Zvláštní věc - možná nákaza

Zpráva

Doobee · #1 Příspěvek od **Doobee** » 01 lis 2011 16:21

Zdravím. Asi druhý den si všímám, že se PC chová zvláštně a dneska, po spuštění starší hry ( nevidím v tom však souvislost ) se mi místo mé původní plochy objevilo tohle :

Kolem dokola samozřejmě mé normální ikony, změnilo se jen pozadí

Nevidí v tom někdo náhodou něco povědomého nebo nebezpečného? Je to sice malá věc, ale už to naznačuje, že mé PC není 100%-ně zdrávo

Každá rada dobrá

#2 Příspěvek od **Rudy** » 01 lis 2011 17:57

Také zdravím!
Nejprve dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

Doobee · #3 Příspěvek od **Doobee** » 02 lis 2011 10:42

Ok, tady jsou logy. Dal jsem 3-měsíční kontrolu

Info.txt

info.txt logfile of random's system information tool 1.09 2011-09-13 20:42:32

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
µTorrent-->"D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\FlashUtil10w_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
ASUS WebCam, 1.3M, USB2.0, FF-->D:\WINDOWS\remove.exe
ATI Display Driver (Omega 3.8.442)-->rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATITool Overclocking Utility-->"D:\Program Files\ATITool\Uninstall.exe"
Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BS.Player FREE-->"D:\Program Files\BSplayer\uninstall.exe"
CCleaner-->"D:\Program Files\CCleaner\uninst.exe"
Crimecraft: BLEEDOUT -->"D:\Program Files\Steam\steam.exe" steam://uninstall/38830
DAEMON Tools Lite-->D:\Program Files\DAEMON Tools Lite\uninst.exe
Defraggler-->"D:\Program Files\Defraggler\uninst.exe"
Eurobattle.net-->"C:\Hry\Warcraft III\uninstall.exe" "/U:C:\Hry\Warcraft III\Uninstall\uninstall.xml"
Foxit Reader-->D:\Program Files\Foxit Reader\Uninstall.exe
Hero Editor V1.03-->D:\WINDOWS\st6unst.exe -n "D:\Diablo II\Hero Editor\ST6UNST.LOG"
Hero Editor V1.04-->D:\WINDOWS\st6unst.exe -n "D:\Diablo II\Hero Editor\ST6UNST.LOG"
Heroes of Newerth-->C:\Hry\HoN\uninstall.exe
IrfanView (remove only)-->D:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
jetAudio 8.0.x Czech Language Pack-->D:\Program Files\JetAudio\Uninstall_CSY_LPack.exe
jetAudio Basic VX-->"D:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -runfromtemp -l0x0405 -removeonly
jetVideo Basic VX-->"D:\Program Files\InstallShield Installation Information\{DC50950F-9308-49FE-8B50-859EBB08B6F6}\setup.exe" -runfromtemp -l0x0405 -removeonly
K-Lite Mega Codec Pack 7.5.0-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
League of Legends-->"D:\Program Files\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY-->MsiExec.exe /I{129DDEC1-A6A3-3D60-AABE-76E6E5334922}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY-->MsiExec.exe /I{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - CSY-->d:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - csy\setup.exe
Microsoft .NET Framework 3.5 Language Pack - csy-->MsiExec.exe /I{74DCC43B-33C9-3389-BD0D-33EB37973657}
Microsoft .NET Framework 3.5-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Minecraft 1.4-->MsiExec.exe /I{3547CA26-B739-4661-BCBA-FC5DB1241DBD}
Pando Media Booster-->D:\Program Files\Pando Networks\Media Booster\uninst.exe
Radeon Omega Drivers v4.8.442 Setup Files and Tools-->"D:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:D:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"
REALTEK GbE & FE Ethernet PCI NIC Driver-->D:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Security Task Manager 1.8d-->D:\Program Files\Security Task Manager\Uninstal.exe "D:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Super Ovladač-->"D:\Program Files\SuperOvladac\unins000.exe"
ViewMate Pro W5202 Webcam Rev.1a-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR 4.01 (32-bit)-->D:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"D:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

174.37.45.137 minecraft.net www.minecraft.net

======Security center information======

AV: AntiVir Desktop (outdated)

======System event log======

Computer Name: DB-PC
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 304
Source Name: SideBySide
Time Written: 20110731203953.000000+120
Event Type: error
User:

Computer Name: DB-PC
Event Code: 32
Message: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Record Number: 303
Source Name: SideBySide
Time Written: 20110731203953.000000+120
Event Type: error
User:

Computer Name: DB-PC
Event Code: 59
Message: Generate Activation Context failed for C:\Hry\Warcraft III\gproxy.exe.
Reference error message: The operation completed successfully.
.

Record Number: 302
Source Name: SideBySide
Time Written: 20110731203928.000000+120
Event Type: error
User:

Computer Name: DB-PC
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 301
Source Name: SideBySide
Time Written: 20110731203928.000000+120
Event Type: error
User:

Computer Name: DB-PC
Event Code: 32
Message: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Record Number: 300
Source Name: SideBySide
Time Written: 20110731203928.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: DB-PC
Event Code: 1002
Message: Hanging application wordpad.exe, version 5.1.2600.6010, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 546
Source Name: Application Hang
Time Written: 20110819102308.000000+120
Event Type: error
User:

Computer Name: DB-PC
Event Code: 1002
Message: Hanging application i_view32.exe, version 4.2.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 432
Source Name: Application Hang
Time Written: 20110811072723.000000+120
Event Type: error
User:

Computer Name: DB-PC
Event Code: 1000
Message: Faulting application gproxy.exe, version 0.0.0.0, faulting module msvcr90.dll, version 9.0.21022.8, fault address 0x0006c955.

Record Number: 310
Source Name: Application Error
Time Written: 20110804000020.000000+120
Event Type: error
User:

Computer Name: DB-PC
Event Code: 1000
Message: Faulting application gproxy.exe, version 0.0.0.0, faulting module msvcr90.dll, version 9.0.21022.8, fault address 0x0006c955.

Record Number: 309
Source Name: Application Error
Time Written: 20110803235953.000000+120
Event Type: error
User:

Computer Name: DB-PC
Event Code: 1000
Message: Faulting application twoworlds.exe, version 1.5.0.0, faulting module twoworlds.exe, version 1.5.0.0, fault address 0x00424cc0.

Record Number: 307
Source Name: Application Error
Time Written: 20110803221635.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Log.txt

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-11-02 10:40:22
Microsoft Windows XP Professional Service Pack 3
System drive D: has 19 GB (23%) free of 80 GB
Total RAM: 1023 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:31, on 2.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Desktop\RSIT.exe
D:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 174.37.45.137 minecraft.net www.minecraft.net
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ATITool.lnk = D:\Program Files\ATITool\ATITool.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4371 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-117609710-1801674531-500Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-117609710-1801674531-500UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-31 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-31 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=D:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-31 136176]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM]
D:\Program Files\FinitySoft Memory Manger\MemoryManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
D:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-08-08 3077528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
D:\WINDOWS\RTHDCPL.EXE [2011-08-09 20055144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
D:\WINDOWS\vsnp2std.exe [2006-01-06 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Program Files\Steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
D:\WINDOWS\tsnp2std.exe [2005-11-14 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^TP-LINK Wireless Utility.lnk]
D:\PROGRA~1\TP-LINK\TL-WN3~1\RtWLan.exe [2007-07-26 790528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Start BT in service"=2
"idsvc"=3
"IDriverT"=3
"BlueSoleil Hid Service"=2

D:\Documents and Settings\Administrator\Start Menu\Programs\Startup
ATITool.lnk - D:\Program Files\ATITool\ATITool.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Hry\Warcraft III\gproxy.exe"="C:\Hry\Warcraft III\gproxy.exe:*:Enabled:gproxy"
"C:\Hry\Warcraft III\euroloader.exe"="C:\Hry\Warcraft III\euroloader.exe:*:Enabled:euroloader.exe"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\Pando Networks\Media Booster\PMB.exe"="D:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"D:\Program Files\Steam\Steam.exe"="D:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Pando Networks\Media Booster\PMB.exe"="D:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.lhacm"=lhacm.acm
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 3 months======

2011-11-02 06:43:29 ----A---- D:\WINDOWS\system32\FNTCACHE.DAT
2011-10-30 14:18:08 ----D---- D:\Program Files\Common Files\3DO Shared
2011-10-30 14:18:08 ----D---- D:\Program Files\3DO
2011-10-30 14:05:58 ----A---- D:\WINDOWS\IsUninst.exe
2011-10-27 14:56:10 ----A---- D:\WINDOWS\RTacDbg.txt
2011-10-27 14:55:54 ----A---- D:\WINDOWS\system32\drivers\AegisP.sys
2011-10-27 14:55:40 ----RA---- D:\WINDOWS\system32\drivers\rtl8185.sys
2011-10-27 14:55:35 ----A---- D:\WINDOWS\system32\drivers\EAPPkt.sys
2011-10-27 14:55:34 ----D---- D:\WINDOWS\system32\TP-LINK Wireless Adapter Driver and Utility
2011-10-27 14:55:34 ----D---- D:\Program Files\TP-LINK
2011-10-27 14:55:26 ----D---- D:\Documents and Settings\Administrator\Application Data\InstallShield
2011-10-16 14:04:08 ----D---- D:\King's Bounty Crossworlds
2011-10-16 13:56:48 ----D---- D:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
2011-10-16 13:56:47 ----D---- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2011-10-15 04:18:29 ----D---- D:\WINDOWS\system32\URTTEMP
2011-10-08 13:14:51 ----D---- D:\Documents and Settings\Administrator\Application Data\Razor
2011-10-05 20:20:02 ----D---- D:\Program Files\Cisco Packet Tracer 5.3.2
2011-10-01 17:00:46 ----ASH---- D:\hiberfil.sys
2011-09-17 00:34:47 ----D---- D:\Documents and Settings\Administrator\Application Data\Mozilla
2011-09-16 10:47:31 ----A---- D:\WINDOWS\system32\hidserv.dll
2011-09-16 10:46:56 ----HDC---- D:\WINDOWS\$NtUninstallWdf01005$
2011-09-16 10:45:13 ----A---- D:\WINDOWS\system32\btathci.dll
2011-09-16 10:25:47 ----A---- D:\WINDOWS\system32\drivers\bthmodem.sys
2011-09-16 10:24:52 ----A---- D:\WINDOWS\system32\drivers\bthpan.sys
2011-09-16 10:24:44 ----A---- D:\WINDOWS\system32\wshirda.dll
2011-09-16 10:24:44 ----A---- D:\WINDOWS\system32\irmon.dll
2011-09-16 10:24:44 ----A---- D:\WINDOWS\system32\drivers\rfcomm.sys
2011-09-16 10:24:44 ----A---- D:\WINDOWS\system32\drivers\BthEnum.sys
2011-09-16 10:24:43 ----A---- D:\WINDOWS\system32\irftp.exe
2011-09-16 10:24:38 ----A---- D:\WINDOWS\system32\drivers\BTHUSB.SYS
2011-09-15 19:19:51 ----D---- D:\Program Files\Mumble
2011-09-13 19:42:18 ----D---- D:\rsit
2011-09-10 22:51:14 ----AH---- D:\WINDOWS\system32\HsInfo.dat
2011-09-10 19:35:49 ----D---- D:\Documents and Settings\Administrator\Application Data\LolClient
2011-09-10 19:35:23 ----D---- D:\Documents and Settings\All Users\Application Data\PMB Files
2011-09-08 14:47:26 ----D---- D:\Diablo II
2011-09-08 10:37:38 ----N---- D:\WINDOWS\Setup1.exe
2011-09-08 10:37:36 ----A---- D:\WINDOWS\ST6UNST.EXE
2011-09-08 08:38:00 ----D---- D:\Documents and Settings\Administrator\Application Data\WinRAR
2011-09-08 07:37:55 ----D---- D:\Documents and Settings\Administrator\Application Data\Avira
2011-09-07 21:33:57 ----D---- D:\Program Files\Defraggler
2011-09-07 20:32:47 ----D---- D:\Program Files\trend micro
2011-09-07 19:39:18 ----D---- D:\Documents and Settings\Administrator\Application Data\Macromedia
2011-09-07 18:49:04 ----D---- D:\WINDOWS\system32\NtmsData
2011-09-07 18:42:00 ----A---- D:\WINDOWS\system32\drivers\ssmdrv.sys
2011-09-07 18:41:59 ----A---- D:\WINDOWS\system32\drivers\avipbb.sys
2011-09-07 18:41:59 ----A---- D:\WINDOWS\system32\drivers\avgntmgr.sys
2011-09-07 18:41:59 ----A---- D:\WINDOWS\system32\drivers\avgntflt.sys
2011-09-07 18:41:59 ----A---- D:\WINDOWS\system32\drivers\avgntdd.sys
2011-09-07 18:41:58 ----D---- D:\Program Files\Avira
2011-09-07 18:41:58 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2011-09-03 09:00:01 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2011-08-27 19:40:57 ----D---- D:\WINDOWS\pss
2011-08-27 18:54:59 ----D---- D:\Program Files\Common Files\Steam
2011-08-24 09:57:41 ----A---- D:\WINDOWS\system32\drivers\MSTEE.sys
2011-08-24 09:57:39 ----A---- D:\WINDOWS\system32\drivers\NdisIP.sys
2011-08-24 09:57:38 ----A---- D:\WINDOWS\system32\drivers\StreamIP.sys
2011-08-24 09:57:37 ----A---- D:\WINDOWS\system32\drivers\SLIP.sys
2011-08-24 09:57:36 ----A---- D:\WINDOWS\system32\drivers\WSTCODEC.SYS
2011-08-24 09:57:34 ----A---- D:\WINDOWS\system32\drivers\NABTSFEC.sys
2011-08-24 09:57:33 ----A---- D:\WINDOWS\system32\drivers\CCDECODE.sys
2011-08-24 09:57:21 ----A---- D:\WINDOWS\system32\vfwwdm32.dll
2011-08-24 09:54:16 ----A---- D:\WINDOWS\amcap.exe
2011-08-24 09:54:15 ----A---- D:\WINDOWS\WindowsXP-KB822603-x86.exe
2011-08-24 09:54:15 ----A---- D:\WINDOWS\vsnp2std.exe
2011-08-24 09:54:15 ----A---- D:\WINDOWS\tsnp2std.exe
2011-08-24 09:54:15 ----A---- D:\WINDOWS\system32\drivers\sncamd.sys
2011-08-24 09:54:15 ----A---- D:\WINDOWS\snp2std.src
2011-08-24 09:54:15 ----A---- D:\WINDOWS\snp2std.ini
2011-08-24 09:54:14 ----A---- D:\WINDOWS\system32\drivers\snp2sxp.sys
2011-08-24 09:54:13 ----D---- D:\Program Files\Common Files\snp2std
2011-08-24 09:54:13 ----A---- D:\WINDOWS\system32\vsnp2std.dll
2011-08-24 09:54:13 ----A---- D:\WINDOWS\system32\rsnp2std.dll
2011-08-24 09:54:13 ----A---- D:\WINDOWS\system32\csnp2std.dll
2011-08-23 22:29:08 ----D---- D:\Documents and Settings\Administrator\Application Data\ts3overlay
2011-08-22 17:59:09 ----D---- D:\Program Files\BSplayer
2011-08-19 09:04:25 ----D---- D:\Program Files\Foxit Reader
2011-08-08 21:09:25 ----D---- D:\Riot Games
2011-08-08 20:36:35 ----D---- D:\Program Files\Pando Networks
2011-08-06 15:08:04 ----A---- D:\WINDOWS\system32\drivers\USBSTOR.SYS
2011-08-06 14:00:03 ----N---- D:\WINDOWS\system32\spmsg.dll
2011-08-06 13:59:53 ----A---- D:\WINDOWS\system32\wmpns.dll
2011-08-06 13:59:49 ----D---- D:\Program Files\Windows Media Connect 2
2011-08-06 13:59:43 ----HDC---- D:\WINDOWS\$NtUninstallwmp11$
2011-08-06 13:59:19 ----HDC---- D:\WINDOWS\$NtUninstallWMFDist11$
2011-08-06 13:59:05 ----D---- D:\WINDOWS\system32\drivers\UMDF
2011-08-06 13:58:59 ----HDC---- D:\WINDOWS\$NtUninstallWudf01000$
2011-08-06 13:55:24 ----A---- D:\WINDOWS\system32\unrar.dll
2011-08-06 13:55:23 ----A---- D:\WINDOWS\avisplitter.ini
2011-08-06 13:55:22 ----A---- D:\WINDOWS\system32\yv12vfw.dll
2011-08-06 13:55:22 ----A---- D:\WINDOWS\system32\xvidvfw.dll
2011-08-06 13:55:22 ----A---- D:\WINDOWS\system32\xvidcore.dll
2011-08-06 13:55:22 ----A---- D:\WINDOWS\system32\ff_vfw.dll
2011-08-06 13:55:19 ----D---- D:\Program Files\K-Lite Codec Pack
2011-08-03 23:07:13 ----A---- D:\WINDOWS\War3Unin.pif
2011-08-03 23:07:13 ----A---- D:\WINDOWS\War3Unin.exe
2011-08-03 23:07:13 ----A---- D:\WINDOWS\War3Unin.dat
2011-08-03 15:34:20 ----D---- D:\Program Files\ATITool

======List of files/folders modified in the last 3 months======

2011-11-02 06:47:48 ----D---- D:\WINDOWS\system32
2011-11-02 06:47:47 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2011-11-02 06:43:53 ----D---- D:\WINDOWS\Temp
2011-11-02 06:43:52 ----D---- D:\WINDOWS\system32\CatRoot2
2011-11-02 06:43:47 ----HD---- D:\WINDOWS
2011-11-01 22:36:06 ----A---- D:\WINDOWS\SchedLgU.Txt
2011-11-01 21:38:43 ----D---- D:\WINDOWS\Prefetch
2011-11-01 16:08:45 ----D---- D:\WINDOWS\system32\LogFiles
2011-11-01 16:08:45 ----D---- D:\Documents and Settings\Administrator\Application Data\uTorrent
2011-11-01 16:08:45 ----D---- D:\Documents and Settings\Administrator\Application Data\Skype
2011-10-31 22:42:43 ----D---- D:\uTorrent
2011-10-30 14:18:08 ----RD---- D:\Program Files
2011-10-30 14:17:40 ----D---- D:\Program Files\Common Files
2011-10-29 09:56:14 ----A---- D:\WINDOWS\win.ini
2011-10-29 09:56:14 ----A---- D:\WINDOWS\system.ini
2011-10-28 03:54:47 ----SHD---- D:\WINDOWS\Installer
2011-10-27 14:56:02 ----D---- D:\WINDOWS\system32\drivers
2011-10-27 14:56:01 ----HD---- D:\WINDOWS\inf
2011-10-27 14:55:56 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2011-10-27 14:55:34 ----HD---- D:\Program Files\InstallShield Installation Information
2011-10-27 11:43:29 ----SD---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2011-10-23 02:48:55 ----SHD---- D:\System Volume Information
2011-10-23 02:11:55 ----D---- D:\WINDOWS\Registration
2011-10-16 00:12:50 ----D---- D:\WINDOWS\Logs
2011-10-15 04:20:27 ----D---- D:\WINDOWS\WinSxS
2011-10-15 04:20:23 ----D---- D:\WINDOWS\system32\DirectX
2011-10-15 04:18:51 ----RSD---- D:\WINDOWS\assembly
2011-10-11 20:41:50 ----D---- D:\Program Files\CCleaner
2011-09-16 12:00:03 ----D---- D:\WINDOWS\security
2011-09-16 10:53:11 ----RSHDC---- D:\WINDOWS\system32\dllcache
2011-09-16 10:52:03 ----DC---- D:\WINDOWS\system32\DRVSTORE
2011-09-10 21:59:59 ----D---- D:\WINDOWS\Microsoft.NET
2011-09-08 10:09:51 ----D---- D:\WINDOWS\system32\ReinstallBackups
2011-09-08 10:08:05 ----D---- D:\WINDOWS\system32\RTCOM
2011-09-07 19:36:06 ----D---- D:\Documents and Settings\Administrator\Application Data\IrfanView
2011-09-07 18:49:03 ----D---- D:\WINDOWS\repair
2011-09-06 21:06:03 ----D---- D:\WINDOWS\SoftwareDistribution
2011-09-03 14:05:19 ----D---- D:\WINDOWS\Minidump
2011-09-03 08:55:50 ----D---- D:\Program Files\Common Files\InstallShield
2011-08-15 15:47:14 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll
2011-08-13 14:31:49 ----D---- D:\WINDOWS\system32\Restore
2011-08-09 15:14:46 ----A---- D:\WINDOWS\RTHDCPL.EXE
2011-08-06 13:59:49 ----D---- D:\Program Files\Windows Media Player
2011-08-06 13:59:47 ----D---- D:\WINDOWS\Help
2011-08-06 13:58:50 ----D---- D:\WINDOWS\system32\CatRoot
2011-08-04 15:59:00 ----A---- D:\WINDOWS\RtlUpd.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mv61xxmm;mv61xxmm; D:\WINDOWS\system32\drivers\mv61xxmm.sys [2011-02-14 13616]
R0 mv64xxmm;mv64xxmm; D:\WINDOWS\system32\drivers\mv64xxmm.sys [2011-02-14 5632]
R0 mvxxmm;mvxxmm; D:\WINDOWS\system32\drivers\mvxxmm.sys [2011-02-14 13616]
R0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2011-07-31 431672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ATITool;ATITool Overclocking Utility; D:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 atitray;atitray; \??\D:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-09-07 138192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; D:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-07-31 218688]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; D:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-10-27 21035]
R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-09-07 66616]
R2 EAPPkt;Realtek EAPPkt Protocol; D:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-08-16 6427240]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2011-02-14 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; D:\WINDOWS\system32\DRIVERS\rtl8185.sys [2007-07-18 306688]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 BTHidEnum;Bluetooth HID Enumerator; D:\WINDOWS\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; D:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S3 Ambfilt;Ambfilt; D:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Atheros_btAudio;Bluetooth Virtual SCO Driver; D:\WINDOWS\system32\drivers\btathsco.sys []
S3 BlueletAudio;Bluetooth Audio Service; D:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; D:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; D:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btatha2dp;Bluetooth A2DP Audio Device Driver; D:\WINDOWS\system32\drivers\btatha2dp.sys []
S3 btathPan;Bluetooth PAN Miniport Device; D:\WINDOWS\system32\DRIVERS\btathpan.sys []
S3 BTATHPROT;General Bluetooth Filter; D:\WINDOWS\system32\DRIVERS\btathprot.sys []
S3 btathrcp;Bluetooth AVRCP Target Device; D:\WINDOWS\system32\DRIVERS\btathrcp.sys []
S3 btathspp;Bluetooth Serial Port Device; D:\WINDOWS\system32\DRIVERS\btathspp.sys []
S3 BTATHUSB;General Bluetooth Device; D:\WINDOWS\system32\DRIVERS\btathusb.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; D:\WINDOWS\System32\Drivers\btcusb.sys []
S3 btfilter;General Bluetooth Filter ss; D:\WINDOWS\system32\DRIVERS\btfilter.sys []
S3 BthEnum;Bluetooth Request Block Driver; D:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; D:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); D:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; D:\WINDOWS\System32\Drivers\BTHport.sys [2011-02-14 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; D:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleXNt;EagleXNt; \??\D:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 gHidPnp;USB Device Enhanced Function Driver; D:\WINDOWS\System32\Drivers\gHidPnp.Sys []
S3 gMouUsb;USB Mouse Device Drv; D:\WINDOWS\system32\DRIVERS\gMouUsb.sys []
S3 Monfilt;Monfilt; D:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); D:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); D:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-17 10221952]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; D:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; D:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-09-07 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2011-07-31 153376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S4 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
S4 BthServ;Bluetooth Support Service; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 02 lis 2011 11:01

Nic nebezpečného nevidím. Zkuste ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. předem nic nemažte. Problémy se zobrazením někdy způsobují hry, které dokáží samy měnit rozlišení obrazovky. Nemáte v PC něco přetaktováno?

Doobee · #5 Příspěvek od **Doobee** » 02 lis 2011 18:53

Zkoušel jsem taktovat grafickou kartu. Dostal jsem se na ( bohužel odborný posudek neznám ) docela optimální úroveň. Teď už jsem ale to taktování vrátil zpět. Neměl jsem to spíše nechat přetaktované, když jsem nezaznamenal žádnou chybu ani po delší době? Mimochodem ta hra o které jsem mluvil opravdu měnila rozlišení

#6 Příspěvek od **Rudy** » 02 lis 2011 18:59

Zřejmě je v té hře příčina. Na tohle tu ale nejsme odborníci. Více se dovíte na některém herním fóru.

Doobee · #7 Příspěvek od **Doobee** » 02 lis 2011 19:06

Nikdy dříve to ale nedělalo. Navíc teď projíždím PC s tím MBAM a už teď mám 7 nálezů a to ještě není konec

Doobee · #8 Příspěvek od **Doobee** » 02 lis 2011 19:16

Hotovo, log zde :

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8069

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.11.2011 19:15:03
mbam-log-2011-11-02 (19-15-00).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 203832
Uplynulý čas: 26 minut, 46 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\system volume information\_restore{052107d1-b49a-4125-934c-997ca8ca31c1}\RP175\A0078857.exe (Trojan.FakeAlert) -> No action taken.
c:\system volume information\_restore{767ec845-4102-42c3-b1a1-f77d6b7467e5}\RP26\A0013244.exe (Trojan.Agent.CK) -> No action taken.
c:\system volume information\_restore{767ec845-4102-42c3-b1a1-f77d6b7467e5}\RP46\A0024322.exe (RiskWare.Tool.CK) -> No action taken.
c:\system volume information\_restore{bde4b4ba-8bab-4303-90ff-117ba645acd3}\RP146\A0060022.exe (Trojan.FakeAlert) -> No action taken.
c:\system volume information\_restore{bde4b4ba-8bab-4303-90ff-117ba645acd3}\RP146\A0061013.exe (Trojan.FakeAlert) -> No action taken.
c:\system volume information\_restore{bde4b4ba-8bab-4303-90ff-117ba645acd3}\RP146\A0061048.exe (Trojan.FakeAlert) -> No action taken.
c:\system volume information\_restore{bde4b4ba-8bab-4303-90ff-117ba645acd3}\RP146\A0061072.exe (Trojan.FakeAlert) -> No action taken.

Nejraději bych to smazal hned ...

#9 Příspěvek od **Rudy** » 02 lis 2011 19:27

Smažte. Všechny viry jsou v záloze systému.

VIRY.CZ

Zvláštní věc - možná nákaza

Zvláštní věc - možná nákaza

Re: Zvláštní věc - možná nákaza

Re: Zvláštní věc - možná nákaza

Re: Zvláštní věc - možná nákaza

Re: Zvláštní věc - možná nákaza

Re: Zvláštní věc - možná nákaza

Re: Zvláštní věc - možná nákaza

Re: Zvláštní věc - možná nákaza

Re: Zvláštní věc - možná nákaza