWS\inf
2014-04-09 21:48:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-09 21:48:03 ----A---- C:\WINDOWS\imsins.BAK
2014-04-09 21:47:54 ----D---- C:\Program Files\Internet Explorer
2014-04-09 21:47:43 ----D---- C:\WINDOWS\ie8updates
2014-03-31 20:18:22 ----D---- C:\WINDOWS\Minidump
2014-03-28 17:21:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2014-03-28 17:20:57 ----RSD---- C:\WINDOWS\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-05-17 50176]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-05-16 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-06-27 66560]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-07 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-10-16 165376]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-10-16 18048]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-27 4395008]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 auz1m7xg;auz1m7xg; C:\WINDOWS\system32\drivers\auz1m7xg.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\TEST1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Classic\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [2013-02-09 8704]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-06-17 75136]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2010-02-13 685816]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-16 135664]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by TEST1 at 2014-04-26 22:12:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 141 GB (30%) free of 477 GB
Total RAM: 2047 MB (70% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-16 462248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-16 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\World_of_Warplanes\World_of_Warplanes\WorldOfWarplanes.exe"="C:\Program Files\World_of_Warplanes\World_of_Warplanes\WorldOfWarplanes.exe:*:Enabled:World of Warplanes"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\World of Warcraft\Launcher.patch.exe"="C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World_of_Warplanes\World_of_Warplanes\WOWpLauncher.exe"="C:\Program Files\World_of_Warplanes\World_of_Warplanes\WOWpLauncher.exe:*:Enabled:World of Warplanes Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Steam\SteamApps\common\dota 2 beta\dota.exe"="C:\Program Files\Steam\SteamApps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe"="C:\Program Files\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe:*:Enabled:Mount & Blade: Warband"
"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\test\Plocha\Age of Empires II - Conquerors\age2_x1.exe"="C:\Documents and Settings\test\Plocha\Age of Empires II - Conquerors\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Battle.net\Battle.net.exe"="C:\Program Files\Battle.net\Battle.net.exe:*:Enabled:Battle.net"
"C:\Program Files\Hearthstone\Hearthstone.exe"="C:\Program Files\Hearthstone\Hearthstone.exe:*:Enabled:Hearthstone"
"C:\Program Files\Steam\SteamApps\common\Loadout\Loadout.exe"="C:\Program Files\Steam\SteamApps\common\Loadout\Loadout.exe:*:Enabled:Loadout"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.beta.2638\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.beta.2638\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.beta.2737\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.beta.2737\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.2717\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.2717\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.2816\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.2816\Agent.exe:*:Enabled:Battle.net Update Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll
======List of files/folders created in the last 1 month======
2014-04-26 20:57:15 ----SHD---- C:\RECYCLER
2014-04-26 20:30:11 ----SD---- C:\Nombr
2014-04-26 18:19:18 ----A---- C:\WINDOWS\zip.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\SWSC.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\SWREG.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\sed.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\PEV.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\NIRCMD.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\MBR.exe
2014-04-26 18:19:18 ----A---- C:\WINDOWS\grep.exe
2014-04-26 18:13:58 ----D---- C:\WINDOWS\erdnt
2014-04-26 16:04:25 ----D---- C:\_OTM
2014-04-26 14:35:27 ----D---- C:\Documents and Settings\TEST1\Data aplikací\Sun
2014-04-26 12:05:06 ----D---- C:\Documents and Settings\TEST1\Data aplikací\Malwarebytes
2014-04-26 12:02:00 ----A---- C:\WINDOWS\ntbtlog.txt
2014-04-26 11:38:51 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-04-26 11:38:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-04-26 11:08:29 ----D---- C:\Program Files\trend micro
2014-04-26 10:30:10 ----D---- C:\rsit
2014-04-26 10:22:20 ----D---- C:\Documents and Settings\TEST1\Data aplikací\Google
2014-04-26 10:21:46 ----D---- C:\Documents and Settings\TEST1\Data aplikací\Seznam.cz
2014-04-09 21:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-03-28 00:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2934207$
2014-03-27 08:00:23 ----N---- C:\WINDOWS\system32\xp_eos.exe
======List of files/folders modified in the last 1 month======
2014-04-26 22:12:52 ----D---- C:\WINDOWS\Prefetch
2014-04-26 20:54:33 ----D---- C:\WINDOWS\temp
2014-04-26 20:33:44 ----D---- C:\Qoobox
2014-04-26 20:33:30 ----D---- C:\WINDOWS\system32
2014-04-26 20:33:30 ----D---- C:\WINDOWS
2014-04-26 20:30:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-04-26 19:51:01 ----SD---- C:\WINDOWS\Tasks
2014-04-26 19:48:05 ----A---- C:\WINDOWS\system.ini
2014-04-26 19:47:56 ----D---- C:\WINDOWS\system32\drivers\etc
2014-04-26 19:43:49 ----D---- C:\WINDOWS\system32\drivers
2014-04-26 19:43:49 ----D---- C:\WINDOWS\AppPatch
2014-04-26 19:43:47 ----D---- C:\Program Files\Common Files
2014-04-26 19:36:27 ----D---- C:\WINDOWS\system32\CatRoot2
2014-04-26 14:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2014-04-26 11:38:50 ----D---- C:\Program Files
2014-04-26 10:22:14 ----SD---- C:\Documents and Settings\TEST1\Data aplikací\Microsoft
2014-04-26 10:20:06 ----SHD---- C:\WINDOWS\Installer
2014-04-26 00:13:12 ----RSD---- C:\WINDOWS\assembly
2014-04-25 23:10:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2014-04-25 20:29:37 ----D---- C:\Program Files\Warcraft III
2014-04-21 21:47:21 ----A---- C:\WINDOWS\NeroDigital.ini
2014-04-11 08:00:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-10 14:29:23 ----HD---- C:\WINDOWS\inf
2014-04-09 21:48:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-09 21:48:03 ----A---- C:\WINDOWS\imsins.BAK
2014-04-09 21:47:54 ----D---- C:\Program Files\Internet Explorer
2014-04-09 21:47:43 ----D---- C:\WINDOWS\ie8updates
2014-03-31 20:18:22 ----D---- C:\WINDOWS\Minidump
2014-03-28 17:21:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2014-03-28 17:20:57 ----RSD---- C:\WINDOWS\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-05-17 50176]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-05-16 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-06-27 66560]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-07 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-10-16 165376]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-10-16 18048]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-27 4395008]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 auz1m7xg;auz1m7xg; C:\WINDOWS\system32\drivers\auz1m7xg.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\TEST1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Classic\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [2013-02-09 8704]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-06-17 75136]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2010-02-13 685816]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-16 135664]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
Re: Zahlcené PC
Pouzijte WinsockFix http://www.softpedia.com/get/Tweak/Netw ... kFix.shtml Pozor, program resetuje protokol tcp/ip. Jestli mate parametry site zadavany rucne, budete je muset znovu nastavit podle smlouvy s poskytovatelem. Nainstalujte novy Avast http://www.avast.com/cs-cz/download-tha ... cale=cs-cz Kdyby pozadoval odinstalovani toho stareho, pouzijte http://www.avast.com/cs-cz/uninstall-utility
Dejte vedet jak to probehlo a jaky je zatim stav pc.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
papperwing
- Návštěvník
- Příspěvky: 139
- Registrován: 13 bře 2013 20:34
Re: Zahlcené PC
Vše proběhlo bez komplikací. Mám sem vložit znovu RSIT?
Přispějete na provoz fóra?