Windows padá

[filipovyfusky]

Dobrý den, mrknul by se na to prosim nekdo?? http://leteckaposta.cz/611230075 diky

[MiliNess]

Mrknu na to

[MiliNess]

Pád způsobil přímo ovladač souborového systému NTFS. Zatím těžko říci.
Nejdříve:
1)Stáhněte GoldMemory http://www.goldmemory.cz/gm692.zip ,rozbalte archiv, vypalte ISO jako obraz disku na CD, nabootujte z něho a spusťte test. Nechte ho běžet několik hodin.

2)Stáhněte CrystalDiskinfo http://sourceforge.jp/projects/crystald ... 3_9_1.zip/
a spusťte ho a stiskněte Ctrl+C. Zkopírovaná data sem vložte.

3) v příkazovém řádku napište chkdsk /r , odentrujte a povolte naplánování testu při dalším spuštění počítače. Pak restartujte. Napište mi, zda byly zjištěny a opraveny nějaké chyby.

Poprosím kolegu, aby vyloučil případnou infekci.
Večer na to mrknu.

[vyosek]

Zdravim a pekny den preji

Jak psal kolega Millines, nacpu se sem a koukneme po haveti

Kliknete do meho podpisu na RSIT a dejte log z nej - navod Vas povede

[filipovyfusky]

Když nabootoju gold memory, zacne blikat ze se mam registrovat nebo co....a taky blika symbol *setup*

[filipovyfusky]

Uz je to OK, Gold memory pracuje. Jenom jsem uz drive resil problem s kontrolou disku, kdyz sem delal test pri spusteni pc tak se to casto seklo... (viz. jedno z mých temat)

[vyosek]

Fajn, provedte jak psal kolega ten Gold Memory, pak CrystalDiskinfo a nakonec sem dejte log z RSITu at vyloucime ze to ma na svedomi havet...

[filipovyfusky]

Ten Gold memory jede porad dokola??

[vyosek]

Je treba ho nechat cim dele tim lepe, doporucenych je alespon 12 hodin...

[filipovyfusky]

Jak mam z toho gold memory vyjet? Dal sem escape, ten proces se vypnul a pak mam normalne natrvdo vypnout PC??

[filipovyfusky]

OK, kontrola Gold Memory bez erroru. Tady jsou hodnoty z Crystalu

----------------------------------------------------------------------------
CrystalDiskInfo 3.9.1 (C) 2008-2010 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition [6.1 Build 7600] (x64)
Date : 2010/10/25 21:07:16

-- Controller Map ----------------------------------------------------------
+ Intel(R) 5 Series 6 Port SATA AHCI Controller [ATA]
- ST9500325AS
- HL-DT-ST DVDRAM GT30N
+ AR440DRZ IDE Controller [SCSI]
- OZMTSJ 4XA3SHE7CPQZ SCSI CdRom Device
- OZMTSJ 4XA3SHE7CPQZ SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) ST9500325AS : 500.1 GB [0-0-0, pd1]

----------------------------------------------------------------------------
(1) ST9500325AS
----------------------------------------------------------------------------
Model : ST9500325AS
Firmware : 0010LVM1
Serial Number : 5VE6M4VL
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/150
Power On Hours : 525 hod.
Power On Count : 578 krát
Temparature : 34 C (93 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 117 _96 _34 0000087BA152 Počet chyb čtení
03 _99 _99 __0 000000000000 Čas na roztočení ploten
04 100 100 _20 00000000024A Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _72 _60 _30 000001211BDF Počet chybných hledání
09 100 100 __0 B2E20000020D Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 _20 000000000242 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB __1 __1 __0 0000000000B4 Ohlášeno neopravitelných chyb
BC 100 _99 __0 000000000009 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _66 _51 _45 000022200022 Teplota toku vzduchu
BF 100 100 __0 00000000001A Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000024 Počet vypnutí disku
C1 _96 _96 __0 000000002543 Počet cyklů načítání/vymazání
C2 _34 _49 __0 001100000022 Teplota
C3 _48 _41 __0 0000087BA152 Počet oprav chybného čtení
C4 100 100 _30 2645000001DB Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000001 Počet podezřelých sektorů
C6 100 100 __0 000000000001 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 5A 0C FF 3F 37 C8 10 00 00 00 00 00 3F 00 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 56 35 36 45 34 4D 4C 56 00 00 00 40 04 00 30 30
030: 30 31 56 4C 31 4D 54 53 35 39 30 30 32 33 41 35
040: 20 53 20 20 20 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 10 80
060: 00 00 00 2F 00 40 00 02 00 02 07 00 FF 3F 10 00
070: 3F 00 10 FC FB 00 10 01 FF FF FF 0F 00 00 07 00
080: 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00 00
090: 00 00 00 00 00 00 1F 00 02 05 02 00 48 00 48 00
0A0: F0 01 29 00 6B 34 09 7D 23 61 69 34 09 BC 23 61
0B0: 3F 20 41 00 41 00 80 80 FE FF 00 00 00 FE 00 00
0C0: 00 00 00 00 00 00 00 00 30 60 38 3A 00 00 00 00
0D0: 00 00 00 00 00 40 00 00 00 50 00 C5 21 1E 54 FD
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E 40
0F0: 1E 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 29 00 30 60 38 3A 30 60 38 3A 20 20 02 00 40 01
110: 00 01 00 50 06 3C 0A 3C 00 00 3C 00 00 00 08 00
120: 00 00 00 00 1F 00 80 02 04 00 00 00 08 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 3C 00 80
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 3B 10 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 18 15 00 00 00 00 02 00 00 00 10 10 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A5 03

[vyosek]

Tohle je pro me spanelstina , na to Vam koukne kolega - byva tu behem noci...

Dejte mi log z RSIT a kouknem po haveti (to je zas spanelstina pro kolegu, ale pst )

[filipovyfusky]

RSIT log


Logfile of random's system information tool 1.08 (written by random/random)
Run by Phillips at 2010-10-25 21:10:13
Microsoft Windows 7 Home Premium
System drive C: has 102 GB (24%) free of 431 GB
Total RAM: 4087 MB (69% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe"
"C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll" /prefetch:1
C:\windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
C:\windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe"
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe" /c /a /s UserSession
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe" /TUStart /pid:2076
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe"
"C:\Program Files (x86)\Razer\Abyssus\razerhid.exe"
"C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe"
"C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe" -Embedding
"C:\Program Files (x86)\Razer\Abyssus\razerofa.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
wmiadap.exe /R /T
"C:\Users\Phillips\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\windows\system32\rundll32.exe" "C:\windows\system32\WININET.dll",DispatchAPICall 1

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-736923937-44465302-3381133583-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-736923937-44465302-3381133583-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-04 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL [2009-11-17 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll [2010-09-04 396144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-09-24 1853736]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2009-09-01 4366704]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2009-08-19 5825536]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-07-27 16335392]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-01-15 9962016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Phillips\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.2\ICQ.exe [2010-08-09 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
C:\PROGRA~2\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE [2010-01-21 9136960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2009-11-20 284696]
"MDS_Menu"=C:\Program Files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe [2008-11-15 218408]
"Lenovo SlideNav"=C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe [2009-10-22 845640]
"VeriFaceManager"=C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [2010-01-17 3122440]
"OnekeyDM"=C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe [2009-03-27 468480]
"Abyssus"=C:\Program Files (x86)\Razer\Abyssus\razerhid.exe [2010-05-10 223744]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-10-25 21:10:13 ----D---- C:\rsit
2010-10-25 21:10:13 ----D---- C:\Program Files\trend micro
2010-10-24 12:48:35 ----A---- C:\windows\TheMatrix.ini
2010-10-24 12:48:35 ----A---- C:\windows\Instructions.txt
2010-10-24 12:19:48 ----A---- C:\windows\system32\drivers\vHidDev.sys
2010-10-24 12:19:47 ----A---- C:\windows\system32\drivers\Abyssus.sys
2010-10-24 12:19:45 ----D---- C:\Program Files (x86)\Razer
2010-10-23 14:32:16 ----D---- C:\Program Files (x86)\Counter-Strike 1.6
2010-10-18 18:17:14 ----D---- C:\windows\system32\Macromed
2010-10-18 18:12:27 ----A---- C:\windows\SYSWOW64\javaws.exe
2010-10-18 18:12:27 ----A---- C:\windows\SYSWOW64\javaw.exe
2010-10-18 18:12:27 ----A---- C:\windows\SYSWOW64\java.exe
2010-10-18 16:08:26 ----D---- C:\Program Files (x86)\Garena
2010-10-15 12:38:25 ----SHD---- C:\ProgramData\DSS
2010-10-14 15:19:06 ----A---- C:\windows\SYSWOW64\t2embed.dll
2010-10-14 15:19:06 ----A---- C:\windows\system32\t2embed.dll
2010-10-14 15:19:05 ----A---- C:\windows\system32\ole32.dll
2010-10-14 15:19:04 ----A---- C:\windows\SYSWOW64\StructuredQuery.dll
2010-10-14 15:19:04 ----A---- C:\windows\SYSWOW64\schannel.dll
2010-10-14 15:19:04 ----A---- C:\windows\SYSWOW64\ole32.dll
2010-10-14 15:19:04 ----A---- C:\windows\system32\StructuredQuery.dll
2010-10-14 15:19:04 ----A---- C:\windows\system32\schannel.dll
2010-10-14 15:19:02 ----A---- C:\windows\SYSWOW64\comctl32.dll
2010-10-14 15:19:02 ----A---- C:\windows\system32\comctl32.dll
2010-10-14 15:19:01 ----A---- C:\windows\SYSWOW64\wmpmde.dll
2010-10-14 15:19:01 ----A---- C:\windows\system32\wmpmde.dll
2010-10-14 15:19:00 ----A---- C:\windows\SYSWOW64\mfc40u.dll
2010-10-14 15:19:00 ----A---- C:\windows\SYSWOW64\mfc40.dll
2010-10-14 15:18:59 ----A---- C:\windows\system32\wmp.dll
2010-10-14 15:18:57 ----A---- C:\windows\SYSWOW64\wmp.dll
2010-10-14 15:18:56 ----A---- C:\windows\SYSWOW64\wmploc.DLL
2010-10-14 15:18:55 ----A---- C:\windows\system32\wmploc.DLL
2010-10-14 15:18:55 ----A---- C:\windows\system32\drivers\srv2.sys
2010-10-14 15:18:55 ----A---- C:\windows\system32\drivers\srv.sys
2010-10-14 15:18:54 ----A---- C:\windows\SYSWOW64\sscore.dll
2010-10-14 15:18:54 ----A---- C:\windows\system32\win32k.sys
2010-10-14 15:18:54 ----A---- C:\windows\system32\srvsvc.dll
2010-10-14 15:18:54 ----A---- C:\windows\system32\drivers\srvnet.sys
2010-10-12 15:20:07 ----D---- C:\windows\SYSWOW64\N360_BACKUP
2010-10-10 14:57:42 ----A---- C:\windows\ViewNX2.INI
2010-10-10 14:57:35 ----D---- C:\Users\Phillips\AppData\Roaming\Nikon
2010-10-10 14:11:20 ----A---- C:\windows\SYSWOW64\ATL71.DLL
2010-10-10 14:11:15 ----D---- C:\ProgramData\Internet Services
2010-10-10 14:11:15 ----D---- C:\ProgramData\Image Units
2010-10-10 14:11:15 ----D---- C:\ProgramData\Hybrid Chords
2010-10-10 14:11:14 ----D---- C:\ProgramData\Ultima_T15
2010-10-10 14:11:14 ----D---- C:\ProgramData\EnterNHelp
2010-10-10 14:11:01 ----D---- C:\Program Files (x86)\Nikon
2010-10-10 11:32:01 ----D---- C:\Program Files (x86)\Adobe
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\mshta.exe
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\jscript9.dll
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\jscript.dll
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\inseng.dll
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\imgutil.dll
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\iexpress.exe
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\ieui.dll
2010-10-10 11:17:18 ----A---- C:\windows\SYSWOW64\iesysprep.dll
2010-10-10 11:17:18 ----A---- C:\windows\system32\mshtml.dll
2010-10-10 11:17:18 ----A---- C:\windows\system32\mshta.exe
2010-10-10 11:17:18 ----A---- C:\windows\system32\msfeedsbs.dll
2010-10-10 11:17:18 ----A---- C:\windows\system32\msfeeds.dll
2010-10-10 11:17:18 ----A---- C:\windows\system32\jscript9.dll
2010-10-10 11:17:18 ----A---- C:\windows\system32\jscript.dll
2010-10-10 11:17:18 ----A---- C:\windows\system32\inseng.dll
2010-10-10 11:17:18 ----A---- C:\windows\system32\imgutil.dll
2010-10-10 11:17:18 ----A---- C:\windows\system32\iexpress.exe
2010-10-10 11:17:18 ----A---- C:\windows\system32\ieUnatt.exe
2010-10-10 11:17:18 ----A---- C:\windows\system32\ieui.dll
2010-10-10 11:17:18 ----A---- C:\windows\system32\iesysprep.dll
2010-10-10 11:17:17 ----A---- C:\windows\SYSWOW64\mshtml.dll
2010-10-10 11:17:17 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2010-10-10 11:17:17 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2010-10-10 11:17:17 ----A---- C:\windows\system32\msfeedssync.exe
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\iesetup.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\iertutil.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\iernonce.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\iepeers.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\ieakui.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\ieaksie.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\ieakeng.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\IEAdvpack.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\ie4uinit.exe
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\icardie.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2010-10-10 11:17:15 ----A---- C:\windows\SYSWOW64\admparse.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\licmgr10.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\jsproxy.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\iesetup.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\iertutil.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\iernonce.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\iepeers.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\iedkcs32.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\ieakui.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\ieaksie.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\ieakeng.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\IEAdvpack.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\ie4uinit.exe
2010-10-10 11:17:15 ----A---- C:\windows\system32\icardie.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\dxtrans.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\dxtmsft.dll
2010-10-10 11:17:15 ----A---- C:\windows\system32\admparse.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\wininet.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\wextract.exe
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\webcheck.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\vbscript.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\urlmon.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\url.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\SetIEInstalledDate.exe
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\RegisterIEPKEYs.exe
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\pngfilt.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\occache.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\msrating.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\msls31.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\mshtmler.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\ieframe.dll
2010-10-10 11:17:14 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\wininet.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\wextract.exe
2010-10-10 11:17:14 ----A---- C:\windows\system32\webcheck.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\vbscript.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\urlmon.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\url.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\SetIEInstalledDate.exe
2010-10-10 11:17:14 ----A---- C:\windows\system32\RegisterIEPKEYs.exe
2010-10-10 11:17:14 ----A---- C:\windows\system32\pngfilt.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\occache.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\msrating.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\msls31.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\mshtmler.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\mshtmled.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\ieframe.dll
2010-10-10 11:17:14 ----A---- C:\windows\system32\ieapfltr.dll
2010-10-10 11:16:42 ----A---- C:\windows\SYSWOW64\WMVDECOD.DLL
2010-10-10 11:16:42 ----A---- C:\windows\SYSWOW64\mfreadwrite.dll
2010-10-10 11:16:42 ----A---- C:\windows\system32\mfreadwrite.dll
2010-10-10 11:16:42 ----A---- C:\windows\system32\mfps.dll
2010-10-10 11:16:41 ----A---- C:\windows\SYSWOW64\mf.dll
2010-10-10 11:16:41 ----A---- C:\windows\system32\WMVDECOD.DLL
2010-10-10 11:16:41 ----A---- C:\windows\system32\mf.dll
2010-10-10 11:16:11 ----A---- C:\windows\SYSWOW64\d3d10warp.dll
2010-10-10 11:16:11 ----A---- C:\windows\SYSWOW64\d3d10_1core.dll
2010-10-10 11:16:11 ----A---- C:\windows\SYSWOW64\d2d1.dll
2010-10-10 11:16:11 ----A---- C:\windows\system32\FntCache.dll
2010-10-10 11:16:11 ----A---- C:\windows\system32\DWrite.dll
2010-10-10 11:16:11 ----A---- C:\windows\system32\d3d10warp.dll
2010-10-10 11:16:11 ----A---- C:\windows\system32\d3d10_1core.dll
2010-10-10 11:16:11 ----A---- C:\windows\system32\d2d1.dll
2010-10-10 11:16:10 ----A---- C:\windows\SYSWOW64\DWrite.dll
2010-10-10 11:15:33 ----A---- C:\windows\SYSWOW64\XpsRasterService.dll
2010-10-10 11:15:33 ----A---- C:\windows\SYSWOW64\XpsGdiConverter.dll
2010-10-10 11:15:33 ----A---- C:\windows\system32\XpsRasterService.dll
2010-10-10 11:15:33 ----A---- C:\windows\system32\XpsGdiConverter.dll
2010-10-10 11:14:39 ----A---- C:\windows\system32\ExplorerFrame.dll
2010-10-10 11:14:37 ----A---- C:\windows\SYSWOW64\ExplorerFrame.dll
2010-10-10 11:08:42 ----A---- C:\windows\system32\drivers\usbvideo.sys
2010-10-10 11:08:42 ----A---- C:\windows\system32\drivers\ks.sys
2010-10-10 11:07:01 ----D---- C:\Program Files (x86)\Feedback Tool
2010-10-10 10:54:16 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2010-10-10 10:54:01 ----D---- C:\Program Files (x86)\Microsoft Sync Framework
2010-10-10 10:54:01 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-10-10 10:52:41 ----A---- C:\windows\SYSWOW64\tzres.dll
2010-10-10 10:52:41 ----A---- C:\windows\system32\tzres.dll
2010-10-10 10:44:52 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2010-09-27 12:24:32 ----D---- C:\Program Files (x86)\Call of Duty
2010-09-27 12:22:00 ----A---- C:\windows\CoD.INI

======List of files/folders modified in the last 1 months======

2010-10-25 21:10:13 ----RD---- C:\Program Files
2010-10-25 21:05:57 ----D---- C:\windows\System32
2010-10-25 21:05:57 ----D---- C:\windows\inf
2010-10-25 21:05:57 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-10-25 21:03:38 ----D---- C:\windows\Temp
2010-10-25 21:03:14 ----D---- C:\ProgramData\VeriFace
2010-10-25 21:03:02 ----A---- C:\AtmApInit.txt
2010-10-25 21:02:54 ----SHD---- C:\System Volume Information
2010-10-24 20:43:01 ----D---- C:\windows\system32\config
2010-10-24 20:40:30 ----D---- C:\windows\system32\catroot2
2010-10-24 16:50:46 ----D---- C:\windows\Minidump
2010-10-24 16:50:44 ----D---- C:\Windows
2010-10-24 12:24:11 ----D---- C:\windows\system32\drivers
2010-10-24 12:20:05 ----D---- C:\windows\system32\catroot
2010-10-24 12:20:04 ----D---- C:\windows\system32\DriverStore
2010-10-24 12:19:49 ----D---- C:\windows\SysWOW64
2010-10-24 12:19:45 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-10-24 12:19:45 ----D---- C:\Program Files (x86)
2010-10-23 12:23:26 ----SHD---- C:\windows\Installer
2010-10-23 12:18:16 ----D---- C:\Program Files (x86)\Electronic Arts
2010-10-23 12:17:33 ----RSD---- C:\windows\assembly
2010-10-20 19:44:19 ----D---- C:\Users\Phillips\AppData\Roaming\Skype
2010-10-20 19:12:53 ----D---- C:\Users\Phillips\AppData\Roaming\uTorrent
2010-10-20 16:40:05 ----D---- C:\Users\Phillips\AppData\Roaming\skypePM
2010-10-18 18:12:21 ----D---- C:\Program Files (x86)\Java
2010-10-18 16:24:20 ----D---- C:\Program Files (x86)\ICQ7.2
2010-10-18 16:24:11 ----D---- C:\Users\Phillips\AppData\Roaming\ICQ
2010-10-18 16:15:47 ----A---- C:\windows\SYSWOW64\PnkBstrB.exe
2010-10-15 12:38:25 ----HD---- C:\ProgramData
2010-10-14 21:15:06 ----D---- C:\windows\winsxs
2010-10-14 21:11:36 ----D---- C:\Program Files\Windows Media Player
2010-10-14 21:11:36 ----D---- C:\Program Files (x86)\Windows Media Player
2010-10-14 18:24:59 ----D---- C:\windows\Microsoft.NET
2010-10-14 16:59:08 ----D---- C:\ProgramData\Microsoft Help
2010-10-14 16:53:32 ----D---- C:\windows\debug
2010-10-14 16:53:26 ----A---- C:\windows\system32\MRT.exe
2010-10-14 15:11:38 ----D---- C:\Program Files (x86)\uTorrent
2010-10-10 15:45:37 ----SD---- C:\Users\Phillips\AppData\Roaming\Microsoft
2010-10-10 15:01:13 ----RD---- C:\Program Files (x86)\Skype
2010-10-10 15:01:02 ----D---- C:\Program Files (x86)\O2 Mobilni internet
2010-10-10 14:58:37 ----D---- C:\Program Files (x86)\Windows Live Toolbar
2010-10-10 14:58:36 ----D---- C:\windows\system32\Tasks
2010-10-10 14:58:35 ----D---- C:\windows\Tasks
2010-10-10 14:58:28 ----D---- C:\Program Files (x86)\CCleaner
2010-10-10 14:51:17 ----A---- C:\windows\SYSWOW64\ILUT.dll
2010-10-10 14:51:17 ----A---- C:\windows\SYSWOW64\ILU.dll
2010-10-10 14:51:17 ----A---- C:\windows\SYSWOW64\DevIL.dll
2010-10-10 14:51:17 ----A---- C:\windows\SYSWOW64\d3dx9_35.dll
2010-10-10 14:51:17 ----A---- C:\windows\SYSWOW64\3DImageRenderer.dll
2010-10-10 14:51:08 ----D---- C:\Drivers
2010-10-10 14:11:24 ----D---- C:\Program Files (x86)\Common Files
2010-10-10 11:35:16 ----D---- C:\Program Files (x86)\TuneUp Utilities 2010
2010-10-10 11:32:03 ----D---- C:\ProgramData\Adobe
2010-10-10 11:20:17 ----D---- C:\windows\SYSWOW64\cs-CZ
2010-10-10 11:20:17 ----D---- C:\windows\system32\cs-CZ
2010-10-10 11:20:17 ----D---- C:\Program Files\Internet Explorer
2010-10-10 11:20:17 ----D---- C:\Program Files (x86)\Internet Explorer
2010-10-10 11:20:16 ----D---- C:\windows\SYSWOW64\migration
2010-10-10 11:20:15 ----D---- C:\windows\SYSWOW64\en-US
2010-10-10 11:20:10 ----D---- C:\windows\system32\migration
2010-10-10 11:20:10 ----D---- C:\windows\PolicyDefinitions
2010-10-10 11:20:09 ----D---- C:\windows\system32\en-US
2010-10-10 11:13:36 ----D---- C:\windows\SoftwareDistribution
2010-10-10 11:06:58 ----D---- C:\windows\Logs
2010-10-10 11:00:06 ----D---- C:\windows\ShellNew
2010-10-10 10:59:45 ----A---- C:\windows\win.ini
2010-10-10 10:54:53 ----RSD---- C:\windows\Fonts
2010-10-10 10:54:39 ----D---- C:\Program Files (x86)\MSBuild
2010-10-10 10:54:02 ----D---- C:\Program Files (x86)\Microsoft Office
2010-10-10 10:54:01 ----SD---- C:\ProgramData\Microsoft
2010-10-10 10:46:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-10-10 10:45:06 ----D---- C:\Program Files\Microsoft Office
2010-09-30 17:56:56 ----A---- C:\windows\system32\TURegOpt.exe
2010-09-30 17:51:40 ----A---- C:\windows\system32\authuitu.dll
2010-09-30 17:51:36 ----A---- C:\windows\SYSWOW64\authuitu.dll
2010-09-30 17:51:32 ----A---- C:\windows\system32\uxtuneup.dll
2010-09-30 17:51:26 ----A---- C:\windows\SYSWOW64\uxtuneup.dll
2010-09-26 12:03:38 ----D---- C:\windows\system32\drivers\N360x64

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-11-20 537112]
R0 LPCFilter;LPC Lower Filter Driver; C:\windows\system32\DRIVERS\LPCFilter.sys [2009-07-02 44912]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-10-10 503352]
R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [2009-10-15 433200]
R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [2010-04-22 221232]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [2010-09-01 954928]
R1 ccHP;Symantec Hash Provider; C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [2010-02-26 615040]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-08-04 475696]
R1 funfrm;funfrm; C:\windows\system32\drivers\funfrm.sys [2010-01-17 58896]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101021.003\IDSvia64.sys [2010-10-19 476720]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS [2010-04-22 32304]
R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [2010-04-29 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [2010-05-06 451120]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\windows\system32\DRIVERS\RMCAST.sys [2009-07-14 145920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 26128]
R3 enecir;ENE CIR Receiver; C:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 enecirhid;ENE CIR HID Receiver; C:\windows\system32\DRIVERS\enecirhid.sys [2009-05-19 14848]
R3 enecirhidma;ENE CIR HIDmini Filter; C:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-24 6656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-12 132656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-19 34152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-01-18 2242208]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101024.003\ENG64.SYS [2010-10-10 117808]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101024.003\EX64.SYS [2010-10-10 1804336]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit; C:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda64v.sys [2009-06-27 83488]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS [2010-04-22 505392]
R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2010-07-12 173104]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-09-24 293424]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 usbsmi;Lenovo EasyCamera; C:\windows\system32\DRIVERS\SMIksdrv.sys [2009-08-21 197120]
R3 vhidmini;Razer Gaming Device; C:\windows\system32\DRIVERS\vHidDev.sys [2009-12-21 7552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdmirror;wdmirror; C:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
S3 Abyssus;Razer Abyssus; C:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 Bridge0;Bridge0; C:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
S3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-12-02 53800]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-10-02 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2009-08-28 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-08-28 21160]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\plugins\UI\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2010-06-27 33344]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\pcouffin.sys [2010-06-13 82816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-09-22 225280]
S3 usb_rndisx;Adaptér USB RNDIS; C:\windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 151656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-10-02 873248]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
R2 IGRS;IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2009-07-27 382496]
R2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2010-06-27 75064]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2009-08-06 244904]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-09-30 1403200]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 WDDMService;WD SmartWare Drive Manager Service; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter; C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PS_MDP;ReadyComm Presentation Space Helper Service; C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs []
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-07-11 79360]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-10-10 607040]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-06-04 1255736]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]

-----------------EOF-----------------

[vyosek]

HJT se nejak nestahl, nevadi

Stahnete tedy HJT odsud http://www.trendsecure.com/portal/en-US ... ckThis.exe

1) Spustíme HijackThis (pokud by při spuštění program hlásil chybu: "chybí knihovna MSVBVM60.DLL", řešení je http://www.viry.cz/forum/viewtopic.php?t=5234 )
2) V úvodní nabídce klikneme na tlačítko "Do a system scan and save a logfile SCAN", jiných tlačítek si nevšímáme...
3) HJT bude možná pár sekund pracovat, že doscanoval poznáme tak, že se otevřelo okno Poznámkového bloku s vlastním "Logem", kde můžeme rovnou stisknout kombinaci tlačítek ctrl + A (tato kombinace kláves označí veškerý text v dokumentu) a následně ctrl + C (toto zkopíruje označený text do schránky).
Ve složce, kde je HijackThis.exe umístěn se také vytvoří soubor hijackthis.log, který rovněž obsahuje Log z HijackThis v textové podobě. Pokud okno Poznámkového bloku zavřeme, uvidíme pod ním ještě hlavní okno programu, kde se provádí vlastním vymazání položek. Prozatím - pokud si nejste jisti - nic nemažte!

Log mi sem vlozte

[MiliNess]

Dobrý večer, než kolega dokončí kontrolu havěti, nechci dělat konečné závěry. Stále trvá možnost, že to může být způsobeno nějakou infekcí.
Nicméně to vypadá, že vám odchází disk, výskyt chybných sektorů poškozuje strukturu souborového systému a ovladač ntfs na tom pak padne. Tomu by odpovídalo i divné chování chkdsk, který při přístupu k disku ovladač ntfs.sys nepoužívá (má zabudovaný vlastní mechanismus pro čtení a zápis)

Kontrola disku nástroji typu CrystalDiskInfo, HD Tune atd. není 100% spolehlivá, někdy může naprosto bezvadný disk označit za vadný a naopak.
Proto až s kolegou skončíte, doporučuji vám ještě mrknout v utilitě HDTune http://www.hdtune.com/download.html na záložku Health a spustit i scan a také udělat long drive self test v utilitě Sea Tools od Seagate
http://www.seagate.com/ww/v/index.jsp?l ... 04090aRCRD
Sea Tools by měl být nejpřesnější, nicméně mi právě skončil test jednoho staršího, prokazatelně vadného STéčka, který byl vyhodnocen jako "bez závad"
Já vcelku důvěřuji RAW hodnotám, které přečte CrystalDiskInfo a ty říkají, že disk není v dobré kondici.
Pokud budete mít zájem, můžeme zkusit použít Verifier a ověřit, zda se nevyskytují chyby v nějakých ovladačích.

Ze SMART atributů toho disku asi toto:

Kód: Vybrat vše

1)Počet přemapovaných sektorů - je sice 0, u nových disků se ale tento atribut nepoužívá, kvůli testování povrchu disku nástroji Windows.
2)Ohlášeno neopravitelných chyb (180 chyb) - počet chyb při čtení sektorů, které se nepodařilo opravit s využitím techniky 
   samoopravných kódů ECC - to může být vcelku problém
3)Časový limit příkazu- (9 chyb) počet nezdařených operací s diskem, kvůli překročení časového limitu operace -může a nemusí    
   značit problém (tady to číslo je dost nízké, takže to dejme tomu budeme ignorovat)
4)Počet udalostí s číslem realokování sektorů  - to je počet operací s realokovanými (záložními)  
   sektory disku, kterými byly nahrazeny vadné sektory. (počet přesměrování ze špatného sektoru na záložní)
   Tato hodnota dokazuje, že už máte na disku vadné sektory, které jsou nahrazeny záložními.
5)Počet podezřelých sektorů (1 kus) - nestabilní sektory, které pokud se chyba při čtení/zápisu zopakuje, budou přemapovány na  
   záložní sektor.
6)Počet neopravitelných sektorů (1 kus) - většinou ukazuje na chybu povrchu disku nebo jiné mechanické problémy.