BSOD, restart PC při spuštění a probuzení z režimu spánku

Zpráva

killick · #1 Příspěvek od **killick** » 16 led 2012 17:02

Přeji dobrý den,

už několik týdnů se trápím s modrou smrtí. Přeinstaloval jsem kompletně celý systém, ale BSOD né a né se zbavit. Níže uvádím log. Pokud budete mít jakékoliv nápady, budu jen rád. Předem děkuji za reakce.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:53:32, on 16.1.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Razer\Lachesis\OSD.exe
C:\Program Files (x86)\Razer\Lachesis\razertra.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
D:\files\Skype\Phone\Skype.exe
C:\Users\kiwi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\kiwi\AppData\Local\Google\Chrome\Application\chrome.exe
D:\files\Altap Salamander 2.5\salamand.exe
D:\files\DreamCom\DreamCom.exe
C:\Users\kiwi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kiwi\AppData\Local\Google\Chrome\Application\chrome.exe
D:\files\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\kiwi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2745662368-3488981636-2238734526-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\files\Spyware Terminator\sp_rsser.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10512 bytes

#2 Příspěvek od **Rudy** » 16 led 2012 17:22

Zdravím!
Zkuste otestovat RAM pomocí Memtestu: http://www.viry.cz/forum/viewtopic.php?f=53&t=106788 .

killick · #3 Příspěvek od **killick** » 16 led 2012 19:24

Také zdravím.

otestoval jsem RAM pomocí Memtestu 2x a nic

Žádná chyba se nevyskytla.

#4 Příspěvek od **Rudy** » 16 led 2012 19:56

Stáhněte, nainstalujte a spusťte CrystalDiskInfo: http://www.stahuj.centrum.cz/utility_a_ ... ldiskinfo/ a přes Úpravy>kopírovat sem dejte log.

killick · #5 Příspěvek od **killick** » 16 led 2012 20:17

Takže tady je výsledek:

----------------------------------------------------------------------------
CrystalDiskInfo 4.1.3 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows Vista Home Premium Edition SP2 [6.0 Build 6002] (x64)
Date : 2012/01/16 20:17:15

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- Kanál IDE (0)
+ Kanál IDE (1)
- ST3320620AS ATA Device
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ Kanál IDE (0)
- HL-DT-ST DVD-RAM GH22NP20 ATA Device
- HL-DT-ST DVDRAM GSA-H44N ATA Device
+ Kanál IDE (1)
- ST2000VM002-9UY166 ATA Device
- Iniciátor iSCSI společnosti Microsoft [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST3320620AS : 320.0 GB [0-1-0, pd1]
(2) ST2000VM002-9UY166 : 2000.3 GB [1-3-0, pd1]

----------------------------------------------------------------------------
(1) ST3320620AS
----------------------------------------------------------------------------
Model : ST3320620AS
Firmware : 3.AAK
Serial Number : 6QF0V5BZ
Disk Size : 320.0 GB (8.4/137.4/320.0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/150
Power On Hours : 17784 hod.
Power On Count : 2013 krát
Temparature : 32 C (89 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 116 _95 __6 000006FB72C3 Počet chyb čtení
03 _97 _95 __0 000000000000 Čas na roztočení ploten
04 _98 _98 _20 000000000848 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _69 _44 _30 00582AEB7FB1 Počet chybných hledání
09 _80 _80 __0 000000004578 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _99 _20 0000000007DD Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _68 _52 _45 000023180020 Teplota toku vzduchu
C2 _32 _48 __0 001100000020 Teplota
C3 _67 _60 __0 0000003DE82F Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 00000000000C Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 36 51 46 30 56 35 42 5A 00 00 80 00 00 04 33 2E
030: 41 41 4B 20 20 20 53 54 33 33 32 30 36 32 30 41
040: 53 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 05 02 00 00 00 48 00 40
0A0: 00 FE 00 00 34 6B 7D 01 40 23 34 69 3C 01 40 23
0B0: 40 7F 00 00 00 00 FE FE FF FE 00 00 FE 00 00 00
0C0: 00 00 00 00 00 00 00 00 EA B0 25 42 00 00 00 00
0D0: 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 02
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 EA B0 25 42 EA B0 25 42 20 20 00 02 02 B6
110: 00 02 00 8A 3C 06 3C 0A 00 00 07 C6 01 00 08 00
120: 13 14 30 00 00 02 00 80 00 00 00 00 00 A0 02 02
130: 00 00 04 04 00 00 00 00 00 00 00 00 12 00 00 0B
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DF A5

----------------------------------------------------------------------------
(2) ST2000VM002-9UY166
----------------------------------------------------------------------------
Model : ST2000VM002-9UY166
Firmware : SC01
Serial Number : 5YD2RH8Q
Disk Size : 2000.3 GB (8.4/137.4/2000.3)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 3907029168
Rotation Rate : 5900 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/300
Power On Hours : 2219 hod.
Power On Count : 420 krát
Temparature : 28 C (82 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : C0C0h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 111 _99 __6 00000222EA50 Počet chyb čtení
03 _92 _92 __0 000000000000 Čas na roztočení ploten
04 100 100 _20 000000000205 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _72 _60 _30 000000F10173 Počet chybných hledání
09 _98 _98 __0 0000000008AB Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 _20 0000000001A4 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BD _86 _86 __0 00000000000E Vysoká rychlost zápisu
BE _72 _61 _45 00001D16001C Teplota toku vzduchu
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000018 Počet vypnutí disku
C1 100 100 __0 000000000205 Počet cyklů načítání/vymazání
C2 _28 _40 __0 00130000001C Teplota
C3 _36 _28 __0 00000222EA50 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 35 59 44 32 52 48 38 51 00 00 00 00 00 04 53 43
030: 30 31 20 20 20 20 53 54 32 30 30 30 56 4D 30 30
040: 32 2D 39 55 59 31 36 36 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 40 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 85 06 00 04 00 48 00 40
0A0: 01 F0 00 29 34 6B 7D 69 41 33 34 69 BC 49 41 33
0B0: 40 7F 00 A5 00 A5 C0 C0 FF FE 00 00 80 00 10 00
0C0: 00 00 00 00 27 10 00 00 88 B0 E8 E0 00 00 00 00
0D0: 00 00 00 00 60 03 00 00 50 00 C5 00 37 DC 2C 92
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1E
0F0: 40 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 88 B0 E8 E0 88 B0 E8 E0 20 20 00 02 01 40
110: 01 00 50 00 3C 06 3C 0A 00 00 00 3C 00 00 00 08
120: 00 00 00 00 00 7F 02 80 00 00 00 00 00 08 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 4F 00 88 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 10 B3 00 00
1A0: 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 17 0C 00 00 00 00 00 00 00 00 10 20 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A5 A5

killick · #6 Příspěvek od **killick** » 19 led 2012 19:27

Jsou tedy diska v pořádku? Nějaké další nápady prosím?

#7 Příspěvek od **Rudy** » 19 led 2012 20:32

Disky jsou rovněž OK. Na zkoušku bych ještě zkusil vyměnit napájecí zdroj.

killick · #8 Příspěvek od **killick** » 20 led 2012 16:48

Rudy píše:Disky jsou rovněž OK. Na zkoušku bych ještě zkusil vyměnit napájecí zdroj.

No zdroj mám právě nový, cca půl roku...

#9 Příspěvek od **Rudy** » 20 led 2012 18:04

OK. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

killick · #10 Příspěvek od **killick** » 20 led 2012 22:59

ComboFix 12-01-19.02 - kiwi 20.01.2012 22:34:05.1.3 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4093.2504 [GMT 1:00]
Spuštěný z: d:\stahovßný\_Google chrome\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kiwi\en_res.dll
c:\users\kiwi\es_res.dll
c:\users\kiwi\fr_res.dll
c:\users\kiwi\grm_res.dll
c:\users\kiwi\it_res.dll
c:\users\kiwi\jp_res.dll
c:\users\kiwi\mfc80u.dll
c:\users\kiwi\msvcr80.dll
c:\users\kiwi\PCPE Setup.exe
c:\users\kiwi\pt_res.dll
c:\users\kiwi\ResourceReader.dll
c:\users\kiwi\ru_res.dll
c:\windows\msxml4-KB973685-enu.LOG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-20 do 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 10:56 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0806128-9059-4EB0-993B-E7E999ACD70C}\mpengine.dll
2012-01-19 19:24 . 2012-01-19 19:25 -------- d-----w- c:\users\kiwi\AppData\Roaming\Mikogo
2012-01-10 18:12 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-10 18:12 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 21:55 . 2012-01-07 21:55 -------- d-----w- c:\users\kiwi\AppData\Roaming\mojosoft
2012-01-07 21:33 . 2012-01-07 23:33 -------- d-----w- c:\users\kiwi\AppData\Roaming\ICQ
2012-01-03 00:17 . 2012-01-03 00:17 -------- d-----w- c:\users\kiwi\AppData\Roaming\HateML
2012-01-02 10:47 . 2003-07-15 06:30 21941 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS
2012-01-02 10:47 . 2003-07-15 06:30 18690 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS
2012-01-02 10:47 . 2003-07-15 06:30 14396 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS
2012-01-02 10:47 . 2003-07-15 06:30 11729 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS
2012-01-02 10:47 . 2003-07-15 06:30 18219 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS
2012-01-02 10:47 . 2003-07-15 06:30 15020 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS
2012-01-02 10:47 . 2003-07-15 06:30 13773 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS
2012-01-02 10:47 . 2003-07-15 06:30 11988 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS
2012-01-01 23:06 . 2003-11-13 11:13 118784 ----a-w- c:\windows\SysWow64\XMUpload.dll
2012-01-01 23:06 . 2003-10-17 13:03 126976 ----a-w- c:\windows\SysWow64\TemplMan.dll
2012-01-01 23:06 . 2003-10-14 14:49 253952 ----a-w- c:\windows\SysWow64\TemplOp.dll
2012-01-01 23:06 . 2003-10-06 13:45 23552 ----a-w- c:\windows\SysWow64\XFontMan.dll
2012-01-01 23:06 . 2003-10-01 13:49 131072 ----a-w- c:\windows\SysWow64\BmpImporter.dll
2012-01-01 23:06 . 2003-05-19 15:18 86016 ----a-w- c:\windows\SysWow64\BinCoder.dll
2012-01-01 22:22 . 2012-01-01 22:52 -------- d-----w- C:\WSTemplates
2012-01-01 22:08 . 2003-10-02 16:09 180224 ----a-w- c:\windows\SysWow64\xwsindex.exe
2012-01-01 22:07 . 2000-05-21 22:00 115920 ----a-w- c:\windows\SysWow64\MSINET.OCX
2012-01-01 22:03 . 2012-01-01 22:03 -------- d-----w- c:\users\kiwi\AppData\Roaming\MAGIX
2012-01-01 22:03 . 2012-01-01 22:03 -------- d-----w- c:\programdata\MAGIX
2012-01-01 22:01 . 2012-01-01 22:02 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-01 21:53 . 2002-01-10 02:01 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll
2012-01-01 20:36 . 2012-01-19 18:25 -------- d-----w- c:\users\kiwi\AppData\Roaming\FileZilla
2012-01-01 20:25 . 2012-01-01 20:25 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-12-29 21:40 . 2011-12-29 21:43 -------- d-----w- c:\users\kiwi\AppData\Local\Trapped Dead
2011-12-29 21:40 . 2011-12-29 21:40 -------- d-----w- c:\users\kiwi\AppData\Local\CrashRpt
2011-12-27 12:44 . 2011-12-27 12:44 -------- d-----w- c:\users\kiwi\AppData\Roaming\XnView
2011-12-26 18:08 . 2011-12-26 18:08 -------- d-----w- c:\program files\ESET
2011-12-26 08:50 . 2011-12-26 09:19 -------- d-----w- c:\users\kiwi\AppData\Roaming\Photodex
2011-12-26 08:49 . 2011-12-26 08:49 -------- d-----w- c:\users\kiwi\AppData\Roaming\DVD Flick
2011-12-22 09:27 . 2011-12-22 09:27 -------- d-----w- c:\program files (x86)\ProtectDisc Driver Installer
2011-12-22 09:27 . 2011-12-22 09:27 -------- d-----w- c:\users\kiwi\AppData\Roaming\ProtectDISC
2011-12-22 08:58 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-12-22 08:58 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-12-22 08:58 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-12-22 08:58 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-12-22 08:58 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-12-22 08:58 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 21:42 . 2011-12-09 23:53 78848 ----a-w- c:\windows\KMSEmulator.exe
2011-12-14 20:22 . 2011-12-14 20:22 8398848 ----a-w- c:\users\kiwi\PCPE_3.0.1.msi
2011-12-14 19:46 . 2011-12-14 19:46 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-12-12 19:47 . 2011-12-12 19:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 14:56 . 2011-12-10 14:56 2786920 ----a-w- c:\windows\system32\auto_reactivate.exe
2011-12-10 11:49 . 2011-12-10 11:49 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-10 11:48 . 2011-12-10 11:21 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-12-10 11:48 . 2011-12-10 11:48 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-10 11:48 . 2011-12-10 11:21 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-10 08:46 . 2011-12-10 08:46 1284192 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-12-10 08:46 . 2011-12-10 08:46 210528 ----a-w- c:\windows\system32\drivers\vididr.sys
2011-12-10 08:46 . 2011-12-10 08:46 142944 ----a-w- c:\windows\system32\drivers\vsflt58.sys
2011-12-10 08:46 . 2011-12-10 08:46 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-12-10 08:19 . 2011-12-10 08:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-10 08:19 . 2011-12-10 08:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-10 08:19 . 2011-12-10 08:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-10 08:19 . 2011-12-10 08:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-10 08:19 . 2011-12-10 08:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-10 08:19 . 2011-12-10 08:19 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-10 08:19 . 2011-12-10 08:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-10 08:19 . 2011-12-10 08:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-10 08:19 . 2011-12-10 08:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-10 08:19 . 2011-12-10 08:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-10 08:19 . 2011-12-10 08:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-10 08:19 . 2011-12-10 08:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-10 08:19 . 2011-12-10 08:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-10 08:19 . 2011-12-10 08:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-10 08:19 . 2011-12-10 08:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-10 08:19 . 2011-12-10 08:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-10 08:19 . 2011-12-10 08:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-10 08:19 . 2011-12-10 08:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-10 08:19 . 2011-12-10 08:19 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-10 08:19 . 2011-12-10 08:19 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-10 08:19 . 2011-12-10 08:19 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-10 08:19 . 2011-12-10 08:19 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-10 08:19 . 2011-12-10 08:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-10 08:19 . 2011-12-10 08:19 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-10 08:19 . 2011-12-10 08:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-10 08:19 . 2011-12-10 08:19 448512 ----a-w- c:\windows\system32\html.iec
2011-12-10 08:19 . 2011-12-10 08:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-10 08:19 . 2011-12-10 08:19 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-10 08:19 . 2011-12-10 08:19 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-10 08:19 . 2011-12-10 08:19 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-10 08:19 . 2011-12-10 08:19 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-10 08:19 . 2011-12-10 08:19 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-10 08:19 . 2011-12-10 08:19 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 08:19 . 2011-12-10 08:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-10 08:18 . 2011-12-10 08:18 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-12-10 08:18 . 2011-12-10 08:18 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-12-10 08:18 . 2011-12-10 08:18 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-12-10 08:18 . 2011-12-10 08:18 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-12-10 08:18 . 2011-12-10 08:18 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-12-10 08:18 . 2011-12-10 08:18 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-12-10 08:18 . 2011-12-10 08:18 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-12-10 08:18 . 2011-12-10 08:18 3548672 ----a-w- c:\windows\system32\mf.dll
2011-12-10 08:18 . 2011-12-10 08:18 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-12-10 08:18 . 2011-12-10 08:18 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-12-10 08:18 . 2011-12-10 08:18 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-12-10 08:18 . 2011-12-10 08:18 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-12-10 08:18 . 2011-12-10 08:18 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-12-10 08:18 . 2011-12-10 08:18 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-12-10 08:18 . 2011-12-10 08:18 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-12-10 08:18 . 2011-12-10 08:18 195072 ----a-w- c:\windows\system32\mfps.dll
2011-12-10 08:18 . 2011-12-10 08:18 748544 ----a-w- c:\windows\system32\stobject.dll
2011-12-10 08:18 . 2011-12-10 08:18 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-12-10 08:18 . 2011-12-10 08:18 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-10 08:18 . 2011-12-10 08:18 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-12-10 08:18 . 2011-12-10 08:18 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-12-10 08:18 . 2011-12-10 08:18 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-12-10 08:18 . 2011-12-10 08:18 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-12-10 08:18 . 2011-12-10 08:18 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-12-10 08:18 . 2011-12-10 08:18 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-12-10 08:18 . 2011-12-10 08:18 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-12-10 08:18 . 2011-12-10 08:18 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-10 08:18 . 2011-12-10 08:18 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-12-10 08:18 . 2011-12-10 08:18 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-12-10 08:18 . 2011-12-10 08:18 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-12-10 08:18 . 2011-12-10 08:18 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-12-10 08:18 . 2011-12-10 08:18 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-12-10 08:18 . 2011-12-10 08:18 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-10 08:18 . 2011-12-10 08:18 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-12-10 08:18 . 2011-12-10 08:18 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-12-10 08:18 . 2011-12-10 08:18 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-12-10 08:18 . 2011-12-10 08:18 47104 ----a-w- c:\windows\system32\cdd.dll
2011-12-10 08:18 . 2011-12-10 08:18 366592 ----a-w- c:\windows\system32\winspool.drv
2011-12-10 08:18 . 2011-12-10 08:18 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-12-10 08:18 . 2011-12-10 08:18 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-12-10 08:18 . 2011-12-10 08:18 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-12-10 08:18 . 2011-12-10 08:18 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-12-10 08:18 . 2011-12-10 08:18 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-12-10 08:18 . 2011-12-10 08:18 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-12-10 08:18 . 2011-12-10 08:18 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-12-10 08:17 . 2011-12-10 08:17 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2011-12-10 08:17 . 2011-12-10 08:17 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2011-12-10 08:17 . 2011-12-10 08:17 328192 ----a-w- c:\windows\system32\dxdiag.exe
2011-12-10 08:17 . 2011-12-10 08:17 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2011-12-10 08:17 . 2011-12-10 08:17 252928 ----a-w- c:\windows\SysWow64\dxdiag.exe
2011-12-10 08:17 . 2011-12-10 08:17 195584 ----a-w- c:\windows\SysWow64\dxdiagn.dll
2011-12-10 08:17 . 2011-12-10 08:17 792576 ----a-w- c:\windows\system32\d3d11.dll
2011-12-10 08:17 . 2011-12-10 08:17 519680 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Mikogo"="c:\users\kiwi\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2012-01-19 5420408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-06-25 2441840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"P17RunE"="P17RunE.dll" [2007-04-09 14848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{A0D06768-22A7-11E1-B1F5-806E6F6E6963}\bootwiz\asrm.bin
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-20 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-12-09 23:54]
.
2012-01-20 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-12-09 23:54]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745662368-3488981636-2238734526-1000Core.job
- c:\users\kiwi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 21:28]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745662368-3488981636-2238734526-1000UA.job
- c:\users\kiwi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 21:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files\ESET\ESET Smart Security\x86\ekrn.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\files\Spyware Terminator\sp_rsser.exe
c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Razer\Lachesis\OSD.exe
c:\program files (x86)\Razer\Lachesis\razertra.exe
c:\program files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Razer\Lachesis\razerofa.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2012-01-20 22:48:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-20 21:48
.
Před spuštěním: Volných bajtů: 220 598 616 064
Po spuštění: Volných bajtů: 234 983 858 176
.
- - End Of File - - 9E4948F6C58B3CD507B4344D931432A8

#11 Příspěvek od **Rudy** » 20 led 2012 23:23

Jelikož toto fórum neřeší problematiku crarcklého softu, odinstalujte cracklé Ofice.

killick · #12 Příspěvek od **killick** » 23 led 2012 17:59

Odinstaloval jsem Office a zde přikládám log:

ComboFix 12-01-23.02 - kiwi 23.01.2012 17:37:30.3.3 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4093.2417 [GMT 1:00]
Spuštěný z: d:\stahování\_Google chrome\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-23 do 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 16:43 . 2012-01-23 16:45 -------- d-----w- c:\users\kiwi\AppData\Local\temp
2012-01-23 16:43 . 2012-01-23 16:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-23 16:43 . 2012-01-23 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-22 09:09 . 2012-01-22 09:09 -------- d-----w- c:\users\kiwi\AppData\Roaming\KeepersOfDryandra
2012-01-22 08:43 . 2012-01-22 08:43 -------- d-----w- c:\programdata\Totem Quest
2012-01-21 21:00 . 2012-01-21 21:48 -------- d-----w- c:\users\kiwi\AppData\Roaming\Righteous Kill
2012-01-21 19:41 . 2012-01-21 19:41 -------- d-----w- c:\users\kiwi\AppData\Local\Futuremark
2012-01-20 22:07 . 2012-01-20 22:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0806128-9059-4EB0-993B-E7E999ACD70C}\offreg.dll
2012-01-20 10:56 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0806128-9059-4EB0-993B-E7E999ACD70C}\mpengine.dll
2012-01-19 19:24 . 2012-01-19 19:25 -------- d-----w- c:\users\kiwi\AppData\Roaming\Mikogo
2012-01-10 18:12 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-10 18:12 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 21:55 . 2012-01-07 21:55 -------- d-----w- c:\users\kiwi\AppData\Roaming\mojosoft
2012-01-07 21:33 . 2012-01-07 23:33 -------- d-----w- c:\users\kiwi\AppData\Roaming\ICQ
2012-01-03 00:17 . 2012-01-03 00:17 -------- d-----w- c:\users\kiwi\AppData\Roaming\HateML
2012-01-01 23:06 . 2003-11-13 11:13 118784 ----a-w- c:\windows\SysWow64\XMUpload.dll
2012-01-01 23:06 . 2003-10-17 13:03 126976 ----a-w- c:\windows\SysWow64\TemplMan.dll
2012-01-01 23:06 . 2003-10-14 14:49 253952 ----a-w- c:\windows\SysWow64\TemplOp.dll
2012-01-01 23:06 . 2003-10-06 13:45 23552 ----a-w- c:\windows\SysWow64\XFontMan.dll
2012-01-01 23:06 . 2003-10-01 13:49 131072 ----a-w- c:\windows\SysWow64\BmpImporter.dll
2012-01-01 23:06 . 2003-05-19 15:18 86016 ----a-w- c:\windows\SysWow64\BinCoder.dll
2012-01-01 22:22 . 2012-01-01 22:52 -------- d-----w- C:\WSTemplates
2012-01-01 22:08 . 2003-10-02 16:09 180224 ----a-w- c:\windows\SysWow64\xwsindex.exe
2012-01-01 22:07 . 2000-05-21 22:00 115920 ----a-w- c:\windows\SysWow64\MSINET.OCX
2012-01-01 22:03 . 2012-01-01 22:03 -------- d-----w- c:\users\kiwi\AppData\Roaming\MAGIX
2012-01-01 22:03 . 2012-01-01 22:03 -------- d-----w- c:\programdata\MAGIX
2012-01-01 22:01 . 2012-01-01 22:02 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-01 21:53 . 2002-01-10 02:01 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll
2012-01-01 20:36 . 2012-01-19 18:25 -------- d-----w- c:\users\kiwi\AppData\Roaming\FileZilla
2011-12-29 21:40 . 2011-12-29 21:43 -------- d-----w- c:\users\kiwi\AppData\Local\Trapped Dead
2011-12-29 21:40 . 2011-12-29 21:40 -------- d-----w- c:\users\kiwi\AppData\Local\CrashRpt
2011-12-27 12:44 . 2011-12-27 12:44 -------- d-----w- c:\users\kiwi\AppData\Roaming\XnView
2011-12-26 18:08 . 2011-12-26 18:08 -------- d-----w- c:\program files\ESET
2011-12-26 08:50 . 2011-12-26 09:19 -------- d-----w- c:\users\kiwi\AppData\Roaming\Photodex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 15:46 . 2011-12-09 23:53 78848 ----a-w- c:\windows\KMSEmulator.exe
2011-12-14 20:22 . 2011-12-14 20:22 8398848 ----a-w- c:\users\kiwi\PCPE_3.0.1.msi
2011-12-14 19:46 . 2011-12-14 19:46 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-12-12 19:47 . 2011-12-12 19:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 14:56 . 2011-12-10 14:56 2786920 ----a-w- c:\windows\system32\auto_reactivate.exe
2011-12-10 11:49 . 2011-12-10 11:49 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-10 11:48 . 2011-12-10 11:21 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-12-10 11:48 . 2011-12-10 11:48 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-10 11:48 . 2011-12-10 11:21 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-10 08:46 . 2011-12-10 08:46 1284192 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-12-10 08:46 . 2011-12-10 08:46 210528 ----a-w- c:\windows\system32\drivers\vididr.sys
2011-12-10 08:46 . 2011-12-10 08:46 142944 ----a-w- c:\windows\system32\drivers\vsflt58.sys
2011-12-10 08:46 . 2011-12-10 08:46 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-12-10 08:19 . 2011-12-10 08:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-10 08:19 . 2011-12-10 08:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-10 08:19 . 2011-12-10 08:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-10 08:19 . 2011-12-10 08:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-10 08:19 . 2011-12-10 08:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-10 08:19 . 2011-12-10 08:19 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-10 08:19 . 2011-12-10 08:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-10 08:19 . 2011-12-10 08:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-10 08:19 . 2011-12-10 08:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-10 08:19 . 2011-12-10 08:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-10 08:19 . 2011-12-10 08:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-10 08:19 . 2011-12-10 08:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-10 08:19 . 2011-12-10 08:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-10 08:19 . 2011-12-10 08:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-10 08:19 . 2011-12-10 08:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-10 08:19 . 2011-12-10 08:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-10 08:19 . 2011-12-10 08:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-10 08:19 . 2011-12-10 08:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-10 08:19 . 2011-12-10 08:19 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-10 08:19 . 2011-12-10 08:19 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-10 08:19 . 2011-12-10 08:19 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-10 08:19 . 2011-12-10 08:19 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-10 08:19 . 2011-12-10 08:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-10 08:19 . 2011-12-10 08:19 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-10 08:19 . 2011-12-10 08:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-10 08:19 . 2011-12-10 08:19 448512 ----a-w- c:\windows\system32\html.iec
2011-12-10 08:19 . 2011-12-10 08:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-10 08:19 . 2011-12-10 08:19 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-10 08:19 . 2011-12-10 08:19 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-10 08:19 . 2011-12-10 08:19 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-10 08:19 . 2011-12-10 08:19 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-10 08:19 . 2011-12-10 08:19 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-10 08:19 . 2011-12-10 08:19 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 08:19 . 2011-12-10 08:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-10 08:18 . 2011-12-10 08:18 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-12-10 08:18 . 2011-12-10 08:18 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-12-10 08:18 . 2011-12-10 08:18 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-12-10 08:18 . 2011-12-10 08:18 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-12-10 08:18 . 2011-12-10 08:18 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-12-10 08:18 . 2011-12-10 08:18 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-12-10 08:18 . 2011-12-10 08:18 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-12-10 08:18 . 2011-12-10 08:18 3548672 ----a-w- c:\windows\system32\mf.dll
2011-12-10 08:18 . 2011-12-10 08:18 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-12-10 08:18 . 2011-12-10 08:18 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-12-10 08:18 . 2011-12-10 08:18 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-12-10 08:18 . 2011-12-10 08:18 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-12-10 08:18 . 2011-12-10 08:18 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-12-10 08:18 . 2011-12-10 08:18 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-12-10 08:18 . 2011-12-10 08:18 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-12-10 08:18 . 2011-12-10 08:18 195072 ----a-w- c:\windows\system32\mfps.dll
2011-12-10 08:18 . 2011-12-10 08:18 748544 ----a-w- c:\windows\system32\stobject.dll
2011-12-10 08:18 . 2011-12-10 08:18 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-12-10 08:18 . 2011-12-10 08:18 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-10 08:18 . 2011-12-10 08:18 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-12-10 08:18 . 2011-12-10 08:18 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-12-10 08:18 . 2011-12-10 08:18 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-12-10 08:18 . 2011-12-10 08:18 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-12-10 08:18 . 2011-12-10 08:18 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-12-10 08:18 . 2011-12-10 08:18 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-12-10 08:18 . 2011-12-10 08:18 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-12-10 08:18 . 2011-12-10 08:18 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-10 08:18 . 2011-12-10 08:18 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-12-10 08:18 . 2011-12-10 08:18 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-12-10 08:18 . 2011-12-10 08:18 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-12-10 08:18 . 2011-12-10 08:18 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-12-10 08:18 . 2011-12-10 08:18 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-12-10 08:18 . 2011-12-10 08:18 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-10 08:18 . 2011-12-10 08:18 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-12-10 08:18 . 2011-12-10 08:18 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-12-10 08:18 . 2011-12-10 08:18 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-12-10 08:18 . 2011-12-10 08:18 47104 ----a-w- c:\windows\system32\cdd.dll
2011-12-10 08:18 . 2011-12-10 08:18 366592 ----a-w- c:\windows\system32\winspool.drv
2011-12-10 08:18 . 2011-12-10 08:18 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-12-10 08:18 . 2011-12-10 08:18 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-12-10 08:18 . 2011-12-10 08:18 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-12-10 08:18 . 2011-12-10 08:18 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-12-10 08:18 . 2011-12-10 08:18 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-12-10 08:18 . 2011-12-10 08:18 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-12-10 08:18 . 2011-12-10 08:18 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-12-10 08:17 . 2011-12-10 08:17 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2011-12-10 08:17 . 2011-12-10 08:17 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2011-12-10 08:17 . 2011-12-10 08:17 328192 ----a-w- c:\windows\system32\dxdiag.exe
2011-12-10 08:17 . 2011-12-10 08:17 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2011-12-10 08:17 . 2011-12-10 08:17 252928 ----a-w- c:\windows\SysWow64\dxdiag.exe
2011-12-10 08:17 . 2011-12-10 08:17 195584 ----a-w- c:\windows\SysWow64\dxdiagn.dll
2011-12-10 08:17 . 2011-12-10 08:17 792576 ----a-w- c:\windows\system32\d3d11.dll
2011-12-10 08:17 . 2011-12-10 08:17 519680 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_21.43.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-09 22:32 . 2012-01-20 21:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 22:32 . 2012-01-23 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 22:32 . 2012-01-20 21:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-09 22:32 . 2012-01-23 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-09 22:32 . 2012-01-23 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-09 22:32 . 2012-01-20 21:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 22:40 . 2012-01-23 16:46 55034 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-23 16:46 62042 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-09 21:01 . 2012-01-23 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 21:01 . 2012-01-20 21:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 21:01 . 2012-01-20 21:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-09 21:01 . 2012-01-23 15:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-09 21:01 . 2012-01-23 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-09 21:01 . 2012-01-20 21:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 21:03 . 2012-01-23 16:46 9652 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2745662368-3488981636-2238734526-1000_UserData.bin
+ 2012-01-23 16:44 . 2012-01-23 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-20 21:42 . 2012-01-20 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-20 21:42 . 2012-01-20 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-23 16:44 . 2012-01-23 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-11 09:06 . 2012-01-22 08:27 317378 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2012-01-23 16:19 595798 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-01-20 21:29 595798 c:\windows\system32\perfh009.dat
- 2007-01-08 22:10 . 2012-01-20 21:29 607232 c:\windows\system32\perfh005.dat
+ 2007-01-08 22:10 . 2012-01-23 16:19 607232 c:\windows\system32\perfh005.dat
- 2006-11-02 12:46 . 2012-01-20 21:29 103872 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-01-23 16:19 103872 c:\windows\system32\perfc009.dat
- 2007-01-08 22:10 . 2012-01-20 21:29 117912 c:\windows\system32\perfc005.dat
+ 2007-01-08 22:10 . 2012-01-23 16:19 117912 c:\windows\system32\perfc005.dat
+ 2006-11-02 15:21 . 2012-01-23 16:12 411944 c:\windows\system32\FNTCACHE.DAT
- 2011-12-22 16:46 . 2012-01-20 21:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-22 16:46 . 2012-01-23 15:46 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-10 10:59 . 2012-01-23 16:43 384228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-23 16:27 . 2012-01-23 16:27 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\edec5402d5424967ba20de137835ed2a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-12-10 10:59 . 2012-01-23 16:43 5822284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2745662368-3488981636-2238734526-1000-8192.dat
+ 2011-12-10 10:59 . 2012-01-23 16:09 8734524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2745662368-3488981636-2238734526-1000-4096.dat
+ 2012-01-23 16:27 . 2012-01-23 16:27 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\596251e8604d886f1edfcd2671a2f371\Microsoft.VisualBasic.Compatibility.ni.dll
- 2006-11-02 12:33 . 2012-01-12 16:55 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:33 . 2012-01-23 16:11 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Mikogo"="c:\users\kiwi\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2012-01-19 5420408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-06-25 2441840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"P17RunE"="P17RunE.dll" [2007-04-09 14848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{A0D06768-22A7-11E1-B1F5-806E6F6E6963}\bootwiz\asrm.bin
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-23 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-12-09 23:54]
.
2012-01-23 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-12-09 23:54]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745662368-3488981636-2238734526-1000Core.job
- c:\users\kiwi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 21:28]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745662368-3488981636-2238734526-1000UA.job
- c:\users\kiwi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 21:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\EverestDriver]
"ImagePath"="\??\d:\files\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files\ESET\ESET Smart Security\x86\ekrn.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\files\Spyware Terminator\sp_rsser.exe
c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Razer\Lachesis\OSD.exe
c:\program files (x86)\Razer\Lachesis\razertra.exe
c:\program files (x86)\Razer\Lachesis\razerofa.exe
c:\program files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2012-01-23 17:50:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-23 16:50
ComboFix2.txt 2012-01-20 21:48
.
Před spuštěním: Volných bajtů: 235 227 688 960
Po spuštění: Volných bajtů: 238 268 514 304
.
- - End Of File - - D0C25B9C98545B7C7E8CA69FBE6972DF

#13 Příspěvek od **Rudy** » 23 led 2012 18:25

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\KMSEmulator.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\AutoKMS\AutoKMS.exe
c:\windows\Tasks\AutoKMSDaily.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745662368-3488981636-2238734526-1000Core.job
c:\users\kiwi\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745662368-3488981636-2238734526-1000UA.job

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

killick · #14 Příspěvek od **killick** » 23 led 2012 19:18

Provedeno, přikládám log:

ComboFix 12-01-23.02 - kiwi 23.01.2012 18:53:19.4.3 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4093.2322 [GMT 1:00]
Spuštěný z: c:\users\kiwi\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\kiwi\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kiwi\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\AutoKMS\AutoKMS.exe
c:\windows\KMSEmulator.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\AutoKMSDaily.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745662368-3488981636-2238734526-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2745662368-3488981636-2238734526-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-23 do 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 18:00 . 2012-01-23 18:07 -------- d-----w- c:\users\kiwi\AppData\Local\temp
2012-01-23 18:00 . 2012-01-23 18:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-23 18:00 . 2012-01-23 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-23 17:18 . 2012-01-23 17:18 -------- d-----w- c:\users\kiwi\AppData\Roaming\Jurecek Radek
2012-01-22 09:09 . 2012-01-22 09:09 -------- d-----w- c:\users\kiwi\AppData\Roaming\KeepersOfDryandra
2012-01-22 08:43 . 2012-01-22 08:43 -------- d-----w- c:\programdata\Totem Quest
2012-01-21 21:00 . 2012-01-21 21:48 -------- d-----w- c:\users\kiwi\AppData\Roaming\Righteous Kill
2012-01-21 19:41 . 2012-01-21 19:41 -------- d-----w- c:\users\kiwi\AppData\Local\Futuremark
2012-01-20 22:07 . 2012-01-20 22:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0806128-9059-4EB0-993B-E7E999ACD70C}\offreg.dll
2012-01-20 10:56 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0806128-9059-4EB0-993B-E7E999ACD70C}\mpengine.dll
2012-01-19 19:24 . 2012-01-19 19:25 -------- d-----w- c:\users\kiwi\AppData\Roaming\Mikogo
2012-01-10 18:12 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-10 18:12 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 21:55 . 2012-01-07 21:55 -------- d-----w- c:\users\kiwi\AppData\Roaming\mojosoft
2012-01-07 21:33 . 2012-01-07 23:33 -------- d-----w- c:\users\kiwi\AppData\Roaming\ICQ
2012-01-03 00:17 . 2012-01-03 00:17 -------- d-----w- c:\users\kiwi\AppData\Roaming\HateML
2012-01-02 10:47 . 2003-07-15 06:30 21941 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS
2012-01-02 10:47 . 2003-07-15 06:30 18690 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS
2012-01-02 10:47 . 2003-07-15 06:30 14396 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS
2012-01-02 10:47 . 2003-07-15 06:30 11729 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS
2012-01-02 10:47 . 2003-07-15 06:30 18219 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS
2012-01-02 10:47 . 2003-07-15 06:30 15020 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS
2012-01-02 10:47 . 2003-07-15 06:30 13773 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS
2012-01-02 10:47 . 2003-07-15 06:30 11988 ----a-w- c:\users\kiwi\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS
2012-01-02 00:10 . 2012-01-02 00:10 -------- d-----w- c:\program files (x86)\Xara
2012-01-01 22:22 . 2012-01-01 22:52 -------- d-----w- C:\WSTemplates
2012-01-01 22:08 . 2012-01-23 17:47 -------- d-----w- c:\users\kiwi\AppData\Roaming\Xara
2012-01-01 22:08 . 2003-10-02 16:09 180224 ----a-w- c:\windows\SysWow64\xwsindex.exe
2012-01-01 22:07 . 2000-05-21 22:00 115920 ----a-w- c:\windows\SysWow64\MSINET.OCX
2012-01-01 22:03 . 2012-01-01 22:03 -------- d-----w- c:\users\kiwi\AppData\Roaming\MAGIX
2012-01-01 22:03 . 2012-01-01 22:03 -------- d-----w- c:\users\kiwi\AppData\Local\Xara
2012-01-01 22:03 . 2012-01-01 22:03 -------- d-----w- c:\programdata\MAGIX
2012-01-01 22:02 . 2012-01-01 22:02 -------- d-----w- c:\programdata\Xara
2012-01-01 22:01 . 2012-01-01 22:02 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-01 21:54 . 2012-01-01 21:54 -------- d-----w- c:\windows\SysWow64\Xara
2012-01-01 21:53 . 2002-01-10 02:01 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll
2012-01-01 20:36 . 2012-01-19 18:25 -------- d-----w- c:\users\kiwi\AppData\Roaming\FileZilla
2011-12-29 21:40 . 2011-12-29 21:43 -------- d-----w- c:\users\kiwi\AppData\Local\Trapped Dead
2011-12-29 21:40 . 2011-12-29 21:40 -------- d-----w- c:\users\kiwi\AppData\Local\CrashRpt
2011-12-27 12:44 . 2011-12-27 12:44 -------- d-----w- c:\users\kiwi\AppData\Roaming\XnView
2011-12-26 18:08 . 2011-12-26 18:08 -------- d-----w- c:\program files\ESET
2011-12-26 08:50 . 2011-12-26 09:19 -------- d-----w- c:\users\kiwi\AppData\Roaming\Photodex
2011-12-26 08:49 . 2011-12-26 08:49 -------- d-----w- c:\users\kiwi\AppData\Roaming\DVD Flick
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 20:22 . 2011-12-14 20:22 8398848 ----a-w- c:\users\kiwi\PCPE_3.0.1.msi
2011-12-14 19:46 . 2011-12-14 19:46 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-12-12 19:47 . 2011-12-12 19:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 14:56 . 2011-12-10 14:56 2786920 ----a-w- c:\windows\system32\auto_reactivate.exe
2011-12-10 11:49 . 2011-12-10 11:49 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-10 11:48 . 2011-12-10 11:21 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-12-10 11:48 . 2011-12-10 11:48 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-10 11:48 . 2011-12-10 11:21 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-10 08:46 . 2011-12-10 08:46 1284192 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-12-10 08:46 . 2011-12-10 08:46 210528 ----a-w- c:\windows\system32\drivers\vididr.sys
2011-12-10 08:46 . 2011-12-10 08:46 142944 ----a-w- c:\windows\system32\drivers\vsflt58.sys
2011-12-10 08:46 . 2011-12-10 08:46 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-12-10 08:19 . 2011-12-10 08:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-10 08:19 . 2011-12-10 08:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-10 08:19 . 2011-12-10 08:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-10 08:19 . 2011-12-10 08:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-10 08:19 . 2011-12-10 08:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-10 08:19 . 2011-12-10 08:19 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-10 08:19 . 2011-12-10 08:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-10 08:19 . 2011-12-10 08:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-10 08:19 . 2011-12-10 08:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-10 08:19 . 2011-12-10 08:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-10 08:19 . 2011-12-10 08:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-10 08:19 . 2011-12-10 08:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-10 08:19 . 2011-12-10 08:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-10 08:19 . 2011-12-10 08:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-10 08:19 . 2011-12-10 08:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-10 08:19 . 2011-12-10 08:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-10 08:19 . 2011-12-10 08:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-10 08:19 . 2011-12-10 08:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-10 08:19 . 2011-12-10 08:19 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-10 08:19 . 2011-12-10 08:19 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-10 08:19 . 2011-12-10 08:19 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-10 08:19 . 2011-12-10 08:19 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-10 08:19 . 2011-12-10 08:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-10 08:19 . 2011-12-10 08:19 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-10 08:19 . 2011-12-10 08:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-10 08:19 . 2011-12-10 08:19 448512 ----a-w- c:\windows\system32\html.iec
2011-12-10 08:19 . 2011-12-10 08:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-10 08:19 . 2011-12-10 08:19 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-10 08:19 . 2011-12-10 08:19 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-10 08:19 . 2011-12-10 08:19 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-10 08:19 . 2011-12-10 08:19 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-10 08:19 . 2011-12-10 08:19 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-10 08:19 . 2011-12-10 08:19 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 08:19 . 2011-12-10 08:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-10 08:18 . 2011-12-10 08:18 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-12-10 08:18 . 2011-12-10 08:18 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-12-10 08:18 . 2011-12-10 08:18 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-12-10 08:18 . 2011-12-10 08:18 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-12-10 08:18 . 2011-12-10 08:18 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-12-10 08:18 . 2011-12-10 08:18 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-12-10 08:18 . 2011-12-10 08:18 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-12-10 08:18 . 2011-12-10 08:18 3548672 ----a-w- c:\windows\system32\mf.dll
2011-12-10 08:18 . 2011-12-10 08:18 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-12-10 08:18 . 2011-12-10 08:18 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-12-10 08:18 . 2011-12-10 08:18 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-12-10 08:18 . 2011-12-10 08:18 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-12-10 08:18 . 2011-12-10 08:18 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-12-10 08:18 . 2011-12-10 08:18 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-12-10 08:18 . 2011-12-10 08:18 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-12-10 08:18 . 2011-12-10 08:18 195072 ----a-w- c:\windows\system32\mfps.dll
2011-12-10 08:18 . 2011-12-10 08:18 748544 ----a-w- c:\windows\system32\stobject.dll
2011-12-10 08:18 . 2011-12-10 08:18 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-12-10 08:18 . 2011-12-10 08:18 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-10 08:18 . 2011-12-10 08:18 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-12-10 08:18 . 2011-12-10 08:18 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-12-10 08:18 . 2011-12-10 08:18 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-12-10 08:18 . 2011-12-10 08:18 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-12-10 08:18 . 2011-12-10 08:18 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-12-10 08:18 . 2011-12-10 08:18 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-12-10 08:18 . 2011-12-10 08:18 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-12-10 08:18 . 2011-12-10 08:18 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-10 08:18 . 2011-12-10 08:18 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-12-10 08:18 . 2011-12-10 08:18 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-12-10 08:18 . 2011-12-10 08:18 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-12-10 08:18 . 2011-12-10 08:18 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-12-10 08:18 . 2011-12-10 08:18 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-12-10 08:18 . 2011-12-10 08:18 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-10 08:18 . 2011-12-10 08:18 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-12-10 08:18 . 2011-12-10 08:18 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-12-10 08:18 . 2011-12-10 08:18 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-12-10 08:18 . 2011-12-10 08:18 47104 ----a-w- c:\windows\system32\cdd.dll
2011-12-10 08:18 . 2011-12-10 08:18 366592 ----a-w- c:\windows\system32\winspool.drv
2011-12-10 08:18 . 2011-12-10 08:18 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-12-10 08:18 . 2011-12-10 08:18 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-12-10 08:18 . 2011-12-10 08:18 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-12-10 08:18 . 2011-12-10 08:18 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-12-10 08:18 . 2011-12-10 08:18 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-12-10 08:18 . 2011-12-10 08:18 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-12-10 08:18 . 2011-12-10 08:18 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-12-10 08:17 . 2011-12-10 08:17 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2011-12-10 08:17 . 2011-12-10 08:17 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2011-12-10 08:17 . 2011-12-10 08:17 328192 ----a-w- c:\windows\system32\dxdiag.exe
2011-12-10 08:17 . 2011-12-10 08:17 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2011-12-10 08:17 . 2011-12-10 08:17 252928 ----a-w- c:\windows\SysWow64\dxdiag.exe
2011-12-10 08:17 . 2011-12-10 08:17 195584 ----a-w- c:\windows\SysWow64\dxdiagn.dll
2011-12-10 08:17 . 2011-12-10 08:17 792576 ----a-w- c:\windows\system32\d3d11.dll
2011-12-10 08:17 . 2011-12-10 08:17 519680 ----a-w- c:\windows\SysWow64\d3d11.dll
2011-12-10 08:17 . 2011-12-10 08:17 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_21.43.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-09 22:32 . 2012-01-20 21:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 22:32 . 2012-01-23 18:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 22:32 . 2012-01-20 21:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-09 22:32 . 2012-01-23 18:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-09 22:32 . 2012-01-23 18:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-09 22:32 . 2012-01-20 21:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 22:40 . 2012-01-23 18:07 56678 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-23 18:07 62146 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-09 21:03 . 2012-01-23 18:07 10268 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2745662368-3488981636-2238734526-1000_UserData.bin
+ 2011-12-09 21:01 . 2012-01-23 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 21:01 . 2012-01-20 21:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 21:01 . 2012-01-23 15:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-09 21:01 . 2012-01-20 21:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-09 21:01 . 2012-01-20 21:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 21:01 . 2012-01-23 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-20 21:42 . 2012-01-20 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-23 18:05 . 2012-01-23 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-23 18:05 . 2012-01-23 18:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-20 21:42 . 2012-01-20 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-11 09:06 . 2012-01-22 08:27 317378 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2012-01-20 21:29 595798 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-23 17:52 595798 c:\windows\system32\perfh009.dat
+ 2007-01-08 22:10 . 2012-01-23 17:52 607232 c:\windows\system32\perfh005.dat
- 2007-01-08 22:10 . 2012-01-20 21:29 607232 c:\windows\system32\perfh005.dat
- 2006-11-02 12:46 . 2012-01-20 21:29 103872 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-01-23 17:52 103872 c:\windows\system32\perfc009.dat
+ 2007-01-08 22:10 . 2012-01-23 17:52 117912 c:\windows\system32\perfc005.dat
- 2007-01-08 22:10 . 2012-01-20 21:29 117912 c:\windows\system32\perfc005.dat
+ 2006-11-02 15:21 . 2012-01-23 17:45 412456 c:\windows\system32\FNTCACHE.DAT
- 2011-12-22 16:46 . 2012-01-20 21:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-22 16:46 . 2012-01-23 15:46 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-10 10:59 . 2012-01-23 18:00 385896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-10 10:59 . 2012-01-23 18:00 881524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2745662368-3488981636-2238734526-1000-8192.dat
+ 2012-01-23 17:14 . 2012-01-23 17:14 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\99cd15931eb2db4711057dce2af7d93a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
- 2011-12-10 12:20 . 2011-12-10 12:20 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\99cd15931eb2db4711057dce2af7d93a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2010-10-20 11:44 . 2010-10-20 11:44 1207656 c:\windows\SysWOW64\FM20.DLL
+ 2011-12-10 10:59 . 2012-01-23 16:09 8734524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2745662368-3488981636-2238734526-1000-4096.dat
- 2011-12-10 12:20 . 2011-12-10 12:20 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e173e7c959c2e6743087d628810806f1\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-01-23 17:14 . 2012-01-23 17:14 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e173e7c959c2e6743087d628810806f1\Microsoft.VisualBasic.Compatibility.ni.dll
- 2006-11-02 12:33 . 2012-01-12 16:55 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:33 . 2012-01-23 18:04 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-01-23 17:52 . 2012-01-23 17:52 10735616 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Mikogo"="c:\users\kiwi\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2012-01-19 5420408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-06-25 2441840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"P17RunE"="P17RunE.dll" [2007-04-09 14848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{A0D06768-22A7-11E1-B1F5-806E6F6E6963}\bootwiz\asrm.bin
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\EverestDriver]
"ImagePath"="\??\d:\files\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files\ESET\ESET Smart Security\x86\ekrn.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\files\Spyware Terminator\sp_rsser.exe
c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Razer\Lachesis\OSD.exe
c:\program files (x86)\Razer\Lachesis\razertra.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Razer\Lachesis\razerofa.exe
c:\program files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2012-01-23 19:10:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-23 18:10
ComboFix2.txt 2012-01-23 16:50
ComboFix3.txt 2012-01-20 21:48
.
Před spuštěním: Volných bajtů: 237 522 259 968
Po spuštění: Volných bajtů: 237 768 728 576
.
- - End Of File - - 91B8D7725B5C5507A9B2F2526AA599CA
Nahr nˇ probŘhlo ŁspŘçnŘ

#15 Příspěvek od **Rudy** » 23 led 2012 19:46

Smazáno. Nastala nějaká změna?

VIRY.CZ

BSOD, restart PC při spuštění a probuzení z režimu spánku

BSOD, restart PC při spuštění a probuzení z režimu spánku

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk

Re: BSOD, restart PC při spuštění a probuzení z režimu spánk