prosím o kontrolu HJT - PC zamrzá

filatelik · Příspěvekod **filatelik** » 11 bře 2012 01:17

Ahoj, PC se mi nepravidelně až něuvěřitelně seká - např. jen při scrollování adobe readeru: se po chvili scroll sekne a musim čekat nez to zase naskoci, pak az muzu scrollovat dal. Dal treba WMP z niceho nic vyskoci treba na 50 % cinnosti CPU a na PC v tu chvili moc prace neni mozna. Dal mi problikava monitor, na chvili zcerna a pak zase nabehne, nekdy jen probleskne...

LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:11:08, on 11.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PrtScr\PrtScr.exe
C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\MAXON\CINEMA 4D R11.5\resource\libs\win32\qtguiagent.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Felipe Grande\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BVD ToolKit Toolbar - {e49d8d56-543d-4b71-ba78-150d6dd38374} - C:\Program Files (x86)\BVD_ToolKit\prxtbBVD_.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BVD ToolKit - {e49d8d56-543d-4b71-ba78-150d6dd38374} - C:\Program Files (x86)\BVD_ToolKit\prxtbBVD_.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: BVD ToolKit Toolbar - {e49d8d56-543d-4b71-ba78-150d6dd38374} - C:\Program Files (x86)\BVD_ToolKit\prxtbBVD_.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{824E8BD7-F64F-4AB4-BC1A-A32B00C3C1F9}: NameServer = 8.26.56.26,156.154.70.22
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9547 bytes

Reklama

Příspěvekod **jaro3** » 11 bře 2012 09:40

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: BVD ToolKit Toolbar - {e49d8d56-543d-4b71-ba78-150d6dd38374} - C:\Program Files (x86)\BVD_ToolKit\prxtbBVD_.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

Zkoušel si přeinstalovat ovladače grafiky??

filatelik · Příspěvekod **filatelik** » 11 bře 2012 12:54

log z Malwarebytes' Anti-Malware: (tady to naslo jednu potvoru - ja se uklik a hned smazal, tak snad to nebude moc vadit:/)

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.03.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Felipe Grande :: FM_WORKSTATION [administrátor]

11.3.2012 10:29:28
mbam-log-2012-03-11 (10-29-28).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 202658
Uplynulý čas: 4 minut, 22 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Umístnění do karantény a smazání se zdařilo.

(konec)

CrystalDiskInfo log:

----------------------------------------------------------------------------
CrystalDiskInfo 4.2.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 SP1 [6.1 Build 7601] (x64)
Date : 2012/03/11 12:12:57

-- Controller Map ----------------------------------------------------------
+ Intel(R) N10/ICH7 Family Serial ATA Storage Controller - 27C0 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Intel(R) ICH7 Family Ultra ATA Storage Controllers - 27DF [ATA]
+ ATA Channel 0 (0)
- TSSTcorp CDDVDW SH-S223C ATA Device
- WDC WD2500KS-00MJB0 ATA Device
+ ATA Channel 1 (1)
- WDC WD20EARS-00MVWB0 ATA Device
- WDC WD3200YS-01PGB0 ATA Device
- ITE IT8211 ATA ATAPI Controller [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD3200YS-01PGB0 : 320.0 GB [0-3-0, pd1]
(2) WDC WD20EARS-00MVWB0 : 2000.3 GB [1-3-1, pd1]
(3) WDC WD2500KS-00MJB0 : 250.0 GB [2-2-0, pd1]

----------------------------------------------------------------------------
(1) WDC WD3200YS-01PGB0
----------------------------------------------------------------------------
Model : WDC WD3200YS-01PGB0
Firmware : 21.00M21
Serial Number : WD-WCAPD3560596
Disk Size : 320.0 GB (8.4/137.4/320.0)
Buffer Size : 16384 KB
Queue Depth : 1
# of Sectors : 625142448
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 21198 hod.
Power On Count : 2965 krát
Temparature : 40 C (104 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 186 183 _21 000000001644 Čas na roztočení ploten
04 _97 _97 __0 000000000C4D Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 _51 000000000000 Počet chybných hledání
09 _71 _71 __0 0000000052CE Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 _51 000000000000 Počet pokusů o překalibrování
0C _98 _98 __0 000000000B95 Počet cyklů zapnutí zařízení
BE _60 _36 __0 000000000028 Teplota toku vzduchu
C2 110 _86 __0 000000000028 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 42 7A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 57 44 2D 57 43 41 50
020: 44 33 35 36 30 35 39 36 00 00 80 00 00 32 32 31
030: 2E 30 30 4D 32 31 57 44 43 20 57 44 33 32 30 30
040: 59 53 2D 30 31 50 47 42 30 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 01 00 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 07 06 00 00 00 44 00 40
0A0: 00 FE 00 00 74 6B 7F 61 40 23 74 69 3C 41 40 23
0B0: 20 7F 00 00 00 00 00 00 FF FE 00 00 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 EA B0 25 42 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 00 00 00 00 00 00 00 00 16 6F 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 10 3F 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A A5

----------------------------------------------------------------------------
(2) WDC WD20EARS-00MVWB0
----------------------------------------------------------------------------
Model : WDC WD20EARS-00MVWB0
Firmware : 51.0AB51
Serial Number : WD-WCAZA1279901
Disk Size : 2000.3 GB (8.4/137.4/2000.3)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 3907029168
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 6644 hod.
Power On Count : 854 krát
Temparature : 30 C (86 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 163 160 _21 000000001AB9 Čas na roztočení ploten
04 100 100 __0 0000000003E0 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _91 _91 __0 0000000019F4 Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C 100 100 __0 000000000356 Počet cyklů zapnutí zařízení
C0 200 200 __0 000000000012 Počet vypnutí disku
C1 175 175 __0 0000000128F0 Počet cyklů načítání/vymazání
C2 120 108 __0 00000000001E Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 __0 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 42 7A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 57 44 2D 57 43 41 5A
020: 41 31 32 37 39 39 30 31 00 00 00 00 00 32 35 31
030: 2E 30 41 42 35 31 57 44 43 20 57 44 32 30 45 41
040: 52 53 2D 30 30 4D 56 57 42 30 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 01 00 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 17 06 00 00 00 44 00 40
0A0: 01 FE 00 00 74 6B 7F 61 41 23 74 69 BC 41 41 23
0B0: 20 7F 00 BA 00 BA 00 00 FF FE 00 00 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 88 B0 E8 E0 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 50 01 4E E2 AF AD FB FA
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1C
0F0: 40 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 30 35 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 10 1E 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 01 10 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9F A5

----------------------------------------------------------------------------
(3) WDC WD2500KS-00MJB0
----------------------------------------------------------------------------
Model : WDC WD2500KS-00MJB0
Firmware : 02.01C03
Serial Number : WD-WCANK2381217
Disk Size : 250.0 GB (8.4/137.4/250.0)
Buffer Size : 16384 KB
Queue Depth : 1
# of Sectors : 488397168
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 24449 hod.
Power On Count : 3665 krát
Temparature : 60 C (140 F)
Health Status : Pozor
Features : S.M.A.R.T., AAM, 48bit LBA
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 192 188 _21 00000000150F Čas na roztočení ploten
04 _97 _97 __0 000000000F19 Počet spuštění/zastavení
05 196 196 140 00000000001A Počet přemapovaných sektorů
07 200 200 _51 000000000000 Počet chybných hledání
09 _67 _67 __0 000000005F81 Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 _51 000000000000 Počet pokusů o překalibrování
0C _97 _97 __0 000000000E51 Počet cyklů zapnutí zařízení
BE _40 __1 _45 00000000003C Teplota toku vzduchu
C2 _90 _50 __0 00000000003C Teplota
C4 199 199 __0 000000000001 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000001 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 42 7A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 57 44 2D 57 43 41 4E
020: 4B 32 33 38 31 32 31 37 00 00 80 00 00 32 30 32
030: 2E 30 31 43 30 33 57 44 43 20 57 44 32 35 30 30
040: 4B 53 2D 30 30 4D 4A 42 30 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 01 00 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 06 06 00 00 00 40 00 40
0A0: 00 FE 00 00 74 6B 7F 01 40 23 74 69 3C 01 40 23
0B0: 20 7F 00 00 00 00 00 00 FF FE 00 00 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 59 70 1D 1C 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 00 00 00 00 00 00 00 00 16 63 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 10 3F 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F6 A5

memtest - tady vse OK

k tem ovladacum grafiky - kdyz to vezmu poporade, mam totiz docela cerstve nainstalovany win7, tak jsem se vubec divil ze mi to jede takhle blbe, dokonce se mi enorme sekala prace v 3D modelari, ovladacu sem vystridal nekolik (novejsi-starsi) a porad zadna zmena, az pred nekolika dny byl od NVidie vydanej uplne novej, po jeho instalaci, prace ve 3D jiz plynula ale obrazovka porad problikava (bude to urcite softwarova zalezitost, protoze mam na jinym disku XP a tam mi to nedela)

Příspěvekod **Žbeky** » 11 bře 2012 17:11

Ten 250GB disk začíná jít do kytek. aby ne, když má 60°C. -- C4 199 199 __0 000000000001 Počet udalostí s číslem realokování sektorů

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

filatelik · Příspěvekod **filatelik** » 12 bře 2012 02:02

jojo o tom disku vim, je nejlip chlazenej ale stejne se prehriva, uz s nim ani do budoucna nepocitam :)
..jinak monitor mi problikava dal :/

tady log z Combofixu:

ComboFix 12-03-11.01 - Felipe Grande 12.03.2012 1:28.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.2847 [GMT 1:00]
Spuštěný z: c:\users\Felipe Grande\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-12 do 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-12 00:36 . 2012-03-12 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-11 20:19 . 2012-03-11 20:19 -------- d-----w- c:\users\Felipe Grande\AppData\Local\Adobe
2012-03-11 15:05 . 2012-03-11 15:06 -------- d-----w- c:\users\Felipe Grande\AppData\Local\ACD Systems
2012-03-11 09:52 . 2012-03-12 00:38 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-03-11 09:47 . 2012-03-11 09:48 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-03-11 09:27 . 2012-03-11 09:27 -------- d-----w- c:\users\Felipe Grande\AppData\Roaming\Malwarebytes
2012-03-11 09:27 . 2012-03-11 09:27 -------- d-----w- c:\programdata\Malwarebytes
2012-03-11 09:27 . 2012-03-11 09:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-11 09:27 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 21:28 . 2012-03-10 21:28 -------- d-----w- c:\users\Felipe Grande\AppData\Local\GHISLER
2012-03-10 02:46 . 2012-03-10 09:15 -------- d-----w- c:\program files (x86)\SpeedFan
2012-03-09 21:03 . 2012-03-09 21:04 -------- d-----w- c:\program files\AutoCAD 2010
2012-03-09 11:11 . 2012-03-09 11:11 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-03-09 10:00 . 2012-03-10 13:49 -------- d-----w- c:\users\Felipe Grande\dwhelper
2012-03-09 09:48 . 2012-03-09 09:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-09 09:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF5D54F4-E71B-426F-BD25-7CB34E4979A7}\mpengine.dll
2012-03-09 09:23 . 2012-03-09 09:23 -------- d-----w- c:\users\UpdatusUser
2012-03-09 09:22 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-17 09:41 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 09:41 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 09:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 09:40 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 09:40 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 09:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 09:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 09:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 17:57 . 2012-02-12 17:57 -------- d-----w- c:\windows\system32\oodag
2012-02-12 12:53 . 2012-03-09 09:49 -------- d-----w- c:\users\Felipe Grande\AppData\Roaming\Media Player Classic
2012-02-11 23:29 . 2012-02-10 03:14 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-11 23:29 . 2012-02-10 03:07 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-11 23:29 . 2012-02-10 03:14 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-11 23:29 . 2012-02-10 03:07 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-11 23:29 . 2012-02-10 03:07 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-11 23:29 . 2012-02-11 23:29 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-02-11 23:25 . 2012-02-10 04:13 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-11 23:25 . 2012-02-10 04:13 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-11 23:25 . 2012-02-10 04:13 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-11 23:25 . 2012-02-10 04:13 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-11 23:25 . 2012-02-10 04:13 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-11 23:23 . 2012-02-11 23:23 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 09:42 . 2012-02-09 14:08 737280 ----a-w- c:\windows\iun6002.exe
2012-03-09 09:30 . 2012-01-24 16:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2012-01-28 02:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 09:41 . 2012-01-24 15:05 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-06 18:39 . 2012-01-29 18:15 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-06 18:39 . 2012-01-29 18:15 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-06 18:39 . 2012-01-29 18:15 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 16:39 . 2012-02-03 16:39 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-02-03 16:39 . 2012-02-03 16:39 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-02-03 16:39 . 2012-02-03 16:39 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-01-29 15:39 . 2012-01-29 15:39 647168 ----a-w- c:\windows\AutoKMS.exe
2012-01-28 21:46 . 2012-01-28 21:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-28 21:46 . 2012-01-28 21:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-28 21:46 . 2012-01-28 21:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-28 21:46 . 2012-01-28 21:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-28 21:46 . 2012-01-28 21:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-28 21:46 . 2012-01-28 21:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-28 21:46 . 2012-01-28 21:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-28 21:46 . 2012-01-28 21:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-28 21:46 . 2012-01-28 21:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-28 21:46 . 2012-01-28 21:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-28 21:46 . 2012-01-28 21:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-28 21:46 . 2012-01-28 21:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-28 21:46 . 2012-01-28 21:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-28 21:46 . 2012-01-28 21:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-28 21:46 . 2012-01-28 21:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-28 21:46 . 2012-01-28 21:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-28 21:46 . 2012-01-28 21:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-28 21:46 . 2012-01-28 21:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-28 21:46 . 2012-01-28 21:46 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-28 21:46 . 2012-01-28 21:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-28 21:46 . 2012-01-28 21:46 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-28 21:46 . 2012-01-28 21:46 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-28 21:46 . 2012-01-28 21:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-28 21:46 . 2012-01-28 21:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-28 21:46 . 2012-01-28 21:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-28 21:46 . 2012-01-28 21:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-28 21:46 . 2012-01-28 21:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-28 21:46 . 2012-01-28 21:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-28 21:46 . 2012-01-28 21:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-28 21:46 . 2012-01-28 21:46 448512 ----a-w- c:\windows\system32\html.iec
2012-01-28 21:45 . 2012-01-28 21:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-28 21:45 . 2012-01-28 21:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-28 21:45 . 2012-01-28 21:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-28 21:45 . 2012-01-28 21:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-28 18:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-28 18:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-27 16:56 . 2012-01-27 16:57 5359888 ----a-w- c:\windows\uninst.exe
2012-01-26 22:38 . 2012-01-26 22:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-25 03:07 . 2012-01-25 03:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-24 15:14 . 2012-01-24 15:14 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-01-24 15:14 . 2012-01-24 15:14 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-01-24 15:14 . 2012-01-24 15:14 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-01-17 21:00 . 2011-12-19 17:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 17:59 . 2011-12-19 17:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 17:59 . 2011-12-19 17:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 17:59 . 2011-12-19 17:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 17:58 . 2011-12-19 17:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 17:58 . 2011-12-19 17:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-19 17:58 . 2011-12-19 17:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-13 17:27 . 2012-01-24 14:25 4718952 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-12-13 15:58 . 2012-01-24 14:25 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl
2011-12-13 10:01 . 2012-01-24 14:25 1698408 ----a-w- c:\windows\RtlExUpd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e49d8d56-543d-4b71-ba78-150d6dd38374}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BVD_ToolKit\prxtbBVD_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e49d8d56-543d-4b71-ba78-150d6dd38374}"= "c:\program files (x86)\BVD_ToolKit\prxtbBVD_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e49d8d56-543d-4b71-ba78-150d6dd38374}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrtScr by FireStarter"="c:\program files (x86)\PrtScr\PrtScr.exe" [2008-03-19 1375744]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Felipe Grande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 136176]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-06 1030600]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-06 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a04161e-4837-11e1-85c1-0015f22b3f8f}]
\shell\AutoRun\command - I:\Setup.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-12 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-01-29 15:39]
.
2012-03-12 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-01-29 15:39]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 03:41]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 03:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{824E8BD7-F64F-4AB4-BC1A-A32B00C3C1F9}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Felipe Grande\AppData\Roaming\Mozilla\Firefox\Profiles\udgmkysz.profil\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{E49D8D56-543D-4B71-BA78-150D6DD38374} - (no file)
AddRemove-MozBackup - f:\programs+\MozBackup (v1.5.1)\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="181C3CC3EFEA5B78DD9CE2F0A59D0D2A81E9412D60C4ABCA89FC491004278486AC0CBE9658347B9EE9C88A8E45C4C8A1711FF08BE86711275C108AF971424AAA35178E3254FCECE5D1A07125C9BF7DC87A91D19920C8DB78625B34F259816B6670A48E0D203205ED58FEA8A7043EBE8703AD405F0C767C90C57B113A9674D515ECA297418A06CD3A12C13327D7B3D22CC5E20E0AC54715A207125F3817712B731083738EF6EF8532E84C095DBD56356550A47F6AFAD17D4B7AC2D0F55C10BC2593BC60575D2A1BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3D9DB7CE019D40AA5C99301CB82A91B5425E00CC559039F59406A702939CA7436F1379C1EAC2616EB562C0743B19942CAA82C94F90F4BC83A713BFC6C8142E519D38C917775961516C9B905BA615933E83827B32E45FB9005D6DD2F51E053DEB3CC92182497F8F9344366C0BE57F0B1D5AD7C582490C1FBCE0B5188FB623D726B23257945201A528008775C6D65F07C0EE602D522857714F8CF59995ABC716D79AC21D607750F04899C81E51CBDE2B5EB55F0A3961C6C693F497B28F886C251BC131F4FD1280D26F3A972EF488C9ACF6567A894D48FE4B275EEB18074E3244CFAC94B4896E4C41DF4375C1FCC99357C8AFBC2D2F22CCBCEAC2A4CE8B6E5DC99890E809A14D0F449AC647C8B93DD208D9D015C8FD2C1D70074F5A2FAFD3561BDCD7106EE9E5CA79698CD78682043FB173FED3066215054CE46508E789D9A6B6C7A14D390CDDA493D810D2922D3339DAA3B03161047D3ACBB11B0DFAB34E01AB4840C91030D563D5B702C9DA17D7401D3A94C72A107F18FEDFB92DBE4DF7379F913A116D0ADB769A9B44341CA16CFB284D8B1407B9249B88A63E0FDA798E43C89B49149F4AF66D4E5BEE68EB30E535BBB4A779EFB6EBEA207F5A3ECFDD3C3FF421DD27CAA81FFD7314CEA6B1ACA95B300FB340B13FC8CA10A874AA6D26A2EB04A09882E36242809EA6E10F28048F7FEE3C2C90EC12A1A7392425275A80D4AB6A5DD1C237B6C071F835DBA5E1A568D677E2BF7818F0D10E0DB73B6B101F5C88B0DF9168E2686F7340A92556BF07743CDA6B546C799FA8B213EE3613DCB8B3ADF2F19857593F1749C5AED76D7A9F6B2DBE8202C12F6A69EB6817CC1E61884B6A602259596209F55C6EB5C59C9EED754BDF9996B2A91DC9B53BC1E9ED144D07B43EC5F89897923C3A33716F788BF1B15D0AE611DD2D8AF6ACCD45A84CBEC8BFA16571D228E8308E94A1DB0FFAF3AF31CBA061A545D4870E15F83D5B620042C0ED4182F47998BA87BDDBAF8E81E02F7B2798C8BDCF0A6DA2D6278587C148054BF9529722E7BC8CB2B116ED8E4DAD00891EFE1C76C7"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Celkový čas: 2012-03-12 01:43:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-12 00:43
.
Před spuštěním: Volných bajtů: 28 582 338 560
Po spuštění: Volných bajtů: 28 164 374 528
.
- - End Of File - - 59696D874CF8D1767AFC3F82EA18FE2D

Příspěvekod **jaro3** » 12 bře 2012 10:13

Model : WDC WD3200YS-01PGB0
Temparature : 40 C (104 F)---víc chladit!!

(3) WDC WD2500KS-00MJB0
Temparature : 60 C (140 F)
00000000001A Počet přemapovaných sektorů
000000000001 Počet udalostí s číslem realokování sektorů---jak píše Žbeky , je na odchodu.

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
2 antispywarové ochrany , jednu pak zakaž.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\program files (x86)\BVD_ToolKit\prxtbBVD_.dll
I:\Setup.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\AutoKMS.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e49d8d56-543d-4b71-ba78-150d6dd38374}"=- 
[-HKEY_CLASSES_ROOT\clsid\{e49d8d56-543d-4b71-ba78-150d6dd38374}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a04161e-4837-11e1-85c1-0015f22b3f8f}]

Firefox::
FF - ProfilePath - c:\users\Felipe Grande\AppData\Roaming\Mozilla\Firefox\Profiles\udgmkysz.profil\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si Slim Drivers

Pomůže ti najít a aktualizovat ovladače..

filatelik · Příspěvekod **filatelik** » 12 bře 2012 13:52

40C myslíš že je na HDD už vysoká teplota? o těch 60ti vím že je špatný (ono to někdy vystoupá i na 70C, coz je pruser) ale tech 40 se mi zda ok, nebo se milim? jinak chlazeni chci kazdopadne urcite zlepsit, pac tam mam pasivni grafarnu tak mi tam skakaj vyssi teploty...

na ten prog slim drivers mrknu, ja uz sem neco podobnyho hledal a vetsinou se nenasel zadnej freewarovej prográmek podobnýho druhu. (neco jako Driver Detective, Driver Genius, PatchMyPC, UpdateMYDrivers, ale to sem asi nepatri...)

tady log z combofixu:

ComboFix 12-03-11.01 - Felipe Grande 12.03.2012 13:26:33.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.3036 [GMT 1:00]
Spuštěný z: c:\users\Felipe Grande\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Felipe Grande\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\BVD_ToolKit\prxtbBVD_.dll"
"c:\windows\AutoKMS.exe"
"c:\windows\Tasks\AutoKMS.job"
"I:\Setup.exe"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-12 do 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-12 12:34 . 2012-03-12 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-11 20:19 . 2012-03-12 10:22 -------- d-----w- c:\users\Felipe Grande\AppData\Local\Adobe
2012-03-11 15:05 . 2012-03-11 15:06 -------- d-----w- c:\users\Felipe Grande\AppData\Local\ACD Systems
2012-03-11 09:52 . 2012-03-12 12:36 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-03-11 09:47 . 2012-03-11 09:48 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-03-11 09:27 . 2012-03-11 09:27 -------- d-----w- c:\users\Felipe Grande\AppData\Roaming\Malwarebytes
2012-03-11 09:27 . 2012-03-11 09:27 -------- d-----w- c:\programdata\Malwarebytes
2012-03-11 09:27 . 2012-03-11 09:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-11 09:27 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 21:28 . 2012-03-10 21:28 -------- d-----w- c:\users\Felipe Grande\AppData\Local\GHISLER
2012-03-10 02:46 . 2012-03-10 09:15 -------- d-----w- c:\program files (x86)\SpeedFan
2012-03-09 21:03 . 2012-03-09 21:04 -------- d-----w- c:\program files\AutoCAD 2010
2012-03-09 11:11 . 2012-03-09 11:11 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-03-09 10:00 . 2012-03-10 13:49 -------- d-----w- c:\users\Felipe Grande\dwhelper
2012-03-09 09:48 . 2012-03-09 09:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-09 09:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF5D54F4-E71B-426F-BD25-7CB34E4979A7}\mpengine.dll
2012-03-09 09:23 . 2012-03-09 09:23 -------- d-----w- c:\users\UpdatusUser
2012-03-09 09:22 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-17 09:41 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 09:41 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 09:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 09:40 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 09:40 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 09:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 09:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 09:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 17:57 . 2012-02-12 17:57 -------- d-----w- c:\windows\system32\oodag
2012-02-12 12:53 . 2012-03-09 09:49 -------- d-----w- c:\users\Felipe Grande\AppData\Roaming\Media Player Classic
2012-02-11 23:29 . 2012-02-10 03:14 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-11 23:29 . 2012-02-10 03:07 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-11 23:29 . 2012-02-10 03:14 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-11 23:29 . 2012-02-10 03:07 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-11 23:29 . 2012-02-10 03:07 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-11 23:29 . 2012-02-11 23:29 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-02-11 23:25 . 2012-02-10 04:13 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-11 23:25 . 2012-02-10 04:13 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-11 23:25 . 2012-02-10 04:13 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-11 23:25 . 2012-02-10 04:13 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-11 23:25 . 2012-02-10 04:13 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-11 23:23 . 2012-02-11 23:23 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 09:42 . 2012-02-09 14:08 737280 ----a-w- c:\windows\iun6002.exe
2012-03-09 09:30 . 2012-01-24 16:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2012-01-28 02:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 09:41 . 2012-01-24 15:05 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-06 18:39 . 2012-01-29 18:15 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-06 18:39 . 2012-01-29 18:15 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-06 18:39 . 2012-01-29 18:15 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 16:39 . 2012-02-03 16:39 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-02-03 16:39 . 2012-02-03 16:39 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-02-03 16:39 . 2012-02-03 16:39 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-01-29 15:39 . 2012-01-29 15:39 647168 ----a-w- c:\windows\AutoKMS.exe
2012-01-28 21:46 . 2012-01-28 21:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-28 21:46 . 2012-01-28 21:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-28 21:46 . 2012-01-28 21:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-28 21:46 . 2012-01-28 21:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-28 21:46 . 2012-01-28 21:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-28 21:46 . 2012-01-28 21:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-28 21:46 . 2012-01-28 21:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-28 21:46 . 2012-01-28 21:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-28 21:46 . 2012-01-28 21:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-28 21:46 . 2012-01-28 21:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-28 21:46 . 2012-01-28 21:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-28 21:46 . 2012-01-28 21:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-28 21:46 . 2012-01-28 21:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-28 21:46 . 2012-01-28 21:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-28 21:46 . 2012-01-28 21:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-28 21:46 . 2012-01-28 21:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-28 21:46 . 2012-01-28 21:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-28 21:46 . 2012-01-28 21:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-28 21:46 . 2012-01-28 21:46 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-28 21:46 . 2012-01-28 21:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-28 21:46 . 2012-01-28 21:46 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-28 21:46 . 2012-01-28 21:46 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-28 21:46 . 2012-01-28 21:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-28 21:46 . 2012-01-28 21:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-28 21:46 . 2012-01-28 21:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-28 21:46 . 2012-01-28 21:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-28 21:46 . 2012-01-28 21:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-28 21:46 . 2012-01-28 21:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-28 21:46 . 2012-01-28 21:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-28 21:46 . 2012-01-28 21:46 448512 ----a-w- c:\windows\system32\html.iec
2012-01-28 21:45 . 2012-01-28 21:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-28 21:45 . 2012-01-28 21:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-28 21:45 . 2012-01-28 21:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-28 21:45 . 2012-01-28 21:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-28 18:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-28 18:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-27 16:56 . 2012-01-27 16:57 5359888 ----a-w- c:\windows\uninst.exe
2012-01-26 22:38 . 2012-01-26 22:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-25 03:07 . 2012-01-25 03:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-24 15:14 . 2012-01-24 15:14 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-01-24 15:14 . 2012-01-24 15:14 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-01-24 15:14 . 2012-01-24 15:14 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-01-17 21:00 . 2011-12-19 17:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 17:59 . 2011-12-19 17:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 17:59 . 2011-12-19 17:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 17:59 . 2011-12-19 17:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 17:58 . 2011-12-19 17:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 17:58 . 2011-12-19 17:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-19 17:58 . 2011-12-19 17:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-13 17:27 . 2012-01-24 14:25 4718952 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-12-13 15:58 . 2012-01-24 14:25 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-12_00.38.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 14:28 . 2012-03-12 08:28 32510 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-12 08:28 32164 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-24 14:16 . 2012-03-12 08:28 10424 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1193739700-1416340202-3985265929-1000_UserData.bin
+ 2012-01-24 14:05 . 2012-03-12 08:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-24 14:05 . 2012-03-11 10:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-24 14:05 . 2012-03-12 08:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-24 14:05 . 2012-03-11 10:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-12 08:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-11 10:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-12 12:35 . 2012-03-12 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-12 00:37 . 2012-03-12 00:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-12 12:35 . 2012-03-12 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-12 00:37 . 2012-03-12 00:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-24 18:34 . 2012-03-12 11:50 207678 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-03-12 10:51 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-09 09:13 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-03-12 10:51 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2012-03-09 09:13 631054 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-03-12 10:51 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-09 09:13 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2012-03-12 10:51 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 15:18 . 2012-03-09 09:13 121708 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2012-03-12 12:34 492164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-12 00:36 492164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-25 02:37 . 2012-03-12 12:34 5183940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1193739700-1416340202-3985265929-1000-8192.dat
- 2012-01-25 02:37 . 2012-03-12 00:36 5183940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1193739700-1416340202-3985265929-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrtScr by FireStarter"="c:\program files (x86)\PrtScr\PrtScr.exe" [2008-03-19 1375744]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Felipe Grande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 136176]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-06 1030600]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-06 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-12 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-01-29 15:39]
.
2012-03-12 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-01-29 15:39]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 03:41]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 03:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 147.32.110.2 147.32.1.20
TCP: Interfaces\{824E8BD7-F64F-4AB4-BC1A-A32B00C3C1F9}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Felipe Grande\AppData\Roaming\Mozilla\Firefox\Profiles\udgmkysz.profil\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{e49d8d56-543d-4b71-ba78-150d6dd38374} - (no file)
WebBrowser-{E49D8D56-543D-4B71-BA78-150D6DD38374} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="181C3CC3EFEA5B78DD9CE2F0A59D0D2A81E9412D60C4ABCA89FC491004278486AC0CBE9658347B9EE9C88A8E45C4C8A1711FF08BE86711275C108AF971424AAA35178E3254FCECE5D1A07125C9BF7DC87A91D19920C8DB78625B34F259816B6670A48E0D203205ED58FEA8A7043EBE8703AD405F0C767C90C57B113A9674D515ECA297418A06CD3A12C13327D7B3D22CC5E20E0AC54715A207125F3817712B731083738EF6EF8532E84C095DBD56356550A47F6AFAD17D4B7AC2D0F55C10BC2593BC60575D2A1BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3D9DB7CE019D40AA5C99301CB82A91B5425E00CC559039F59406A702939CA7436F1379C1EAC2616EB562C0743B19942CAA82C94F90F4BC83A713BFC6C8142E519D38C917775961516C9B905BA615933E83827B32E45FB9005D6DD2F51E053DEB3CC92182497F8F9344366C0BE57F0B1D5AD7C582490C1FBCE0B5188FB623D726B23257945201A528008775C6D65F07C0EE602D522857714F8CF59995ABC716D79AC21D607750F04899C81E51CBDE2B5EB55F0A3961C6C693F497B28F886C251BC131F4FD1280D26F3A972EF488C9ACF6567A894D48FE4B275EEB18074E3244CFAC94B4896E4C41DF4375C1FCC99357C8AFBC2D2F22CCBCEAC2A4CE8B6E5DC99890E809A14D0F449AC647C8B93DD208D9D015C8FD2C1D70074F5A2FAFD3561BDCD7106EE9E5CA79698CD78682043FB173FED3066215054CE46508E789D9A6B6C7A14D390CDDA493D810D2922D3339DAA3B03161047D3ACBB11B0DFAB34E01AB4840C91030D563D5B702C9DA17D7401D3A94C72A107F18FEDFB92DBE4DF7379F913A116D0ADB769A9B44341CA16CFB284D8B1407B9249B88A63E0FDA798E43C89B49149F4AF66D4E5BEE68EB30E535BBB4A779EFB6EBEA207F5A3ECFDD3C3FF421DD27CAA81FFD7314CEA6B1ACA95B300FB340B13FC8CA10A874AA6D26A2EB04A09882E36242809EA6E10F28048F7FEE3C2C90EC12A1A7392425275A80D4AB6A5DD1C237B6C071F835DBA5E1A568D677E2BF7818F0D10E0DB73B6B101F5C88B0DF9168E2686F7340A92556BF07743CDA6B546C799FA8B213EE3613DCB8B3ADF2F19857593F1749C5AED76D7A9F6B2DBE8202C12F6A69EB6817CC1E61884B6A602259596209F55C6EB5C59C9EED754BDF9996B2A91DC9B53BC1E9ED144D07B43EC5F89897923C3A33716F788BF1B15D0AE611DD2D8AF6ACCD45A84CBEC8BFA16571D228E8308E94A1DB0FFAF3AF31CBA061A545D4870E15F83D5B620042C0ED4182F47998BA87BDDBAF8E81E02F7B2798C8BDCF0A6DA2D6278587C148054BF9529722E7BC8CB2B116ED8E4DAD00891EFE1C76C7"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Celkový čas: 2012-03-12 13:41:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-12 12:41
ComboFix2.txt 2012-03-12 00:43
.
Před spuštěním: Volných bajtů: 27 831 144 448
Po spuštění: Volných bajtů: 27 645 706 240
.
- - End Of File - - 1BC359507BCC8D0A0BF3829C5FE1A528

HJT log :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:56:08, on 12.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PrtScr\PrtScr.exe
C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Felipe Grande\Desktop\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BVD ToolKit - {e49d8d56-543d-4b71-ba78-150d6dd38374} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{824E8BD7-F64F-4AB4-BC1A-A32B00C3C1F9}: NameServer = 8.26.56.26,156.154.70.22
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8487 bytes

Příspěvekod **jaro3** » 12 bře 2012 15:03

Máš cracklý Office.....

Ani ten fix v HJT si neudělal..Combofix nic nesmazal , zkopíroval si celý script? Je tam posuvník!

Udělej bvše ještě jednou u HJT (2 příspěvek máš odkaz na návod)

40st. u HDD v PC je varující!!

Stáhni AVP Tools
na svojí plochu.

Zaškrtni :
Hidden startup objects
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
A jiné , např. Flash disky , které máš připojeny.

Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.

Pokud se Ti log nezobrazí:
Pokud máš AVPtool stále zapnutý, zkus zmáčknout tlačítko Zpráva (Report).
Pokud se Ti zobrazí tabulka, klikni na ní pravým myšítkem a dej Maximalize a měli by se Ti zobrazit výsledky.

filatelik · Příspěvekod **filatelik** » 12 bře 2012 15:39

Jeste k tomu HJT nez se vrhnu k dalsimu v popisu, ja to urcite fixnul, nevim kde je ted chyba. Jak sem to ted znovu spustil tak mi vyskocilo

...podle navodu jsem otevrel txt soubor hosts ale nic o hjt tam nebylo..

jinak ten Combofix, ted na to zpetne koukam a ja sem do toho txt asi vazne zkopiroval jen cast (tu viditelnou, nevsiml sem si ze tam je vpravo scroll bar nize), nez se pustim do dalsich uprav mam spoustet znova?

postup: znovu HJT fix + combofix ?

Příspěvekod **Žbeky** » 12 bře 2012 16:37

V hjt nic s hosts nedelas. Jen to spustis jako spravce

Odesláno z mého HTC HD2 pomocí Tapatalk

Příspěvekod **jaro3** » 12 bře 2012 18:25

postup: znovu HJT fix + combofix ?

---jo

filatelik · Příspěvekod **filatelik** » 13 bře 2012 14:29

tak ještě omluva za předchozí zmatky a pokračování tady:

postupoval sem:

1.HJT fixem
2.combofix fixem (pretazenim txt) --> log
3.nový scan + log HJT
4.AVP Tools scan - kterej mi ale po 10ti hodinách scanu spadl, jinak nic teda nenašel

pozn: při HJT scanu se k fixnutí objevily uz pouze jen 3 polozky k fixnutí z výše uvedenýho seznamu, po fixnutí a následným scanu se tam ale zase všechny zobrazují, konkrétně tyto:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
...po zásahu combofixem koukám při posledním scanu už jen poslední zmiňovaný "O2..."

nový log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:53:44, on 13.3.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
C:\Users\Felipe Grande\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BVD ToolKit - {e49d8d56-543d-4b71-ba78-150d6dd38374} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{824E8BD7-F64F-4AB4-BC1A-A32B00C3C1F9}: NameServer = 8.26.56.26,156.154.70.22
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8392 bytes

LOG z Combofixu tady:

ComboFix 12-03-11.01 - Felipe Grande 13.03.2012 3:24.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.2716 [GMT 1:00]
Spuštěný z: c:\users\Felipe Grande\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Felipe Grande\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\BVD_ToolKit\prxtbBVD_.dll"
"c:\windows\AutoKMS.exe"
"c:\windows\Tasks\AutoKMS.job"
"I:\Setup.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-13 do 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 02:31 . 2012-03-13 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-12 16:08 . 2012-03-13 02:34 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-03-12 15:18 . 2012-03-12 15:18 -------- d-----w- C:\Autodesk
2012-03-12 15:04 . 2012-03-12 15:04 -------- d-----w- c:\users\Felipe Grande\AppData\Local\Autodesk
2012-03-12 13:59 . 2012-03-12 13:59 -------- d-----w- c:\users\Felipe Grande\AppData\Local\SlimWare Utilities Inc
2012-03-12 13:43 . 2012-03-12 15:45 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-03-11 20:19 . 2012-03-12 10:22 -------- d-----w- c:\users\Felipe Grande\AppData\Local\Adobe
2012-03-11 15:05 . 2012-03-11 15:06 -------- d-----w- c:\users\Felipe Grande\AppData\Local\ACD Systems
2012-03-11 09:47 . 2012-03-11 09:48 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2012-03-11 09:27 . 2012-03-11 09:27 -------- d-----w- c:\users\Felipe Grande\AppData\Roaming\Malwarebytes
2012-03-11 09:27 . 2012-03-11 09:27 -------- d-----w- c:\programdata\Malwarebytes
2012-03-11 09:27 . 2012-03-11 09:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-11 09:27 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 21:28 . 2012-03-10 21:28 -------- d-----w- c:\users\Felipe Grande\AppData\Local\GHISLER
2012-03-10 02:46 . 2012-03-10 09:15 -------- d-----w- c:\program files (x86)\SpeedFan
2012-03-09 21:03 . 2012-03-12 15:45 -------- d-----w- c:\program files\AutoCAD 2010
2012-03-09 11:11 . 2012-03-09 11:11 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-03-09 10:00 . 2012-03-10 13:49 -------- d-----w- c:\users\Felipe Grande\dwhelper
2012-03-09 09:48 . 2012-03-09 09:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-09 09:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF5D54F4-E71B-426F-BD25-7CB34E4979A7}\mpengine.dll
2012-03-09 09:23 . 2012-03-12 15:49 -------- d-----w- c:\users\UpdatusUser
2012-03-09 09:22 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-17 09:41 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 09:41 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 09:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 09:40 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 09:40 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 09:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 09:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 09:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 17:57 . 2012-02-12 17:57 -------- d-----w- c:\windows\system32\oodag
2012-02-12 12:53 . 2012-03-12 15:34 -------- d-----w- c:\users\Felipe Grande\AppData\Roaming\Media Player Classic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 09:42 . 2012-02-09 14:08 737280 ----a-w- c:\windows\iun6002.exe
2012-03-09 09:30 . 2012-01-24 16:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2012-01-28 02:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 09:41 . 2012-01-24 15:05 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-10 04:13 . 2012-02-11 23:25 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 04:13 . 2012-02-11 23:25 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-02-11 23:25 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-02-11 23:25 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-02-11 23:25 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 03:14 . 2012-02-11 23:29 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2012-02-11 23:29 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2012-02-11 23:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:07 . 2012-02-11 23:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:07 . 2012-02-11 23:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-06 18:39 . 2012-01-29 18:15 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-06 18:39 . 2012-01-29 18:15 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-06 18:39 . 2012-01-29 18:15 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 16:39 . 2012-02-03 16:39 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-02-03 16:39 . 2012-02-03 16:39 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-02-03 16:39 . 2012-02-03 16:39 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-01-29 15:39 . 2012-01-29 15:39 647168 ----a-w- c:\windows\AutoKMS.exe
2012-01-28 21:46 . 2012-01-28 21:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-28 21:46 . 2012-01-28 21:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-28 21:46 . 2012-01-28 21:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-28 21:46 . 2012-01-28 21:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-28 21:46 . 2012-01-28 21:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-28 21:46 . 2012-01-28 21:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-28 21:46 . 2012-01-28 21:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-28 21:46 . 2012-01-28 21:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-28 21:46 . 2012-01-28 21:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-28 21:46 . 2012-01-28 21:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-28 21:46 . 2012-01-28 21:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-28 21:46 . 2012-01-28 21:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-28 21:46 . 2012-01-28 21:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-28 21:46 . 2012-01-28 21:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-28 21:46 . 2012-01-28 21:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-28 21:46 . 2012-01-28 21:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-28 21:46 . 2012-01-28 21:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-28 21:46 . 2012-01-28 21:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-28 21:46 . 2012-01-28 21:46 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-28 21:46 . 2012-01-28 21:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-28 21:46 . 2012-01-28 21:46 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-28 21:46 . 2012-01-28 21:46 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-28 21:46 . 2012-01-28 21:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-28 21:46 . 2012-01-28 21:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-28 21:46 . 2012-01-28 21:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-28 21:46 . 2012-01-28 21:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-28 21:46 . 2012-01-28 21:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-28 21:46 . 2012-01-28 21:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-28 21:46 . 2012-01-28 21:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-28 21:46 . 2012-01-28 21:46 448512 ----a-w- c:\windows\system32\html.iec
2012-01-28 21:45 . 2012-01-28 21:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-28 21:45 . 2012-01-28 21:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-28 21:45 . 2012-01-28 21:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-28 21:45 . 2012-01-28 21:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-28 18:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-28 18:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-27 16:56 . 2012-01-27 16:57 5359888 ----a-w- c:\windows\uninst.exe
2012-01-26 22:38 . 2012-01-26 22:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-25 03:07 . 2012-01-25 03:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-24 15:14 . 2012-01-24 15:14 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-01-24 15:14 . 2012-01-24 15:14 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-01-24 15:14 . 2012-01-24 15:14 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrtScr by FireStarter"="c:\program files (x86)\PrtScr\PrtScr.exe" [2008-03-19 1375744]
"AdobeBridge"="" [BU]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Felipe Grande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 136176]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-06 1030600]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-06 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a04161e-4837-11e1-85c1-0015f22b3f8f}]
\shell\AutoRun\command - I:\Setup.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-13 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-01-29 15:39]
.
2012-03-13 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-01-29 15:39]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 03:41]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 03:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 147.32.110.2 147.32.1.20
TCP: Interfaces\{824E8BD7-F64F-4AB4-BC1A-A32B00C3C1F9}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Felipe Grande\AppData\Roaming\Mozilla\Firefox\Profiles\udgmkysz.profil\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{e49d8d56-543d-4b71-ba78-150d6dd38374} - (no file)
WebBrowser-{E49D8D56-543D-4B71-BA78-150D6DD38374} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-1193739700-1416340202-3985265929-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-1193739700-1416340202-3985265929-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="181C3CC3EFEA5B78DD9CE2F0A59D0D2A81E9412D60C4ABCA89FC491004278486AC0CBE9658347B9EE9C88A8E45C4C8A1711FF08BE86711275C108AF971424AAA35178E3254FCECE5D1A07125C9BF7DC87A91D19920C8DB78625B34F259816B6670A48E0D203205ED58FEA8A7043EBE8703AD405F0C767C90C57B113A9674D515ECA297418A06CD3A12C13327D7B3D22CC5E20E0AC54715A207125F3817712B731083738EF6EF8532E84C095DBD56356550A47F6AFAD17D4B7AC2D0F55C10BC2593BC60575D2A1BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3D9DB7CE019D40AA5C99301CB82A91B5425E00CC559039F59406A702939CA7436F1379C1EAC2616EB562C0743B19942CAA82C94F90F4BC83A713BFC6C8142E519D38C917775961516C9B905BA615933E83827B32E45FB9005D6DD2F51E053DEB3CC92182497F8F9344366C0BE57F0B1D5AD7C582490C1FBCE0B5188FB623D726B23257945201A528008775C6D65F07C0EE602D522857714F8CF59995ABC716D79AC21D607750F04899C81E51CBDE2B5EB55F0A3961C6C693F497B28F886C251BC131F4FD1280D26F3A972EF488C9ACF6567A894D48FE4B275EEB18074E3244CFAC94B4896E4C41DF4375C1FCC99357C8AFBC2D2F22CCBCEAC2A4CE8B6E5DC99890E809A14D0F449AC647C8B93DD208D9D015C8FD2C1D70074F5A2FAFD3561BDCD7106EE9E5CA79698CD78682043FB173FED3066215054CE46508E789D9A6B6C7A14D390CDDA493D810D2922D3339DAA3B03161047D3ACBB11B0DFAB34E01AB4840C91030D563D5B702C9DA17D7401D3A94C72A107F18FEDFB92DBE4DF7379F913A116D0ADB769A9B44341CA16CFB284D8B1407B9249B88A63E0FDA798E43C89B49149F4AF66D4E5BEE68EB30E535BBB4A779EFB6EBEA207F5A3ECFDD3C3FF421DD27CAA81FFD7314CEA6B1ACA95B300FB340B13FC8CA10A874AA6D26A2EB04A09882E36242809EA6E10F28048F7FEE3C2C90EC12A1A7392425275A80D4AB6A5DD1C237B6C071F835DBA5E1A568D677E2BF7818F0D10E0DB73B6B101F5C88B0DF9168E2686F7340A92556BF07743CDA6B546C799FA8B213EE3613DCB8B3ADF2F19857593F1749C5AED76D7A9F6B2DBE8202C12F6A69EB6817CC1E61884B6A602259596209F55C6EB5C59C9EED754BDF9996B2A91DC9B53BC1E9ED144D07B43EC5F89897923C3A33716F788BF1B15D0AE611DD2D8AF6ACCD45A84CBEC8BFA16571D228E8308E94A1DB0FFAF3AF31CBA061A545D4870E15F83D5B620042C0ED4182F47998BA87BDDBAF8E81E02F7B2798C8BDCF0A6DA2D6278587C148054BF9529722E7BC8CB2B116ED8E4DAD00891EFE1C76C7"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Celkový čas: 2012-03-13 03:38:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-13 02:38
ComboFix2.txt 2012-03-12 12:41
ComboFix3.txt 2012-03-12 00:43
.
Před spuštěním: Volných bajtů: 23 877 156 864
Po spuštění: Volných bajtů: 23 246 483 456
.
- - End Of File - - 702AF2B27EDFCF6ED9738610DFDAFE19

prosím o kontrolu HJT - PC zamrzá Vyřešeno

prosím o kontrolu HJT - PC zamrzá Vyřešeno

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Re: prosím o kontrolu HJT - PC zamrzá

Kdo je online