Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Spomaleny PC - kontrola logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
mogon
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 02 pro 2008 15:57

Spomaleny PC - kontrola logu

#1 Příspěvek od mogon »

Ahoj,

asi pred týždňom som zaznamenal spomalenie môjho PC. Skúšal som nájsť príčinu, ale na nič som neprišiel.
Poprosil by som o kontrolu logu. Vopred ďakujem :)

Logfile of random's system information tool 1.08 (written by random/random)
Run by Mogon at 2010-11-24 20:24:32
Microsoft Windows XP Professional Service Pack 3
System drive I: has 49 GB (60%) free of 80 GB
Total RAM: 3326 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:24:35, on 24. 11. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\SOUNDMAN.EXE
I:\WINDOWS\tsnp325.exe
I:\WINDOWS\FixCamera.exe
I:\WINDOWS\vsnp325.exe
I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\PeerGuardian2\pg2.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\WINDOWS\system32\svchost.exe
J:\instal\Antivir\RSIT.exe
I:\Program Files\trend micro\Mogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - I:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - I:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] I:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [tsnp325] I:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [FixCamera] I:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snp325] I:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [egui] "I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] I:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] I:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] I:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - I:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - I:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - I:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - I:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file:///I:/Program%20Files/AutoCAD%202002%20Cz/InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file:///I:/Program%20Files/AutoCAD%202002%20Cz/AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///I:/Program%20Files/AutoCAD%202002%20Cz/InstBanr.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file:///I:/Program%20Files/AutoCAD%202002%20Cz/AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - I:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - I:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - I:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - I:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - I:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8372 bytes

======Scheduled tasks folder======

I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003Core.job
I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - I:\Program Files\Stylish Profile\enlbrdr.dll [2010-10-19 185856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - I:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - I:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=I:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"SoundMan"=I:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=I:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=I:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"JMB36X IDE Setup"=I:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"tsnp325"=I:\WINDOWS\tsnp325.exe [2007-04-21 270336]
"FixCamera"=I:\WINDOWS\FixCamera.exe [2007-07-11 20480]
"snp325"=I:\WINDOWS\vsnp325.exe [2007-05-10 835584]
"egui"=I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-29 2145000]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=I:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"NvCplDaemon"=I:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=I:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PeerGuardian"=I:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
I:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-02-27 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
I:\WINDOWS\system32\WgaLogon.dll [2008-10-18 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=I:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"I:\Program Files\ICQ6\ICQ.exe"="I:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\Program Files\ICQ6.5\ICQ.exe"="I:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"I:\Program Files\FlashGet\flashget.exe"="I:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"I:\Program Files\LimeWire\LimeWire.exe"="I:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"I:\Program Files\uTorrent\utorrent.exe"="I:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"I:\Program Files\Skype\Plugin Manager\skypePM.exe"="I:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"I:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="I:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"I:\Program Files\ICQ7.1\ICQ.exe"="I:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"I:\Program Files\ICQ7.1\aolload.exe"="I:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"I:\WINDOWS\system32\java.exe"="I:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"I:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="I:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"I:\Program Files\Java\jre6\bin\javaw.exe"="I:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"I:\Program Files\Skype\Phone\Skype.exe"="I:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\Program Files\ICQ7.1\ICQ.exe"="I:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"I:\Program Files\ICQ7.1\aolload.exe"="I:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.scr - open - "I:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-24 20:24:32 ----D---- I:\rsit
2010-11-24 20:19:17 ----D---- I:\Program Files\Trend Micro
2010-11-14 00:38:26 ----D---- I:\WINDOWS\Minidump
2010-11-08 17:49:13 ----D---- I:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2010-11-24 20:24:32 ----D---- I:\WINDOWS\Temp
2010-11-24 20:24:26 ----D---- I:\Program Files\PeerGuardian2
2010-11-24 20:20:34 ----D---- I:\WINDOWS\Prefetch
2010-11-24 20:19:17 ----D---- I:\Program Files
2010-11-24 20:15:15 ----D---- I:\WINDOWS\Debug
2010-11-24 20:15:15 ----D---- I:\WINDOWS
2010-11-24 18:15:36 ----A---- I:\WINDOWS\NeroDigital.ini
2010-11-24 18:01:55 ----A---- I:\WINDOWS\wincmd.ini
2010-11-24 17:46:00 ----N---- I:\WINDOWS\SchedLgU.Txt
2010-11-23 23:33:37 ----D---- I:\Documents and Settings\Mogon\Application Data\ICQ
2010-11-22 23:09:15 ----D---- I:\Documents and Settings\Mogon\Application Data\Skype
2010-11-22 22:48:25 ----D---- I:\Documents and Settings\Mogon\Application Data\skypePM
2010-11-17 16:31:04 ----D---- I:\WINDOWS\system32\CatRoot2
2010-11-17 13:26:35 ----A---- I:\WINDOWS\winamp.ini
2010-11-17 08:21:06 ----D---- I:\Program Files\JDownloader
2010-11-16 21:36:57 ----D---- I:\WINDOWS\system32\drivers
2010-11-10 23:32:58 ----A---- I:\WINDOWS\system32\MRT.exe
2010-11-08 17:49:18 ----D---- I:\Documents and Settings\Mogon\Application Data\Mozilla
2010-11-05 17:49:12 ----SD---- I:\Documents and Settings\All Users\Application Data\Microsoft
2010-11-01 08:15:55 ----D---- I:\Program Files\ICQ7.1
2010-10-31 08:14:28 ----D---- I:\WINDOWS\system32
2010-10-31 08:14:28 ----A---- I:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 imagedrv;imagedrv; I:\WINDOWS\System32\Drivers\imagedrv.sys [2005-08-15 5888]
R0 imagesrv;imagesrv; I:\WINDOWS\system32\DRIVERS\imagesrv.sys [2005-08-15 127488]
R0 JRAID;JRAID; I:\WINDOWS\system32\DRIVERS\jraid.sys [2008-11-04 83296]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; I:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; I:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; I:\WINDOWS\System32\Drivers\sptd.sys [2009-06-07 685816]
R1 ehdrv;ehdrv; I:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-29 114984]
R1 epfwtdir;epfwtdir; I:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-29 95872]
R1 intelppm;Intel Processor Driver; I:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\I:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 Aspi32;Aspi32; I:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 eamon;eamon; I:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-29 140216]
R2 Sentinel;Sentinel; I:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R2 STEC3;STEC3; \??\I:\WINDOWS\system32\STEC3.sys []
R3 Arp1394;1394 ARP Client Protocol; I:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 gdrv;gdrv; \??\I:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; I:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); I:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 NIC1394;1394 Net Driver; I:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; I:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128]
R3 pgfilter;pgfilter; \??\I:\Program Files\PeerGuardian2\pgfilter.sys []
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; I:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-16 115840]
R3 SNP325;USB PC Camera (SNPSTD325); I:\WINDOWS\system32\DRIVERS\snp325.sys [2007-07-24 10394624]
R3 usbstor;USB Mass Storage Driver; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; I:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\I:\Program Files\CyberLink\PowerDVD\000.fcl []
S3 ak0ra33c;ak0ra33c; I:\WINDOWS\system32\drivers\ak0ra33c.sys []
S3 CCDECODE;Closed Caption Decoder; I:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 C-Dilla;C-Dilla; \??\I:\WINDOWS\system32\drivers\CDANT.SYS []
S3 HidUsb;Microsoft HID Class Driver; I:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; I:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; I:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; I:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SASENUM;SASENUM; \??\I:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; I:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; I:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; I:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; I:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;World Standard Teletext Codec; I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 C-DillaSrv;C-DillaSrv; I:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2009-08-18 32256]
R2 ekrn;ESET Service; I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-29 810120]
R2 JavaQuickStarterService;Java Quick Starter; I:\Program Files\Java\jre6\bin\jqs.exe [2009-07-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; I:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
S2 GEST Service;GEST Service for program management.; I:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-12-08 68136]
S3 aspnet_state;ASP.NET State Service; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; I:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-04-02 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; I:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-29 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; I:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 odserv;Microsoft Office Diagnostics Service; I:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; I:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Spomaleny PC - kontrola logu

#2 Příspěvek od vyosek »

Zdravim a pekny den preji :)

:arrow: Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v i:\rsit

:arrow: Co vse jste zkousel :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mogon
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 02 pro 2008 15:57

Re: Spomaleny PC - kontrola logu

#3 Příspěvek od mogon »

Ahoj,
aj tebe prajem pekný deň. A vopred ďakujem za tvoj čas.

Tak prvé čo som spravil keď som zaznamenal pomalšie nabiehanie OS bolo že som skontroloval comp antivirákom (NOD 32), ten nič nenašiel, tak som si ešte pustil SUPERAntiSpyware, ale ani ten nič nenašiel. A samozrejme som si comp prečistil CCleanerom :) . Mal som predtým SpywareTerminator, ale NOD s ním mal nejaký problém (rezidentný štít v terminátore som vypol) :) A obcas si dám PC prebehnúť aj Doctor Web (ten mi vie väčšinou nájsť to čo tie dva predchádzajúce nie)

A v priebehu posledného mesiaca sa mi ešte stalo (asi tri krát, nepravidelne) že mi normálne nabehol systém, ale po par minutách mi naskočila modra obrazovka s nejakou chybovou hláškou na celú obrazovku, nikdy predtým som sa s touto hláškou nestretol. Už sa to par dni nestalo, a vtedy ma nenapadlo to odfotografovať) a comp sa automaticky reštartoval, spustil a potom už bežal normálne.

a tu je ten log čo si žiadal:

info.txt logfile of random's system information tool 1.08 2010-11-24 20:24:36

======Uninstall list======

-->I:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->I:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->I:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->I:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->I:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->I:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{699BAC7F-DC10-4709-97D8-45379301BBE7}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 I:\WINDOWS\INF\PCHealth.inf
µTorrent CZ 1.8.5 (build 17091)-->"I:\Program Files\uTorrent\unins000.exe"
Adobe Flash Player 10 ActiveX-->I:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->I:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 9.1.1 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A91000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AutoCAD 2002 česká verze-->MsiExec.exe /I{5783F2D7-0101-0405-0002-0060B0CE6BBA}
AutoCAD 2007 - Český-->MsiExec.exe /I{5783F2D7-5001-0405-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->I:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Browser Configuration Utility-->"I:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
BS.Player FREE-->"I:\Program Files\Webteh\BSplayer\uninstall.exe"
Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1500-->I:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLI:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLI:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0405.dll"
Canon Utilities Easy-PhotoPrint-->I:\Program Files\Canon\Easy-PhotoPrint\uninst.exe I:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox-->I:\WINDOWS\BJPSUNST.EXE
CANYON USB PC Camera-->I:\Program Files\InstallShield Installation Information\{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}\setup.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only)-->"I:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"I:\Program Files\CDex_150\uninstall.exe"
C-Dilla Licence Management System-->I:\C_DILLA\setup\cdunin16.exe
Codec Pack - All In 1 6.0.3.0-->I:\WINDOWS\iun6002.exe "I:\Program Files\Codec Pack - All In 1\irunin.ini"
Counter-Strike 1.6-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
CyberLink PowerDVD 9-->"I:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"I:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
DVD Shrink 3.2-->"I:\Program Files\DVD Shrink\unins000.exe"
Easy-WebPrint-->I:\WINDOWS\IsUninst.exe -f"I:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Energy Saver Advance B8.1208.1-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly
Fable - The Lost Chapters-->I:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
FLV Player 2.0 (build 25)-->I:\Program Files\FLV Player\uninst.exe
Gigabyte Raid Configurer-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
Gothic III-->I:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe -runfromtemp -l0x0005 -removeonly
High Definition Audio Driver Package - KB888111-->"I:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"I:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB2158563)-->"I:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"I:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"I:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"I:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"I:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"I:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"I:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
ICQ7.1-->"I:\Program Files\InstallShield Installation Information\{71BFC818-0CED-42D6-9C87-5142918957EE}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
JDownloader-->I:\Program Files\JDownloader\uninstall.exe
LimeWire PRO 5.0.11-->"I:\Program Files\LimeWire\uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - CSY-->I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - CSY\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->I:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"I:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"I:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041B-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Plus 2007-->"I:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.6.12)-->I:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MV2Player (remove only)-->I:\Program Files\Mv2Player\uninst.exe
Nero 7 Ultra Edition-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11051}
NVIDIA Drivers-->I:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->I:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX v8.08.01-->MsiExec.exe /X{699BAC7F-DC10-4709-97D8-45379301BBE7}
OLYMPUS CAMEDIA Master 4.0-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe"
pdfFactory Pro-->I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst3.exe /uninstall
PeerGuardian 2.0-->"I:\Program Files\PeerGuardian2\unins000.exe"
Pool Sharks 2.1-->I:\Games\Pool Sharks\uninst.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->I:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x001b -removeonly
Realtek High Definition Audio Driver-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x1b -removeonly
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"I:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"I:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"I:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"I:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"I:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"I:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"I:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"I:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"I:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"I:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"I:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"I:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"I:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"I:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"I:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"I:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"I:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"I:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"I:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"I:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"I:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"I:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"I:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"I:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"I:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"I:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"I:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"I:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"I:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"I:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"I:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"I:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"I:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"I:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"I:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"I:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"I:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"I:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"I:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"I:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"I:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"I:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"I:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"I:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"I:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"I:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"I:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"I:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"I:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"I:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"I:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"I:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"I:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"I:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"I:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"I:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"I:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"I:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"I:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"I:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"I:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"I:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"I:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"I:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"I:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"I:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"I:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"I:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"I:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"I:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"I:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"I:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"I:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"I:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"I:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"I:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"I:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"I:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"I:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"I:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"I:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"I:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"I:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"I:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"I:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"I:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"I:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"I:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"I:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"I:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"I:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"I:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"I:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"I:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"I:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"I:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"I:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"I:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"I:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"I:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"I:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"I:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"I:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"I:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"I:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"I:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"I:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"I:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"I:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"I:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"I:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"I:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"I:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"I:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"I:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"I:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"I:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"I:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"I:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"I:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"I:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Sentinel Protection Installer 7.2.2-->MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SPORE™-->"I:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0005 -removeonly
Stylish Profile-->I:\Program Files\Stylish Profile\uninstall.exe
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tekla Structures 13.0-->I:\Program Files\InstallShield Installation Information\{75E240FD-8C9D-4207-96B0-40E7FAB3E494}\setup.exe -runfromtemp -l0x0009 -removeonly
TIC TAC racing-->"I:\Program Files\TIC TAC racing\TIC TAC racing.scr" /S /Uninstall
ticmobil-->"I:\Program Files\ticmobil\ticmobil.scr" /S /Uninstall
tictac® hodiny-->"I:\Program Files\tictac® hodiny\tictac® hodiny.scr" /S /Uninstall
tictacsaver-->"I:\Program Files\tictacsaver\tictacsaver.scr" /S /Uninstall
Total Commander (Remove or Repair)-->I:\Program Files\totalcmd\tcuninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"I:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"I:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"I:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"I:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"I:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"I:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"I:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"I:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"I:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"I:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"I:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"I:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"I:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"I:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Volo View Express-->I:\WINDOWS\uninst.exe -f"I:\Program Files\Volo View Express\DeIsL1.isu"
Winamp (remove only)-->"I:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"I:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"I:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archivátor-->I:\Program Files\WinRAR\uninstall.exe
YouTube Downloader 2.5.3-->"I:\Program Files\YouTube Downloader\uninstall.exe"
Zuma Deluxe RA-->J:\Hry\ZUMADE~1\UNWISE.EXE J:\Hry\ZUMADE~1\INSTALL.LOG

======Security center information======

AV: ESET NOD32 Antivirus 4.2

======System event log======

Computer Name: MOGON-1CA4C1668
Event Code: 7000
Message: The {95808DC4-FA4A-4c74-92FE-5B863F82066B} service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 33455
Source Name: Service Control Manager
Time Written: 20101008205402.000000+120
Event Type: error
User:

Computer Name: MOGON-1CA4C1668
Event Code: 7000
Message: The {95808DC4-FA4A-4c74-92FE-5B863F82066B} service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 33428
Source Name: Service Control Manager
Time Written: 20101008000802.000000+120
Event Type: error
User:

Computer Name: MOGON-1CA4C1668
Event Code: 7000
Message: The {95808DC4-FA4A-4c74-92FE-5B863F82066B} service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 33398
Source Name: Service Control Manager
Time Written: 20101007212054.000000+120
Event Type: error
User:

Computer Name: MOGON-1CA4C1668
Event Code: 7000
Message: The {95808DC4-FA4A-4c74-92FE-5B863F82066B} service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 33373
Source Name: Service Control Manager
Time Written: 20101007172808.000000+120
Event Type: error
User:

Computer Name: MOGON-1CA4C1668
Event Code: 7000
Message: The {95808DC4-FA4A-4c74-92FE-5B863F82066B} service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 33349
Source Name: Service Control Manager
Time Written: 20101007144753.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: MOGON-1CA4C1668
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 436
Source Name: Application Hang
Time Written: 20090630154740.000000+120
Event Type: error
User:

Computer Name: MOGON-1CA4C1668
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 417
Source Name: Application Hang
Time Written: 20090627160839.000000+120
Event Type: error
User:

Computer Name: MOGON-1CA4C1668
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 416
Source Name: Application Hang
Time Written: 20090627160733.000000+120
Event Type: error
User:

Computer Name: MOGON-1CA4C1668
Event Code: 1000
Message: Faulting application pg2.exe, version 1.0.6.4, faulting module pg2.exe, version 1.0.6.4, fault address 0x0006a455.

Record Number: 413
Source Name: Application Error
Time Written: 20090626214427.000000+120
Event Type: error
User:

Computer Name: MOGON-1CA4C1668
Event Code: 1000
Message: Faulting application icq.exe, version 6.5.0.1042, faulting module mshtml.dll, version 8.0.6001.18783, fault address 0x000da42f.

Record Number: 406
Source Name: Application Error
Time Written: 20090624232919.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;I:\Program Files\QuickTime\QTSystem\;I:\Program Files\Common Files\Autodesk Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 26 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=1a05
"NUMBER_OF_PROCESSORS"=8
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"EDM_LIC13_4_5"=9GElXKtBOo3Pn'nSOzlg'fFqLnrsoc7Z-Gn_W)e24yPnET5x,GYMFwlj_zy
"CLASSPATH"=.;I:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=I:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Spomaleny PC - kontrola logu

#4 Příspěvek od vyosek »

:arrow: Tohle I:\Program Files\Stylish Profile pouzivate :???: Velmi casto to dokaze s PC delat opravdu psi kusy :o

:arrow: Podivejte se do slozky I:\windows\minidump zda-li tam jsou nejake soubory, pokud ano, tak je zabalte a uploadnete na LP http://leteckaposta.cz/ - jsou to soubory ktere popisuji stav tesne pred modou smrti
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mogon
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 02 pro 2008 15:57

Re: Spomaleny PC - kontrola logu

#5 Příspěvek od mogon »

Ahoj,

tak Stylish Profile zmazane :) ...nepoužíval som ho...bola to iba skúška a potom som ho zabudol vymazať :)

V zložke minidump sa nenachádzajú žiadne súbory. Ale dnes mi to spravilo znova, počas pozerania filmu cez MV2 player (používam ho už pár rokov) ...a stihol som to aj odfotiť. Tu to je: http://leteckaposta.cz/215874687

Keďže som si to stihol tento krát aj prečítať mojou chabou angličtinou, tak z toho čo som pochopil som v poslednej dobe žiadny nový hardvér nepridával..a ani nič podstatné neinštaloval..jedine tak preinštaloval mozillu.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Spomaleny PC - kontrola logu

#6 Příspěvek od vyosek »

:arrow: Nastavte si generovani tech souboru dmp - fotku predam kolegovi, ktery se tim zabyva
MiliNess píše: Aby došlo k vygenerování výpisu paměti, je nutno mít povolený stránkovací soubor.
Zkontrolujte také Počítač->Vlastnosti->Upřesnit nastavení systému->Spouštění a zotavení systému->Nastavení->
zda máte nastaveno "Zkrácený výpis stavu paměti", eventuelně zrušte i zatržítko u "Automaticky restartovat"
:arrow: A my zatim kouknem po haveti :wink:

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mogon
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 02 pro 2008 15:57

Re: Spomaleny PC - kontrola logu

#7 Příspěvek od mogon »

Ahoj,
tak za prve:

- Myslím, že mám povolený stránkový súbor(aspoň čo sa týka mojich vedomostí, lebo moc zbehlý v tom niesom) :)
- A zátržítko u "Automaticky reštartovať" som zrušil
- A mám nastavený "Zkrácený výpis stavu paměti"

a za druhé: tu je log z Combofix-u :

ComboFix 10-11-26.07 - Mogon . 11. 2010 11:29:24.1.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3326.2821 [GMT 1:00]
Running from: i:\documents and settings\Mogon\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\windows\system32\service
i:\windows\system32\service\01062009_TIS17_SfFniAU.log
i:\windows\system32\service\02062009_TIS17_SfFniAU.log
i:\windows\system32\service\03062009_TIS17_SfFniAU.log
i:\windows\system32\service\06062009_TIS17_SfFniAU.log
i:\windows\system32\service\07062009_TIS17_SfFniAU.log
i:\windows\system32\service\12062009_TIS17_SfFniAU.log
i:\windows\system32\service\13062009_TIS17_SfFniAU.log
i:\windows\system32\service\14062009_TIS17_SfFniAU.log
i:\windows\system32\service\15062009_TIS17_SfFniAU.log
i:\windows\system32\service\17062009_TIS17_SfFniAU.log
i:\windows\system32\service\20062009_TIS17_SfFniAU.log
i:\windows\system32\service\22062009_TIS17_SfFniAU.log
i:\windows\system32\service\29062009_TIS17_SfFniAU.log
i:\windows\system32\service\30052009_TIS17_SfFniAU.log
i:\windows\system32\service\30062009_TIS17_SfFniAU.log
i:\windows\system32\service\31052009_TIS17_SfFniAU.log
i:\windows\system32\STEC3.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STEC3
-------\Service_STEC3


((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-24 19:24 . 2010-11-24 19:24 -------- d-----w- I:\rsit
2010-11-24 19:19 . 2010-11-24 19:24 -------- d-----w- i:\program files\Trend Micro
2010-11-09 22:09 . 2010-11-09 22:09 -------- d-sh--w- i:\documents and settings\LocalService\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-27 10:33 . 2009-05-29 19:30 16608 ----a-w- i:\windows\gdrv.sys
2010-09-18 10:23 . 2004-08-03 22:56 974848 ----a-w- i:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-03 22:56 974848 ----a-w- i:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- i:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- i:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-03 22:56 916480 ----a-w- i:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-03 22:56 1469440 ------w- i:\windows\system32\inetcpl.cpl
2010-09-10 05:58 . 2004-08-03 22:56 43520 ----a-w- i:\windows\system32\licmgr10.dll
2010-09-01 11:51 . 2004-08-03 22:56 285824 ----a-w- i:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-03 21:17 1852800 ----a-w- i:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="i:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"JMB36X IDE Setup"="i:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"tsnp325"="i:\windows\tsnp325.exe" [2007-04-21 270336]
"FixCamera"="i:\windows\FixCamera.exe" [2007-07-11 20480]
"snp325"="i:\windows\vsnp325.exe" [2007-05-10 835584]
"egui"="i:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]
"NvMediaCenter"="i:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="i:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 09:39 282624 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\LimeWire\\LimeWire.exe"=
"i:\\Program Files\\uTorrent\\utorrent.exe"=
"i:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"i:\\Program Files\\ICQ7.1\\ICQ.exe"=
"i:\\Program Files\\ICQ7.1\\aolload.exe"=
"i:\\WINDOWS\\system32\\java.exe"=
"i:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"i:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"i:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;i:\windows\system32\drivers\sptd.sys [29. 5. 2009 20:44 685816]
R1 ehdrv;ehdrv;i:\windows\system32\drivers\ehdrv.sys [29. 3. 2010 16:12 114984]
R1 epfwtdir;epfwtdir;i:\windows\system32\drivers\epfwtdir.sys [29. 3. 2010 16:13 95872]
R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\sasdifsv.sys [10. 10. 2006 11:53 5632]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27. 2. 2007 10:39 32256]
R2 ekrn;ESET Service;i:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29. 3. 2010 16:12 810120]
R3 SNP325;USB PC Camera (SNPSTD325);i:\windows\system32\drivers\snp325.sys [3. 8. 2009 9:16 10394624]
S2 GEST Service;GEST Service for program management.;i:\program files\GIGABYTE\EnergySaver\GSvr.exe [29. 5. 2009 20:31 68136]
S3 SASENUM;SASENUM;i:\program files\SUPERAntiSpyware\SASENUM.SYS [16. 2. 2006 15:51 4096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder

2010-11-25 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003Core.job
- i:\documents and settings\Mogon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-10 14:36]

2010-11-27 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003UA.job
- i:\documents and settings\Mogon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-10 14:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: E&xportovať do programu Microsoft Excel - i:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - i:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - i:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - i:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - i:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - i:\program files\Stylish Profile\ct.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - i:\program files\ICQ7.1\ICQ.exe
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file:///I:/Program%20Files/AutoCAD%202002%20Cz/InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file:///I:/Program%20Files/AutoCAD%202002%20Cz/InstBanr.ocx
FF - ProfilePath - i:\documents and settings\Mogon\Application Data\Mozilla\Firefox\Profiles\d2uacjvf.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: i:\documents and settings\Mogon\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: i:\documents and settings\Mogon\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - i:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: jqs@sun.com - i:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\documents and settings\Mogon\Application Data\Mozilla\Firefox\Profiles\d2uacjvf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - i:\documents and settings\Mogon\Application Data\Mozilla\Firefox\Profiles\d2uacjvf.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - i:\documents and settings\Mogon\Application Data\Mozilla\Firefox\Profiles\d2uacjvf.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 11:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

i:\program files\Internet Explorer\iexplore.exe [3288] 0x89BD8020
i:\program files\Internet Explorer\iexplore.exe [3324] 0x89DDAA58
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B04B1E8]<<
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8b04b008; MOV EAX, 0xb7edf690; CALL EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AF48030]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007b[0x8AFB6518]
5 ACPI[0xB7E5D620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Scsi\JRAID1Port4Path0Target0Lun0[0x8AF0B030]
\Driver\JRAID[0x8AED9A08] -> IRP_MJ_CREATE -> 0x8B04B1E8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; CLD ; REP MOVSD ; JMP FAR 0x0:0x61f; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\i:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,41,ab,60,78,17,bc,4e,af,d6,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,41,ab,60,78,17,bc,4e,af,d6,95,\

[HKEY_USERS\S-1-5-21-746137067-1390067357-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,c2,0e,38,5e,0d,26,7a,5c,61,42,83,71,b9,b9,72,b5,6b,fe,24,8a,
f5,d3,2a,67,cc,9d,25,bc,3b,54,f2,f4,16,fb,d2,0e,03,28,b7,f4,cd,8d,8e,20,e3,\
"rkeysecu"=hex:a5,bc,40,ce,86,26,1c,2d,cf,5b,94,c2,5a,17,81,ce
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
i:\program files\SUPERAntiSpyware\SASWINLO.dll
i:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3196)
i:\windows\system32\WININET.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
i:\windows\system32\nvsvc32.exe
i:\windows\system32\DRIVERS\CDANTSRV.EXE
i:\program files\Java\jre6\bin\jqs.exe
i:\windows\RTHDCPL.EXE
i:\windows\SOUNDMAN.EXE
i:\windows\system32\RUNDLL32.EXE
i:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-11-27 11:36:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-27 10:36

Pre-Run: 50 910 334 976 bytes free
Post-Run: 50 841 219 072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 71D2BF1D40D78227FF726F04C7EE2418
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Spomaleny PC - kontrola logu

#8 Příspěvek od vyosek »

:arrow: Ono to padani ma na startost asi peknej smejdik :?:

:arrow: Stahnete SPTD http://www.duplexsecure.com/en/downloads
  • Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
  • Ulozte na plochu a spustte
  • Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
  • Ulozte na plochu a spustte
  • Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

:arrow: Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    "%userprofile%\Desktop\mbr" -f
  • Kliknete na OK
:arrow: Restartujte PC :!:

:arrow: Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    "%userprofile%\Desktop\mbr" -f
  • Kliknete na OK
  • Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mogon
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 02 pro 2008 15:57

Re: Spomaleny PC - kontrola logu

#9 Příspěvek od mogon »

Ahoj,

tak zase mam toho viac :)

:arrow: stiahol som si SPTD . A spravil som čo som mal.

:arrow: stiahol som si Defogger a spravil som čo som mal. (len na okraj, ak môžeš povedz mi na čo slúžia tieto utilitky :) )

:arrow: potom som mal na práci iné veci a keď som sa vrátil k pc tak mi znova padol systém ( 2 krát) a objavila sa modra obrazovka s hláškou. V zložke minidump sa už tento krát nejaké súbory objavili, tak ich prikladám: http://leteckaposta.cz/244562272

:arrow: potom som stiahol MBR spravil čo som mal a tu je log:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Spomaleny PC - kontrola logu

#10 Příspěvek od vyosek »

:arrow: Provedl jste vsechny kroky s mbr :???: Njedrive jeden, pak restart PC, pak druhy :???:

:arrow: SPTD a Deffoger odinstalovavaji ovladace virtualnich mechanik aby nezkreslovali vysledky mbr - jelikoz tyto ovladace vyuzivaji taktez rootkit techniky, ac rootkitama nejsou

Udelejte jeste jeden sken pomoci navodu od kolegy
stell píše: :arrow: Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mogon
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 02 pro 2008 15:57

Re: Spomaleny PC - kontrola logu

#11 Příspěvek od mogon »

Ahoj,

áno urobil som presne čo si mi povedal s tým MBR...spustil..reštartol...a zase spustil...takže neviem kde je chyba :o

Tu je log z TDSSKiller:

2010/11/28 12:28:30.0234 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
2010/11/28 12:28:30.0234 ================================================================================
2010/11/28 12:28:30.0234 SystemInfo:
2010/11/28 12:28:30.0234
2010/11/28 12:28:30.0234 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/28 12:28:30.0234 Product type: Workstation
2010/11/28 12:28:30.0234 ComputerName: MOGON-1CA4C1668
2010/11/28 12:28:30.0234 UserName: Mogon
2010/11/28 12:28:30.0234 Windows directory: I:\WINDOWS
2010/11/28 12:28:30.0234 System windows directory: I:\WINDOWS
2010/11/28 12:28:30.0234 Processor architecture: Intel x86
2010/11/28 12:28:30.0234 Number of processors: 8
2010/11/28 12:28:30.0234 Page size: 0x1000
2010/11/28 12:28:30.0234 Boot type: Normal boot
2010/11/28 12:28:30.0234 ================================================================================
2010/11/28 12:28:30.0796 Initialize success
2010/11/28 12:28:33.0812 ================================================================================
2010/11/28 12:28:33.0812 Scan started
2010/11/28 12:28:33.0812 Mode: Manual;
2010/11/28 12:28:33.0812 ================================================================================
2010/11/28 12:28:34.0031 ACPI (8fd99680a539792a30e97944fdaecf17) I:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/28 12:28:34.0078 ACPIEC (9859c0f6936e723e4892d7141b1327d5) I:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/28 12:28:34.0093 aec (8bed39e3c35d6a489438b8141717a557) I:\WINDOWS\system32\drivers\aec.sys
2010/11/28 12:28:34.0140 AFD (7e775010ef291da96ad17ca4b17137d7) I:\WINDOWS\System32\drivers\afd.sys
2010/11/28 12:28:34.0187 Arp1394 (b5b8a80875c1dededa8b02765642c32f) I:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/28 12:28:34.0265 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) I:\WINDOWS\system32\drivers\Aspi32.sys
2010/11/28 12:28:34.0281 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) I:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/28 12:28:34.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) I:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/28 12:28:34.0328 Atmarpc (9916c1225104ba14794209cfa8012159) I:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/28 12:28:34.0343 audstub (d9f724aa26c010a217c97606b160ed68) I:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/28 12:28:34.0390 Beep (da1f27d85e0d1525f6621372e7b685e9) I:\WINDOWS\system32\drivers\Beep.sys
2010/11/28 12:28:34.0421 C-Dilla (894ffbfc41be336443bee9c33010419a) I:\WINDOWS\system32\drivers\CDANT.SYS
2010/11/28 12:28:34.0453 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) I:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/28 12:28:34.0484 CCDECODE (0be5aef125be881c4f854c554f2b025c) I:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/28 12:28:34.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) I:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/28 12:28:34.0531 Cdfs (c885b02847f5d2fd45a24e219ed93b32) I:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/28 12:28:34.0562 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) I:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/28 12:28:34.0640 Disk (044452051f3e02e7963599fc8f4f3e25) I:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/28 12:28:34.0687 dmboot (d992fe1274bde0f84ad826acae022a41) I:\WINDOWS\system32\drivers\dmboot.sys
2010/11/28 12:28:34.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) I:\WINDOWS\system32\drivers\dmio.sys
2010/11/28 12:28:34.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) I:\WINDOWS\system32\drivers\dmload.sys
2010/11/28 12:28:34.0734 DMusic (8a208dfcf89792a484e76c40e5f50b45) I:\WINDOWS\system32\drivers\DMusic.sys
2010/11/28 12:28:34.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) I:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/28 12:28:34.0781 eamon (4094e23a8dcd947f8f0f762d0630f4ac) I:\WINDOWS\system32\DRIVERS\eamon.sys
2010/11/28 12:28:34.0796 ehdrv (0fc7f6be889a747b1d0edfe4c58e487b) I:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/11/28 12:28:34.0828 epfwtdir (5d8d0d9b78fb21bfb3f2ca97d41ea4ca) I:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/11/28 12:28:34.0843 Fastfat (38d332a6d56af32635675f132548343e) I:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/28 12:28:34.0843 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) I:\WINDOWS\system32\drivers\Fdc.sys
2010/11/28 12:28:34.0859 Fips (d45926117eb9fa946a6af572fbe1caa3) I:\WINDOWS\system32\drivers\Fips.sys
2010/11/28 12:28:34.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) I:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/28 12:28:34.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) I:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/28 12:28:34.0890 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) I:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/28 12:28:34.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) I:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/28 12:28:34.0937 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) I:\WINDOWS\gdrv.sys
2010/11/28 12:28:35.0453 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) I:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/28 12:28:35.0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) I:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/28 12:28:35.0515 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) I:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/28 12:28:35.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) I:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/28 12:28:35.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) I:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/28 12:28:35.0609 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) I:\WINDOWS\system32\Drivers\imagedrv.sys
2010/11/28 12:28:35.0625 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) I:\WINDOWS\system32\DRIVERS\imagesrv.sys
2010/11/28 12:28:35.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) I:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/28 12:28:35.0734 IntcAzAudAddService (4aaa8312732655f93a254d1fa695eb79) I:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/28 12:28:35.0781 intelppm (8c953733d8f36eb2133f5bb58808b66b) I:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/28 12:28:35.0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) I:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/28 12:28:35.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) I:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/28 12:28:35.0859 IpInIp (b87ab476dcf76e72010632b5550955f5) I:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/28 12:28:35.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) I:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/28 12:28:35.0875 IPSec (23c74d75e36e7158768dd63d92789a91) I:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/28 12:28:35.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) I:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/28 12:28:35.0906 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) I:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/28 12:28:35.0921 JRAID (a324485106f133e751f4b7f47c4be3ea) I:\WINDOWS\system32\DRIVERS\jraid.sys
2010/11/28 12:28:35.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) I:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/28 12:28:35.0937 kmixer (692bcf44383d056aed41b045a323d378) I:\WINDOWS\system32\drivers\kmixer.sys
2010/11/28 12:28:35.0953 KSecDD (b467646c54cc746128904e1654c750c1) I:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/28 12:28:36.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) I:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/28 12:28:36.0015 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) I:\WINDOWS\system32\drivers\Modem.sys
2010/11/28 12:28:36.0015 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) I:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/28 12:28:36.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) I:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/28 12:28:36.0031 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) I:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/28 12:28:36.0046 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) I:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/28 12:28:36.0078 MRxSmb (f3aefb11abc521122b67095044169e98) I:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/28 12:28:36.0093 Msfs (c941ea2454ba8350021d774daf0f1027) I:\WINDOWS\system32\drivers\Msfs.sys
2010/11/28 12:28:36.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) I:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/28 12:28:36.0125 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) I:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/28 12:28:36.0140 MSPQM (bad59648ba099da4a17680b39730cb3d) I:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/28 12:28:36.0140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) I:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/28 12:28:36.0156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) I:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/28 12:28:36.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) I:\WINDOWS\system32\drivers\Mup.sys
2010/11/28 12:28:36.0187 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/28 12:28:36.0203 NDIS (1df7f42665c94b825322fae71721130d) I:\WINDOWS\system32\drivers\NDIS.sys
2010/11/28 12:28:36.0218 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) I:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/28 12:28:36.0218 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) I:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/28 12:28:36.0234 Ndisuio (f927a4434c5028758a842943ef1a3849) I:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/28 12:28:36.0250 NdisWan (edc1531a49c80614b2cfda43ca8659ab) I:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/28 12:28:36.0265 NDProxy (6215023940cfd3702b46abc304e1d45a) I:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/28 12:28:36.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) I:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/28 12:28:36.0281 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) I:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/28 12:28:36.0312 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) I:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/28 12:28:36.0328 Npfs (3182d64ae053d6fb034f44b6def8034a) I:\WINDOWS\system32\drivers\Npfs.sys
2010/11/28 12:28:36.0343 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) I:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/28 12:28:36.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) I:\WINDOWS\system32\drivers\Null.sys
2010/11/28 12:28:36.0531 nv (30913cbf518396912e54c2c9f1dd0f09) I:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/28 12:28:36.0671 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) I:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/28 12:28:36.0687 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) I:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/28 12:28:36.0703 ohci1394 (ca33832df41afb202ee7aeb05145922f) I:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/28 12:28:36.0718 Parport (5575faf8f97ce5e713d108c2a58d7c7c) I:\WINDOWS\system32\drivers\Parport.sys
2010/11/28 12:28:36.0718 PartMgr (beb3ba25197665d82ec7065b724171c6) I:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/28 12:28:36.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) I:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/28 12:28:36.0750 PCI (a219903ccf74233761d92bef471a07b1) I:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/28 12:28:36.0781 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) I:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/28 12:28:36.0796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) I:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/28 12:28:36.0906 pgfilter (79bad6756154335d5304f0fe39961f5b) I:\Program Files\PeerGuardian2\pgfilter.sys
2010/11/28 12:28:36.0921 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) I:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/28 12:28:36.0937 PSched (09298ec810b07e5d582cb3a3f9255424) I:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/28 12:28:36.0937 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) I:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/28 12:28:36.0953 PxHelp20 (153d02480a0a2f45785522e814c634b6) I:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/11/28 12:28:37.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) I:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/28 12:28:37.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) I:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/28 12:28:37.0031 RasPppoe (5bc962f2654137c9909c3d4603587dee) I:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/28 12:28:37.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) I:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/28 12:28:37.0046 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) I:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/28 12:28:37.0062 RDPCDD (4912d5b403614ce99c28420f75353332) I:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/28 12:28:37.0078 rdpdr (15cabd0f7c00c47c70124907916af3f1) I:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/28 12:28:37.0093 RDPWD (6728e45b66f93c08f11de2e316fc70dd) I:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/28 12:28:37.0093 redbook (f828dd7e1419b6653894a8f97a0094c5) I:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/28 12:28:37.0125 RTLE8023xp (0c57c0f776361b155b00d245c99b41f6) I:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/11/28 12:28:37.0140 SASDIFSV (d96686fca1f9f6b06f7490553cbda6de) I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/28 12:28:37.0171 SASENUM (7f1085895e499907f68df7731924122b) I:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/11/28 12:28:37.0187 SASKUTIL (2e0e10b8b547a39cdcc1b105239a43a4) I:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/11/28 12:28:37.0203 Secdrv (90a3935d05b494a5a39d37e71f09a677) I:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/28 12:28:37.0234 Sentinel (b3c1b187fefc941f63ce0df93d02eb9f) I:\WINDOWS\System32\Drivers\SENTINEL.SYS
2010/11/28 12:28:37.0234 serenum (0f29512ccd6bead730039fb4bd2c85ce) I:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/28 12:28:37.0250 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) I:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/28 12:28:37.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) I:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/28 12:28:37.0296 SLIP (866d538ebe33709a5c9f5c62b73b7d14) I:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/28 12:28:37.0453 SNP325 (ff2f9204e0542f1bf09b161822fb7556) I:\WINDOWS\system32\DRIVERS\snp325.sys
2010/11/28 12:28:37.0609 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) I:\WINDOWS\system32\drivers\splitter.sys
2010/11/28 12:28:37.0625 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) I:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/28 12:28:37.0656 Srv (0f6aefad3641a657e18081f52d0c15af) I:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/28 12:28:37.0671 streamip (77813007ba6265c4b6098187e6ed79d2) I:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/28 12:28:37.0687 swenum (3941d127aef12e93addf6fe6ee027e0f) I:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/28 12:28:37.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) I:\WINDOWS\system32\drivers\swmidi.sys
2010/11/28 12:28:37.0734 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) I:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/28 12:28:37.0781 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) I:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/28 12:28:37.0796 TDPIPE (6471a66807f5e104e4885f5b67349397) I:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/28 12:28:37.0812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) I:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/28 12:28:37.0843 TermDD (88155247177638048422893737429d9e) I:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/28 12:28:37.0875 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) I:\WINDOWS\system32\drivers\Udfs.sys
2010/11/28 12:28:37.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) I:\WINDOWS\system32\DRIVERS\update.sys
2010/11/28 12:28:37.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) I:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/28 12:28:37.0968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) I:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/28 12:28:38.0000 usbhub (1ab3cdde553b6e064d2e754efe20285c) I:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/28 12:28:38.0015 usbprint (a717c8721046828520c9edf31288fc00) I:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/28 12:28:38.0046 usbstor (a32426d9b14a089eaa1d922e0c5801a9) I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/28 12:28:38.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) I:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/28 12:28:38.0062 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) I:\WINDOWS\System32\drivers\vga.sys
2010/11/28 12:28:38.0078 VolSnap (4c8fcb5cc53aab716d810740fe59d025) I:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/28 12:28:38.0093 Wanarp (e20b95baedb550f32dd489265c1da1f6) I:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/28 12:28:38.0109 wdmaud (6768acf64b18196494413695f0c3a00f) I:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/28 12:28:38.0156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/28 12:28:38.0203 \HardDisk0 - detected Trojan-Clicker.Win32.Wistler.a (0)
2010/11/28 12:28:38.0218 \HardDisk1 - detected Trojan-Clicker.Win32.Wistler.a (0)
2010/11/28 12:28:38.0218 ================================================================================
2010/11/28 12:28:38.0218 Scan finished
2010/11/28 12:28:38.0218 ================================================================================
2010/11/28 12:28:38.0234 Detected object count: 2
2010/11/28 12:28:47.0437 \HardDisk0 - processing error
2010/11/28 12:28:57.0921 \HardDisk0 - will be restored after reboot
2010/11/28 12:28:57.0921 Trojan-Clicker.Win32.Wistler.a(\HardDisk0) - User select action: Cure Restore
2010/11/28 12:28:58.0093 \HardDisk1 - processing error
2010/11/28 12:29:01.0187 \HardDisk1 - restored
2010/11/28 12:29:01.0187 Trojan-Clicker.Win32.Wistler.a(\HardDisk1) - User select action: Cure Restore
2010/11/28 12:29:08.0281 Deinitialize success
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Spomaleny PC - kontrola logu

#12 Příspěvek od vyosek »

TDS neco procistilo, takze to overime

:arrow: Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    "%userprofile%\Desktop\mbr" -t
  • Kliknete na OK
  • Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mogon
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 02 pro 2008 15:57

Re: Spomaleny PC - kontrola logu

#13 Příspěvek od mogon »

prikladám log:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SATA____ rev.0000 -> Harddisk0\DR0 -> \Device\Scsi\JRAID1Port4Path0Target0Lun0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS jraid.sys
I:\WINDOWS\system32\drivers\jraid.sys JMicron Technology Corp. JMicron JMB36X RAID Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AE099C0]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000078[0x8ADD9920]
5 ACPI[0xB7F5F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Scsi\JRAID1Port4Path0Target0Lun0[0x8ADD9A38]
kernel: MBR read successfully
user & kernel MBR OK
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Spomaleny PC - kontrola logu

#14 Příspěvek od vyosek »

:arrow: No, uz to vypada mnohem mnohem lepe...Jeste trochu docistime

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    DDS::
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/

File::
i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003Core.job
i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003UA.job

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=-
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mogon
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 02 pro 2008 15:57

Re: Spomaleny PC - kontrola logu

#15 Příspěvek od mogon »

...log z ComboFix-u :

ComboFix 10-11-26.07 - Mogon . 11. 2010 13:21:59.2.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3326.2825 [GMT 1:00]
Running from: i:\documents and settings\Mogon\Desktop\ComboFix.exe
Command switches used :: i:\documents and settings\Mogon\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003Core.job"
"i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003UA.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003Core.job
i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1390067357-839522115-1003UA.job

.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-28 )))))))))))))))))))))))))))))))
.

2010-11-24 19:24 . 2010-11-24 19:24 -------- d-----w- I:\rsit
2010-11-24 19:19 . 2010-11-24 19:24 -------- d-----w- i:\program files\Trend Micro
2010-11-09 22:09 . 2010-11-09 22:09 -------- d-sh--w- i:\documents and settings\LocalService\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 11:30 . 2009-05-29 19:30 16608 ----a-w- i:\windows\gdrv.sys
2010-09-18 10:23 . 2004-08-03 22:56 974848 ----a-w- i:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-03 22:56 974848 ----a-w- i:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- i:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- i:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-03 22:56 916480 ----a-w- i:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-03 22:56 1469440 ------w- i:\windows\system32\inetcpl.cpl
2010-09-10 05:58 . 2004-08-03 22:56 43520 ----a-w- i:\windows\system32\licmgr10.dll
2010-09-01 11:51 . 2004-08-03 22:56 285824 ----a-w- i:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-03 21:17 1852800 ----a-w- i:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-11-27_10.34.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-28 11:30 . 2010-11-28 11:30 16384 i:\windows\Temp\Perflib_Perfdata_790.dat
+ 2009-05-29 16:46 . 2010-11-28 11:24 32768 i:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-29 16:46 . 2010-11-27 10:34 32768 i:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-29 16:46 . 2010-11-28 11:24 32768 i:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-29 16:46 . 2010-11-27 10:34 32768 i:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-29 16:46 . 2010-11-28 11:24 16384 i:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-29 16:46 . 2010-11-27 10:34 16384 i:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="i:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"JMB36X IDE Setup"="i:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"tsnp325"="i:\windows\tsnp325.exe" [2007-04-21 270336]
"FixCamera"="i:\windows\FixCamera.exe" [2007-07-11 20480]
"snp325"="i:\windows\vsnp325.exe" [2007-05-10 835584]
"egui"="i:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]
"NvMediaCenter"="i:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 09:39 282624 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\LimeWire\\LimeWire.exe"=
"i:\\Program Files\\uTorrent\\utorrent.exe"=
"i:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"i:\\Program Files\\ICQ7.1\\ICQ.exe"=
"i:\\Program Files\\ICQ7.1\\aolload.exe"=
"i:\\WINDOWS\\system32\\java.exe"=
"i:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"i:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"i:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;i:\windows\system32\drivers\ehdrv.sys [29. 3. 2010 16:12 114984]
R1 epfwtdir;epfwtdir;i:\windows\system32\drivers\epfwtdir.sys [29. 3. 2010 16:13 95872]
R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\sasdifsv.sys [10. 10. 2006 11:53 5632]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27. 2. 2007 10:39 32256]
R2 ekrn;ESET Service;i:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29. 3. 2010 16:12 810120]
R3 SNP325;USB PC Camera (SNPSTD325);i:\windows\system32\drivers\snp325.sys [3. 8. 2009 9:16 10394624]
S2 GEST Service;GEST Service for program management.;i:\program files\GIGABYTE\EnergySaver\GSvr.exe [29. 5. 2009 20:31 68136]
S3 SASENUM;SASENUM;i:\program files\SUPERAntiSpyware\SASENUM.SYS [16. 2. 2006 15:51 4096]
S4 sptd;sptd;i:\windows\system32\Drivers\sptd.sys --> i:\windows\system32\Drivers\sptd.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search13.net/
IE: E&xportovať do programu Microsoft Excel - i:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - i:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - i:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - i:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - i:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - i:\program files\Stylish Profile\ct.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - i:\program files\ICQ7.1\ICQ.exe
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file:///I:/Program%20Files/AutoCAD%202002%20Cz/InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file:///I:/Program%20Files/AutoCAD%202002%20Cz/InstBanr.ocx
FF - ProfilePath - i:\documents and settings\Mogon\Application Data\Mozilla\Firefox\Profiles\d2uacjvf.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: i:\documents and settings\Mogon\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: i:\documents and settings\Mogon\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - i:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Quick Starter: jqs@sun.com - i:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\documents and settings\Mogon\Application Data\Mozilla\Firefox\Profiles\d2uacjvf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - i:\documents and settings\Mogon\Application Data\Mozilla\Firefox\Profiles\d2uacjvf.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - i:\documents and settings\Mogon\Application Data\Mozilla\Firefox\Profiles\d2uacjvf.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-28 13:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\i:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,41,ab,60,78,17,bc,4e,af,d6,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,41,ab,60,78,17,bc,4e,af,d6,95,\

[HKEY_USERS\S-1-5-21-746137067-1390067357-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,c2,0e,38,5e,0d,26,7a,5c,61,42,83,71,b9,b9,72,b5,6b,fe,24,8a,
f5,d3,2a,67,cc,9d,25,bc,3b,54,f2,f4,16,fb,d2,0e,03,28,b7,f4,cd,8d,8e,20,e3,\
"rkeysecu"=hex:a5,bc,40,ce,86,26,1c,2d,cf,5b,94,c2,5a,17,81,ce
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
i:\program files\SUPERAntiSpyware\SASWINLO.dll
i:\windows\system32\WININET.dll
.
Completion time: 2010-11-28 13:26:22
ComboFix-quarantined-files.txt 2010-11-28 12:26
ComboFix2.txt 2010-11-27 10:36

Pre-Run: 50 769 149 952 bytes free
Post-Run: 50 785 972 224 bytes free

- - End Of File - - C323312D86B90724AA1F95FCA70B2593
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“