Zdravím, mám doma mašinu, co mi čas od času zatuhne a už netuším co s tím - počistil jsem co se dalo [tempy, nepotřebné věci] a stejně se to nevyřešilo. Jelikož byl OS stejně tak trochu už rozsypanej, tak jsem to komplet přemaloval na čisto a ejhle problém stále přetrvává. Viním z toho bud GPU nebo se mi něco usídlilo na jiných discích, leč avast nic nanašel. Tak jsem spustil RSIT a tady to je:
Ještě poznámečku k tomu druhému vegenerovanému file. Je tam něco o chybě CDROM - to je "v pořádku", děla si co chce, stejně ji nepoužívám, akorát na instalace a to se ji musí chtít, ale je tam chyba i HDD - nic podrobnějšího tam není, až na to že to vypadá na jednotku D, ale nejsem si jist. Když budete chtít ten druhý log, řekněte - to ostatně znáte sami. Uvítám jakékoliv dopručení, protože mne už to hlava nebere ani nemyslí.
======================= START ====================================
Logfile of random's system information tool 1.08 (written by random/random)
Run by vlcek at 2011-03-22 12:46:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 57 GB (68%) free of 83 GB
Total RAM: 1022 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:21, on 22.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Staženo\RSIT.exe
C:\Program Files\trend micro\vlcek.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [OSSelectorReinstall] c:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0694328171
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - c:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6787 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]
"OSSelectorReinstall"=c:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-02-22 2209224]
""= []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\xRaidSetup.exe [2007-05-25 1953792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-10-02 640376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
c:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-02-16 149024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
c:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-02-16 1945960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-10-03 38768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
c:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-02-16 1169776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="acaptuser32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMMyDocs"=1
"NoSMMyPictures"=1
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Wolfram Research\Mathematica\8.0\Mathematica.exe"="C:\Program Files\Wolfram Research\Mathematica\8.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 8"
"C:\Program Files\Wolfram Research\Mathematica\8.0\MathKernel.exe"="C:\Program Files\Wolfram Research\Mathematica\8.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 8 Kernel"
"C:\Program Files\Wolfram Research\Mathematica\8.0\math.exe"="C:\Program Files\Wolfram Research\Mathematica\8.0\math.exe:*:Enabled:math.exe"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE"
======List of files/folders created in the last 1 months======
2011-03-22 12:46:13 ----D---- C:\rsit
2011-03-22 12:46:13 ----D---- C:\Program Files\trend micro
2011-03-22 10:34:09 ----D---- C:\Documents and Settings\vlcek\Data aplikací\Ubisoft
2011-03-22 10:34:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
2011-03-22 10:24:34 ----D---- C:\WINDOWS\system32\NtmsData
2011-03-21 23:48:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Solidshield
2011-03-21 23:40:21 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-03-21 23:40:21 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2011-03-21 23:40:20 ----D---- C:\Documents and Settings\vlcek\Data aplikací\PunkBuster
2011-03-21 23:39:14 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2011-03-21 23:39:14 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2011-03-21 23:39:13 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2011-03-21 23:39:13 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2011-03-21 23:39:12 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2011-03-21 23:39:12 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2011-03-21 23:39:12 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2011-03-21 23:39:11 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2011-03-21 23:39:11 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2011-03-21 23:39:11 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2011-03-21 23:39:10 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2011-03-21 23:39:10 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2011-03-21 23:39:10 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2011-03-21 23:39:09 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2011-03-21 23:39:09 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2011-03-21 23:39:09 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2011-03-21 23:39:09 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2011-03-21 23:39:08 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2011-03-21 23:39:08 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2011-03-21 23:39:08 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2011-03-21 23:39:07 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2011-03-21 23:39:07 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2011-03-21 23:39:07 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2011-03-21 23:39:07 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2011-03-21 23:39:06 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2011-03-21 23:39:06 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2011-03-21 23:39:06 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2011-03-21 23:39:05 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2011-03-21 23:39:05 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2011-03-21 23:39:05 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2011-03-21 23:39:05 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2011-03-21 23:39:04 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2011-03-21 23:39:04 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2011-03-21 23:39:04 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2011-03-21 23:39:03 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2011-03-21 23:39:03 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2011-03-21 23:39:03 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2011-03-21 23:39:02 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2011-03-21 23:39:02 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2011-03-21 23:39:02 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2011-03-21 23:39:02 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2011-03-21 23:39:01 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2011-03-21 23:39:01 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2011-03-21 23:39:01 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2011-03-21 23:39:00 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2011-03-21 23:38:59 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2011-03-21 23:38:59 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2011-03-21 23:38:59 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2011-03-21 23:38:58 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2011-03-21 23:38:58 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2011-03-21 23:38:58 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2011-03-21 23:38:58 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2011-03-21 23:38:57 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2011-03-21 23:38:56 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2011-03-21 23:38:56 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2011-03-21 23:38:55 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2011-03-21 23:38:55 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2011-03-21 23:38:54 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2011-03-21 23:38:54 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2011-03-21 23:38:53 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2011-03-21 23:38:53 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2011-03-21 23:38:53 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2011-03-21 23:38:53 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2011-03-21 23:38:52 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2011-03-21 23:38:52 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2011-03-21 23:38:52 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2011-03-21 23:38:52 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2011-03-21 23:38:51 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2011-03-21 23:38:51 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2011-03-21 23:38:47 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2011-03-21 23:38:46 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2011-03-21 23:38:46 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2011-03-21 23:38:46 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2011-03-21 23:38:46 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2011-03-21 23:38:46 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2011-03-21 23:38:45 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2011-03-21 23:38:45 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2011-03-21 23:38:45 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2011-03-21 23:38:44 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2011-03-21 23:38:19 ----D---- C:\WINDOWS\Logs
2011-03-21 22:04:14 ----D---- C:\Program Files\Ubisoft
2011-03-21 22:03:51 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2011-03-21 22:03:51 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-03-21 20:36:40 ----A---- C:\WINDOWS\system32\AutoPartNt.exe
2011-03-21 20:30:29 ----D---- C:\Documents and Settings\vlcek\Data aplikací\Acronis
2011-03-21 20:18:16 ----A---- C:\WINDOWS\system32\acaptuser32.dll
2011-03-21 19:56:59 ----D---- C:\Staženo
2011-03-21 19:41:30 ----RHD---- C:\Documents and Settings\vlcek\Data aplikací\Microchip
2011-03-21 19:38:34 ----D---- C:\Program Files\Microchip
2011-03-21 19:35:25 ----ASH---- C:\BOOT.BAK
2011-03-21 19:35:05 ----RSHD---- C:\cmdcons
2011-03-21 19:35:05 ----A---- C:\WINDOWS\UPGRADE.TXT
2011-03-21 19:35:04 ----D---- C:\WINDOWS\setup.pss
2011-03-21 19:34:44 ----D---- C:\WINDOWS\setupupd
2011-03-21 18:15:49 ----SHD---- C:\Diskeeper
2011-03-21 18:09:46 ----A---- C:\WINDOWS\system32\drivers\DKRtWrt.sys
2011-03-21 18:09:43 ----D---- C:\Program Files\Common Files\Diskeeper Corporation
2011-03-21 18:09:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Diskeeper Corporation
2011-03-21 18:09:42 ----D---- C:\Program Files\Windows Home Server
2011-03-21 18:09:42 ----D---- C:\Program Files\Diskeeper Corporation
2011-03-21 17:56:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Acronis
2011-03-21 17:49:45 ----D---- C:\Documents and Settings\vlcek\Data aplikací\Mathematica
2011-03-21 17:49:01 ----D---- C:\Program Files\Common Files\Wolfram Research
2011-03-21 17:49:01 ----D---- C:\Program Files\Common Files\ResearchSoft
2011-03-21 17:49:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mathematica
2011-03-21 17:45:13 ----A---- C:\WINDOWS\system32\mlmodule32.dll
2011-03-21 17:45:13 ----A---- C:\WINDOWS\system32\ml32i3.dll
2011-03-21 17:45:13 ----A---- C:\WINDOWS\system32\ml32i2.dll
2011-03-21 17:45:13 ----A---- C:\WINDOWS\system32\ml32i1.dll
2011-03-21 17:43:50 ----D---- C:\Program Files\Wolfram Research
2011-03-21 17:41:34 ----D---- C:\Program Files\CCleaner
2011-03-21 17:37:47 ----D---- C:\Program Files\EAGLE
2011-03-21 17:37:38 ----D---- C:\Documents and Settings\vlcek\Data aplikací\CadSoft
2011-03-21 17:37:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2011-03-21 17:36:15 ----D---- C:\Program Files\Common Files\Macrovision Shared
2011-03-21 17:36:01 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2011-03-21 17:36:01 ----RA---- C:\WINDOWS\system32\AdobePDF.dll
2011-03-21 17:32:45 ----D---- C:\Program Files\Common Files\Adobe
2011-03-21 17:32:45 ----D---- C:\Program Files\Adobe
2011-03-21 17:32:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-03-21 17:28:54 ----A---- C:\WINDOWS\system32\drivers\timntr.sys
2011-03-21 17:28:54 ----A---- C:\WINDOWS\system32\drivers\tifsfilt.sys
2011-03-21 17:27:20 ----A---- C:\WINDOWS\system32\drivers\snapman.sys
2011-03-21 17:27:16 ----D---- C:\Program Files\Common Files\Acronis
2011-03-21 17:27:16 ----D---- C:\Program Files\Acronis
2011-03-21 17:17:26 ----D---- C:\Program Files\Microsoft.NET
2011-03-21 17:14:05 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2011-03-21 16:55:56 ----D---- C:\Documents and Settings\vlcek\Data aplikací\Identities
2011-03-21 09:30:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2011-03-21 09:06:20 ----D---- C:\337e288f7c1e1b9bf002e73c
2011-03-21 09:04:41 ----ASH---- C:\hiberfil.sys
2011-03-21 09:02:22 ----SHD---- C:\RECYCLER
2011-03-21 08:48:59 ----D---- C:\Program Files\Webteh
2011-03-21 08:48:15 ----D---- C:\Program Files\PowerISO
2011-03-21 08:47:47 ----D---- C:\Documents and Settings\vlcek\Data aplikací\Zoner
2011-03-21 08:47:28 ----D---- C:\Program Files\Zoner
2011-03-21 08:47:03 ----D---- C:\Documents and Settings\vlcek\Data aplikací\WinRAR
2011-03-21 08:46:59 ----D---- C:\WINDOWS\WinRAR
2011-03-21 08:46:59 ----D---- C:\Program Files\WinRAR
2011-03-21 08:46:39 ----D---- C:\Documents and Settings\vlcek\Data aplikací\vlc
2011-03-21 08:46:14 ----D---- C:\Program Files\VideoLAN
2011-03-21 08:45:51 ----D---- C:\Program Files\CCCP
2011-03-21 08:44:56 ----D---- C:\WINDOWS\Downloaded Installations
2011-03-21 08:44:43 ----D---- C:\totalcmd
2011-03-21 08:44:43 ----A---- C:\WINDOWS\wincmd.ini
2011-03-21 08:44:43 ----A---- C:\WINDOWS\UC.PIF
2011-03-21 08:44:43 ----A---- C:\WINDOWS\RAR.PIF
2011-03-21 08:44:43 ----A---- C:\WINDOWS\PKZIP.PIF
2011-03-21 08:44:43 ----A---- C:\WINDOWS\PKUNZIP.PIF
2011-03-21 08:44:43 ----A---- C:\WINDOWS\NOCLOSE.PIF
2011-03-21 08:44:43 ----A---- C:\WINDOWS\LHA.PIF
2011-03-21 08:44:43 ----A---- C:\WINDOWS\ARJ.PIF
2011-03-21 08:44:05 ----D---- C:\Program Files\Notepad++
2011-03-21 08:44:05 ----D---- C:\Documents and Settings\vlcek\Data aplikací\Notepad++
2011-03-21 08:43:25 ----D---- C:\Documents and Settings\vlcek\Data aplikací\Mozilla
2011-03-21 08:43:19 ----D---- C:\Program Files\Mozilla Firefox
2011-03-21 08:41:52 ----D---- C:\Program Files\MSBuild
2011-03-21 08:39:30 ----D---- C:\WINDOWS\system32\XPSViewer
2011-03-21 08:39:28 ----D---- C:\WINDOWS\system32\en-us
2011-03-21 08:39:11 ----D---- C:\Program Files\Reference Assemblies
2011-03-21 08:38:54 ----N---- C:\WINDOWS\system32\spmsg2.dll
2011-03-21 08:37:07 ----RSD---- C:\WINDOWS\assembly
2011-03-21 08:36:53 ----D---- C:\WINDOWS\Microsoft.NET
2011-03-21 08:36:11 ----D---- C:\Program Files\Process Explorer
2011-03-21 08:19:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2011-03-21 08:18:57 ----A---- C:\WINDOWS\system32\OpenCL.dll
2011-03-21 08:18:57 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2011-03-21 08:18:57 ----A---- C:\WINDOWS\system32\nvgenco322040.dll
2011-03-21 08:18:57 ----A---- C:\WINDOWS\system32\nvdispco322090.dll
2011-03-21 08:18:57 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2011-03-21 08:18:57 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2011-03-21 08:18:57 ----A---- C:\WINDOWS\system32\nvcuda.dll
2011-03-21 08:18:55 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2011-03-21 08:18:55 ----A---- C:\WINDOWS\system32\nvapi.dll
2011-03-21 08:18:55 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2011-03-21 08:18:55 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-03-21 08:18:19 ----D---- C:\Program Files\NVIDIA Corporation
2011-03-21 08:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-03-21 08:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2011-03-21 08:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-03-21 08:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-03-21 08:15:03 ----D---- C:\Documents and Settings\vlcek\Data aplikací\Adobe
2011-03-21 08:14:44 ----D---- C:\Documents and Settings\vlcek\Data aplikací\Macromedia
2011-03-21 02:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-03-21 02:05:04 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-21 02:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-21 02:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-21 02:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-03-21 02:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-03-21 02:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-03-21 02:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-03-21 02:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-03-21 02:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-03-21 02:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-03-21 02:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-03-21 02:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-03-21 02:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2011-03-21 02:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-03-21 02:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-03-21 02:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-03-21 02:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-03-21 02:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-03-21 02:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-03-21 02:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-03-21 02:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-03-21 02:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-03-21 02:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-03-21 02:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-03-21 02:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2011-03-21 02:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-03-21 02:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-03-21 02:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-03-21 02:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2011-03-21 02:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-03-21 02:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-03-21 02:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-03-21 02:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-03-21 02:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-03-21 02:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2011-03-21 02:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-03-21 02:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-03-21 02:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-03-21 02:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-03-21 02:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-03-21 02:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-03-21 02:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-03-21 02:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-03-21 02:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-03-21 02:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-03-21 02:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-03-21 02:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-03-21 02:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-03-21 02:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-03-21 02:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-03-21 02:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-03-21 02:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2011-03-21 02:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-03-21 02:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-03-21 02:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-03-21 02:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-03-21 02:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2011-03-21 02:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-03-21 02:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-03-21 02:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-03-21 02:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2011-03-21 02:00:22 ----D---- C:\WINDOWS\ie8updates
2011-03-21 02:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-03-21 02:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-03-21 02:00:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-03-21 02:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-03-21 02:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-03-21 01:59:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2011-03-21 01:59:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-03-21 01:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2011-03-21 01:59:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-03-21 01:59:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-03-21 01:59:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-03-21 01:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-03-21 01:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-03-21 01:59:12 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-03-21 01:59:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-03-21 01:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-03-21 01:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2011-03-21 01:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-03-21 01:58:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2011-03-21 01:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-03-21 01:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-03-21 01:58:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-03-21 01:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2011-03-21 01:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2011-03-21 01:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-03-21 01:58:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2011-03-21 01:58:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-03-21 01:58:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-03-21 01:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2011-03-21 01:56:24 ----A---- C:\WINDOWS\system32\h323log.txt
2011-03-21 01:55:33 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2011-03-21 01:55:20 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-03-21 01:54:37 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2011-03-21 01:54:35 ----A---- C:\WINDOWS\system32\mdimon.dll
2011-03-21 01:53:56 ----D---- C:\Program Files\Microsoft Works
2011-03-21 01:53:32 ----D---- C:\Program Files\Microsoft Visual Studio
2011-03-21 01:53:32 ----D---- C:\Program Files\Common Files\DESIGNER
2011-03-21 01:53:29 ----N---- C:\WINDOWS\system32\browserchoice.exe
2011-03-21 01:53:29 ----A---- C:\WINDOWS\system32\usbui.dll
2011-03-21 01:52:32 ----A---- C:\WINDOWS\imsins.BAK
2011-03-21 01:52:30 ----SHD---- C:\WINDOWS\Installer
2011-03-21 01:52:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-21 01:52:29 ----RD---- C:\Program Files
2011-03-21 01:52:29 ----D---- C:\Program Files\Common Files\ODBC
2011-03-21 01:52:29 ----D---- C:\Program Files\Common Files
2011-03-21 01:52:29 ----A---- C:\WINDOWS\ODBCINST.INI
2011-03-21 01:52:20 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-03-21 01:52:20 ----A---- C:\WINDOWS\system32\irclass.dll
2011-03-21 01:52:20 ----A---- C:\WINDOWS\system32\dgsetup.dll
2011-03-21 01:52:20 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2011-03-21 01:52:19 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2011-03-21 01:52:18 ----A---- C:\WINDOWS\TASKMAN.EXE
2011-03-21 01:52:17 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2011-03-21 01:52:17 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2011-03-21 01:52:17 ----A---- C:\WINDOWS\system32\batt.dll
2011-03-21 01:52:16 ----A---- C:\WINDOWS\NOTEPAD.EXE
2011-03-21 01:52:13 ----A---- C:\WINDOWS\system32\storprop.dll
2011-03-21 01:52:07 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-03-21 01:50:26 ----RA---- C:\WINDOWS\SET8.tmp
2011-03-21 01:50:23 ----RA---- C:\WINDOWS\SET4.tmp
2011-03-21 01:50:22 ----RA---- C:\WINDOWS\SET3.tmp
2011-03-21 01:50:17 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-21 01:50:17 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-21 01:50:12 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-03-21 01:49:52 ----A---- C:\WINDOWS\setuplog.txt
2011-03-21 01:49:50 ----D---- C:\Documents and Settings
2011-03-21 01:49:49 ----SHD---- C:\System Volume Information
2011-03-21 01:49:00 ----D---- C:\WINDOWS\pss
2011-03-21 01:48:44 ----ASH---- C:\boot.ini
2011-03-21 01:47:43 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2011-03-21 01:47:08 ----D---- C:\WINDOWS\system32\PreInstall
2011-03-21 01:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2011-03-21 01:47:07 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-21 01:44:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-21 01:44:57 ----RSD---- C:\WINDOWS\Fonts
2011-03-21 01:44:57 ----RD---- C:\WINDOWS\Web
2011-03-21 01:44:57 ----HD---- C:\WINDOWS\inf
2011-03-21 01:44:57 ----D---- C:\WINDOWS\WinSxS
2011-03-21 01:44:57 ----D---- C:\WINDOWS\twain_32
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Temp
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\wins
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\wbem
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\usmt
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\spool
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\ShellExt
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\Setup
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\ras
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\oobe
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\npp
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\mui
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\inetsrv
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\IME
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\icsxml
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\ias
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\export
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\drivers\disdn
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\drivers
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\dhcp
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\cs-cz
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\cs
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\config
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\3com_dmi
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\3076
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\2052
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\1054
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\1042
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\1041
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\1037
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\1033
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\1031
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\1029
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\1028
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32\1025
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system32
2011-03-21 01:44:57 ----D---- C:\WINDOWS\system
2011-03-21 01:44:57 ----D---- C:\WINDOWS\security
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Resources
2011-03-21 01:44:57 ----D---- C:\WINDOWS\repair
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Provisioning
2011-03-21 01:44:57 ----D---- C:\WINDOWS\pchealth
2011-03-21 01:44:57 ----D---- C:\WINDOWS\PeerNet
2011-03-21 01:44:57 ----D---- C:\WINDOWS\NLDRV
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Network Diagnostic
2011-03-21 01:44:57 ----D---- C:\WINDOWS\mui
2011-03-21 01:44:57 ----D---- C:\WINDOWS\msapps
2011-03-21 01:44:57 ----D---- C:\WINDOWS\msagent
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Media
2011-03-21 01:44:57 ----D---- C:\WINDOWS\L2Schemas
2011-03-21 01:44:57 ----D---- C:\WINDOWS\java
2011-03-21 01:44:57 ----D---- C:\WINDOWS\ime
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Help
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Driver Cache
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Debug
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Cursors
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Connection Wizard
2011-03-21 01:44:57 ----D---- C:\WINDOWS\Config
2011-03-21 01:44:57 ----D---- C:\WINDOWS\AppPatch
2011-03-21 01:44:57 ----D---- C:\WINDOWS\addins
2011-03-21 01:44:57 ----D---- C:\WINDOWS
2011-03-21 01:44:56 ----ASH---- C:\pagefile.sys
2011-03-21 01:44:05 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-03-21 01:37:08 ----HD---- C:\Program Files\Uninstall Information
2011-03-21 01:27:15 ----D---- C:\WINDOWS\SHELLNEW
2011-03-21 01:25:12 ----D---- C:\Program Files\Microsoft Office
2011-03-21 01:25:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-03-21 01:24:02 ----RHD---- C:\MSOCache
2011-03-21 01:19:38 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-03-21 01:19:37 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-03-21 01:19:37 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-03-21 01:19:35 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-03-21 01:19:35 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-03-21 01:19:35 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-03-21 01:19:35 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-03-21 01:19:09 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-03-21 01:19:03 ----D---- C:\Program Files\Alwil Software
2011-03-21 01:16:55 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-03-21 01:16:49 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2011-03-21 01:16:40 ----D---- C:\Program Files\Windows Media Connect 2
2011-03-21 01:16:34 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2011-03-21 01:16:11 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2011-03-21 01:15:57 ----D---- C:\WINDOWS\system32\LogFiles
2011-03-21 01:15:57 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-03-21 01:15:51 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2011-03-21 01:15:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2011-03-21 01:15:07 ----D---- C:\WINDOWS\WBEM
2011-03-21 01:14:56 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-03-21 01:14:25 ----HDC---- C:\WINDOWS\ie8
2011-03-21 01:13:19 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2011-03-21 01:11:57 ----RA---- C:\WINDOWS\system32\drivers\Rtenicxp.sys
2011-03-21 01:11:55 ----RA---- C:\WINDOWS\system32\drivers\jraid.sys
2011-03-21 01:11:55 ----R---- C:\WINDOWS\system32\xRaidSetup.exe
2011-03-21 01:11:55 ----R---- C:\WINDOWS\system32\xRaidAPI.dll
2011-03-21 01:11:55 ----D---- C:\RaidTool
2011-03-21 01:11:53 ----D---- C:\WINDOWS\RaidTool
2011-03-21 01:11:47 ----D---- C:\WINDOWS\OPTIONS
2011-03-21 01:11:44 ----D---- C:\Documents and Settings\vlcek\Data aplikací\InstallShield
2011-03-21 01:11:27 ----D---- C:\WINDOWS\system32\Lang
2011-03-21 01:11:26 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2011-03-21 01:11:25 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2011-03-21 01:11:24 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2011-03-21 01:11:23 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2011-03-21 01:11:22 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2011-03-21 01:11:21 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2011-03-21 01:11:20 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2011-03-21 01:11:19 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2011-03-21 01:09:40 ----R---- C:\WINDOWS\system32\ChCfg.exe
2011-03-21 01:09:17 ----D---- C:\WINDOWS\system32\RTCOM
2011-03-21 01:09:15 ----A---- C:\WINDOWS\system32\ksuser.dll
2011-03-21 01:09:15 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2011-03-21 01:09:15 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2011-03-21 01:09:09 ----R---- C:\WINDOWS\SoundMan.exe
2011-03-21 01:09:09 ----R---- C:\WINDOWS\SkyTel.exe
2011-03-21 01:09:08 ----R---- C:\WINDOWS\RtlUpd.exe
2011-03-21 01:09:07 ----R---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011-03-21 01:09:07 ----R---- C:\WINDOWS\RTLCPL.exe
2011-03-21 01:09:04 ----R---- C:\WINDOWS\RTHDCPL.exe
2011-03-21 01:09:03 ----R---- C:\WINDOWS\MicCal.exe
2011-03-21 01:09:02 ----R---- C:\WINDOWS\Alcmtr.exe
2011-03-21 01:09:01 ----R---- C:\WINDOWS\alcwzrd.exe
2011-03-21 01:09:01 ----D---- C:\Program Files\Realtek
2011-03-21 01:09:00 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-21 01:08:58 ----R---- C:\WINDOWS\RtlExUpd.dll
2011-03-21 01:08:58 ----A---- C:\WINDOWS\HideWin.exe
2011-03-21 01:08:54 ----D---- C:\Program Files\Common Files\InstallShield
2011-03-21 01:06:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-03-21 01:06:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-21 01:06:23 ----D---- C:\Program Files\Intel
2011-03-21 01:06:23 ----A---- C:\WINDOWS\system32\CSVer.dll
2011-03-21 01:06:19 ----D---- C:\Intel
2011-03-21 01:05:45 ----A---- C:\WINDOWS\gdrv.sys
2011-03-21 01:03:54 ----SD---- C:\Documents and Settings\vlcek\Data aplikací\Microsoft
2011-03-21 01:03:54 ----ASH---- C:\Documents and Settings\vlcek\Data aplikací\desktop.ini
2011-03-21 01:03:51 ----SHD---- C:\WINDOWS\CSC
2011-03-21 01:03:11 ----D---- C:\WINDOWS\SoftwareDistribution
2011-03-21 01:03:10 ----D---- C:\WINDOWS\Prefetch
2011-03-21 01:03:09 ----SD---- C:\WINDOWS\system32\Microsoft
2011-03-21 01:03:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-21 01:00:52 ----D---- C:\WINDOWS\system32\xircom
2011-03-21 01:00:52 ----D---- C:\Program Files\xerox
2011-03-21 01:00:52 ----D---- C:\Program Files\netmeeting
2011-03-21 01:00:52 ----D---- C:\Program Files\msn gaming zone
2011-03-21 01:00:52 ----D---- C:\Program Files\microsoft frontpage
2011-03-21 01:00:52 ----D---- C:\Program Files\Common Files\speechengines
2011-03-21 01:00:36 ----RASH---- C:\MSDOS.SYS
2011-03-21 01:00:36 ----RASH---- C:\IO.SYS
2011-03-21 01:00:36 ----A---- C:\WINDOWS\control.ini
2011-03-21 01:00:36 ----A---- C:\CONFIG.SYS
2011-03-21 01:00:36 ----A---- C:\AUTOEXEC.BAT
2011-03-21 01:00:28 ----A---- C:\WINDOWS\OEWABLog.txt
2011-03-21 01:00:25 ----A---- C:\WINDOWS\system32\mapi32.dll
2011-03-21 00:59:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-03-21 00:59:46 ----RD---- C:\WINDOWS\Offline Web Pages
2011-03-21 00:59:46 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2011-03-21 00:59:41 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-03-21 00:59:38 ----HD---- C:\Program Files\WindowsUpdate
2011-03-21 00:59:35 ----D---- C:\Program Files\Online Services
2011-03-21 00:59:22 ----D---- C:\WINDOWS\system32\DirectX
2011-03-21 00:59:16 ----A---- C:\WINDOWS\system32\atrace.dll
2011-03-21 00:59:15 ----A---- C:\WINDOWS\system32\desktop.ini
2011-03-21 00:59:15 ----A---- C:\WINDOWS\desktop.ini
2011-03-21 00:59:08 ----D---- C:\Program Files\Common Files\Services
2011-03-21 00:59:08 ----A---- C:\WINDOWS\system32\acctres.dll
2011-03-21 00:59:05 ----SD---- C:\WINDOWS\Tasks
2011-03-21 00:59:05 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2011-03-21 00:59:04 ----D---- C:\Program Files\Common Files\MSSoap
2011-03-21 00:59:00 ----D---- C:\WINDOWS\srchasst
2011-03-21 00:58:59 ----D---- C:\WINDOWS\system32\Macromed
2011-03-21 00:58:57 ----A---- C:\WINDOWS\system32\wuweb.dll
2011-03-21 00:58:57 ----A---- C:\WINDOWS\system32\wucltui.dll
2011-03-21 00:58:57 ----A---- C:\WINDOWS\system32\wuauserv.dll
2011-03-21 00:58:56 ----A---- C:\WINDOWS\system32\wups.dll
2011-03-21 00:58:56 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2011-03-21 00:58:56 ----A---- C:\WINDOWS\system32\wuaueng.dll
2011-03-21 00:58:56 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2011-03-21 00:58:56 ----A---- C:\WINDOWS\system32\wuauclt.exe
2011-03-21 00:58:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2011-03-21 00:58:55 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2011-03-21 00:58:55 ----A---- C:\WINDOWS\system32\qmgr.dll
2011-03-21 00:58:55 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2011-03-21 00:58:55 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2011-03-21 00:58:55 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2011-03-21 00:58:51 ----D---- C:\Program Files\Movie Maker
2011-03-21 00:58:34 ----A---- C:\WINDOWS\system32\safrslv.dll
2011-03-21 00:58:34 ----A---- C:\WINDOWS\system32\safrdm.dll
2011-03-21 00:58:34 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2011-03-21 00:58:34 ----A---- C:\WINDOWS\system32\racpldlg.dll
2011-03-21 00:58:29 ----A---- C:\WINDOWS\system32\fltMc.exe
2011-03-21 00:58:29 ----A---- C:\WINDOWS\system32\fltlib.dll
2011-03-21 00:58:29 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2011-03-21 00:58:28 ----D---- C:\WINDOWS\system32\Restore
2011-03-21 00:58:28 ----A---- C:\WINDOWS\system32\srsvc.dll
2011-03-21 00:58:28 ----A---- C:\WINDOWS\system32\srrstr.dll
2011-03-21 00:58:28 ----A---- C:\WINDOWS\system32\srclient.dll
2011-03-21 00:58:28 ----A---- C:\WINDOWS\system32\msoert2.dll
2011-03-21 00:58:28 ----A---- C:\WINDOWS\system32\msoeacct.dll
2011-03-21 00:58:28 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2011-03-21 00:58:27 ----A---- C:\WINDOWS\system32\inetres.dll
2011-03-21 00:58:26 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-03-21 00:58:24 ----HD---- C:\Program Files\Outlook Express
2011-03-21 00:58:24 ----A---- C:\WINDOWS\system32\schedsvc.dll
2011-03-21 00:58:24 ----A---- C:\WINDOWS\system32\mstinit.exe
2011-03-21 00:58:24 ----A---- C:\WINDOWS\system32\mstask.dll
2011-03-21 00:58:24 ----A---- C:\WINDOWS\system32\isign32.dll
2011-03-21 00:58:24 ----A---- C:\WINDOWS\system32\icwphbk.dll
2011-03-21 00:58:24 ----A---- C:\WINDOWS\system32\icwdial.dll
2011-03-21 00:58:23 ----A---- C:\WINDOWS\system32\inetcfg.dll
2011-03-21 00:58:18 ----D---- C:\Program Files\Common Files\System
2011-03-21 00:58:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-03-21 00:58:14 ----HD---- C:\Program Files\Internet Explorer
2011-03-21 00:57:48 ----D---- C:\Program Files\ComPlus Applications
2011-03-21 00:57:46 ----A---- C:\WINDOWS\vbaddin.ini
2011-03-21 00:57:46 ----A---- C:\WINDOWS\vb.ini
2011-03-21 00:57:43 ----D---- C:\WINDOWS\Registration
2011-03-21 00:57:38 ----D---- C:\Program Files\Windows Media Player
2011-03-21 00:57:33 ----A---- C:\WINDOWS\system32\sndvol32.exe
2011-03-21 00:57:33 ----A---- C:\WINDOWS\system32\hticons.dll
2011-03-21 00:57:33 ----A---- C:\WINDOWS\system32\avwav.dll
2011-03-21 00:57:33 ----A---- C:\WINDOWS\system32\avtapi.dll
2011-03-21 00:57:33 ----A---- C:\WINDOWS\system32\avmeter.dll
2011-03-21 00:57:32 ----A---- C:\WINDOWS\system32\winchat.exe
2011-03-21 00:57:30 ----A---- C:\WINDOWS\system32\charmap.exe
2011-03-21 00:57:30 ----A---- C:\WINDOWS\system32\getuname.dll
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\tslabels.ini
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\tskill.exe
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\tscon.exe
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\shadow.exe
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\rwinsta.exe
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\reset.exe
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\regini.exe
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\qwinsta.exe
2011-03-21 00:57:29 ----A---- C:\WINDOWS\system32\calc.exe
2011-03-21 00:57:28 ----A---- C:\WINDOWS\system32\qappsrv.exe
2011-03-21 00:57:28 ----A---- C:\WINDOWS\system32\msg.exe
2011-03-21 00:57:28 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2011-03-21 00:57:28 ----A---- C:\WINDOWS\system32\logoff.exe
2011-03-21 00:57:28 ----A---- C:\WINDOWS\system32\cdmodem.dll
2011-03-21 00:57:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2011-03-21 00:57:23 ----A---- C:\WINDOWS\system32\sndrec32.exe
2011-03-21 00:57:23 ----A---- C:\WINDOWS\system32\mplay32.exe
2011-03-21 00:57:22 ----D---- C:\Program Files\Windows NT
2011-03-21 00:57:22 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-03-21 00:57:22 ----A---- C:\WINDOWS\system32\hypertrm.dll
2011-03-21 00:57:21 ----A---- C:\WINDOWS\system32\tsgqec.dll
2011-03-21 00:57:21 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2011-03-21 00:57:21 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2011-03-21 00:57:21 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2011-03-21 00:57:21 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-03-21 00:57:20 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2011-03-21 00:57:20 ----A---- C:\WINDOWS\system32\aaclient.dll
2011-03-21 00:57:19 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-03-21 00:57:19 ----A---- C:\WINDOWS\system32\remotepg.dll
2011-03-21 00:57:19 ----A---- C:\WINDOWS\system32\rdshost.exe
2011-03-21 00:57:19 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2011-03-21 00:57:19 ----A---- C:\WINDOWS\system32\rdchost.dll
2011-03-21 00:57:19 ----A---- C:\WINDOWS\system32\mstscax.dll
2011-03-21 00:57:19 ----A---- C:\WINDOWS\system32\mstsc.exe
2011-03-21 00:57:18 ----D---- C:\WINDOWS\system32\MsDtc
2011-03-21 00:57:18 ----A---- C:\WINDOWS\system32\termsrv.dll
2011-03-21 00:57:18 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2011-03-21 00:57:18 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2011-03-21 00:57:18 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-03-21 00:57:18 ----A---- C:\WINDOWS\system32\qprocess.exe
2011-03-21 00:57:18 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2011-03-21 00:57:18 ----A---- C:\WINDOWS\system32\icaapi.dll
2011-03-21 00:57:18 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2011-03-21 00:57:17 ----A---- C:\WINDOWS\system32\xolehlp.dll
2011-03-21 00:57:17 ----A---- C:\WINDOWS\system32\mtxoci.dll
2011-03-21 00:57:17 ----A---- C:\WINDOWS\system32\msdtctm.dll
2011-03-21 00:57:17 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2011-03-21 00:57:17 ----A---- C:\WINDOWS\system32\msdtclog.dll
2011-03-21 00:57:17 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-03-21 00:57:16 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2011-03-21 00:57:16 ----A---- C:\WINDOWS\system32\mtxex.dll
2011-03-21 00:57:16 ----A---- C:\WINDOWS\system32\mtxdm.dll
2011-03-21 00:57:16 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2011-03-21 00:57:15 ----D---- C:\WINDOWS\system32\Com
2011-03-21 00:57:15 ----A---- C:\WINDOWS\system32\stclient.dll
2011-03-21 00:57:15 ----A---- C:\WINDOWS\system32\comrepl.dll
2011-03-21 00:57:15 ----A---- C:\WINDOWS\system32\comaddin.dll
2011-03-21 00:57:15 ----A---- C:\WINDOWS\system32\colbact.dll
2011-03-21 00:57:15 ----A---- C:\WINDOWS\system32\clbcatex.dll
2011-03-21 00:57:15 ----A---- C:\WINDOWS\system32\catsrvut.dll
2011-03-21 00:57:15 ----A---- C:\WINDOWS\system32\catsrvps.dll
2011-03-21 00:57:14 ----A---- C:\WINDOWS\system32\comuid.dll
2011-03-21 00:57:14 ----A---- C:\WINDOWS\system32\comsvcs.dll
2011-03-21 00:57:14 ----A---- C:\WINDOWS\system32\comsnap.dll
2011-03-21 00:57:14 ----A---- C:\WINDOWS\system32\catsrv.dll
2011-03-21 00:57:13 ----A---- C:\WINDOWS\system32\clbcatq.dll
2011-03-21 00:57:07 ----A---- C:\WINDOWS\system32\servdeps.dll
2011-03-21 00:57:07 ----A---- C:\WINDOWS\system32\mmfutil.dll
2011-03-21 00:57:07 ----A---- C:\WINDOWS\system32\licwmi.dll
2011-03-21 00:57:07 ----A---- C:\WINDOWS\system32\cmprops.dll
2011-03-21 00:57:03 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2011-03-21 00:57:03 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2011-03-20 23:30:34 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2011-03-20 23:18:15 ----A---- C:\WINDOWS\system32\syssetup.dll
2011-03-20 23:18:15 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
======List of files/folders modified in the last 1 months======
2011-03-22 10:27:42 ----A---- C:\WINDOWS\win.ini
2011-03-22 10:27:42 ----A---- C:\WINDOWS\system.ini
2011-03-21 01:00:15 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2011-03-20 23:29:47 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2011-03-20 23:29:47 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2011-03-20 23:29:47 ----A---- C:\WINDOWS\system32\pjlmon.dll
2011-03-20 23:29:47 ----A---- C:\WINDOWS\system32\pid.dll
2011-03-20 23:29:47 ----A---- C:\WINDOWS\system32\hid.dll
2011-03-20 23:29:47 ----A---- C:\WINDOWS\system32\dmutil.dll
2011-03-20 23:29:47 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2011-03-20 23:27:42 ----A---- C:\WINDOWS\system32\wowfaxui.dll
2011-03-20 23:27:42 ----A---- C:\WINDOWS\system32\wowfax.dll
2011-03-20 23:27:42 ----A---- C:\WINDOWS\system32\streamci.dll
2011-03-20 23:27:42 ----A---- C:\WINDOWS\system32\sprio800.dll
2011-03-20 23:27:42 ----A---- C:\WINDOWS\system32\sprio600.dll
2011-03-20 23:27:42 ----A---- C:\WINDOWS\system32\spnike.dll
2011-03-20 23:27:42 ----A---- C:\WINDOWS\system32\paqsp.dll
2011-03-20 23:27:42 ----A---- C:\WINDOWS\system32\mdwmdmsp.dll
2011-03-20 23:27:42 ----A---- C:\WINDOWS\system32\dvdplay.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Jraid;Jraid; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-06-13 48256]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2011-03-21 114048]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2011-03-21 392320]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2011-03-21 32768]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 DKRtWrt;DKRtWrt; C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys [2010-09-22 44368]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2011-03-20 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-08-07 98944]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; c:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-02-16 411168]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2010-12-20 1734480]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-03-21 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-03-21 75136]
-----------------EOF-----------------
Děkuji za pomoc, afroun
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nepravidelné zatuhávání
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Nepravidelné zatuhávání
Zdravím, tohle fixni v HJT :
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\vlcek.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
V mezičase otestuj HDD a písni jak to dopadlo.
Stáhni HD Tune a otestuj HDD.
Benchmark - Test disku Klikni na tlačítko Start a vyčkej dokud se nezaplní celý graf. Poté se dozvíš přenosovou rychlost a přístupový čas pevného disku.
Info Přesná kapacita, souborový systém, podporované funkce, verze firmware, sériové číslo a typ zapojení disků.
Health - Kondice Seznam důležitých parametrů a jejich hodnoty. Ideální je mít všude OK.
Když je nějaká položka žlutá pravděpodobně brzy změní status na failed. Když je červená má status failed, to by znamenalo výměnu disku.
Error Scan - Hledání chyb Klikni na tlačítko Start a program prozkoumá disk zda na něm nejsou vadné bloky.
Pokud na konci testu jsou všechny zelené, je vše v pořádku. Když je byť jeden z nich červený, doporučuji zazálohovat data a počítat s výměnou disku.
Teplota Teploměr nahoře a číslo vedle něj znázorňují teplotu disku. Normální hodnota je pod 50°C. Teplota ale nesmí přesáhnout 60°C, program upozorní když dosáhne hranice 55°C.
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
HJT najdeš zde :
C:\Program Files\trend micro\vlcek.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\tasks\At*.job /s
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
V mezičase otestuj HDD a písni jak to dopadlo.
Stáhni HD Tune a otestuj HDD.
Benchmark - Test disku Klikni na tlačítko Start a vyčkej dokud se nezaplní celý graf. Poté se dozvíš přenosovou rychlost a přístupový čas pevného disku.
Info Přesná kapacita, souborový systém, podporované funkce, verze firmware, sériové číslo a typ zapojení disků.
Health - Kondice Seznam důležitých parametrů a jejich hodnoty. Ideální je mít všude OK.
Když je nějaká položka žlutá pravděpodobně brzy změní status na failed. Když je červená má status failed, to by znamenalo výměnu disku.
Error Scan - Hledání chyb Klikni na tlačítko Start a program prozkoumá disk zda na něm nejsou vadné bloky.
Pokud na konci testu jsou všechny zelené, je vše v pořádku. Když je byť jeden z nich červený, doporučuji zazálohovat data a počítat s výměnou disku.
Teplota Teploměr nahoře a číslo vedle něj znázorňují teplotu disku. Normální hodnota je pod 50°C. Teplota ale nesmí přesáhnout 60°C, program upozorní když dosáhne hranice 55°C.
Re: Nepravidelné zatuhávání
Tadááá...výsledek:
================================ OTM ================================================
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
File/Folder C:\WINDOWS\tasks\At*.job not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33616 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
User: vlcek
->Temp folder emptied: 211248595 bytes
->Temporary Internet Files folder emptied: 21724402 bytes
->FireFox cache emptied: 46513667 bytes
->Flash cache emptied: 2872634 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180707 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4336640 bytes
Total Files Cleaned = 274,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 03222011_150430
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_770.dat moved successfully.
Registry entries deleted on Reboot...
======================================= EOF =================================
Po najetí do profilu to psalo, že winlogon.exe musí být ukončen, ale jinak se to zatím chová mravně. HJT to všechno fixnul bezproblémů.
Takže jdu se vrhnout na ty disky.
update:
Jejich paramtery a SMART je všude OK. Jsou taky poměrně nové, mám je asi tak druhým rokem. Přístupové doby a rychlost čtení není nejhorší ale mohlo by to být lepší, tím to však rozhodně nebude. Ale celkem mne fascinuje jak na větších kapacitách jsou ty testy horší, respektive jedna 500GB je docela bída. Spíš by mne ale zajímalo, proč mi pořád nechce fungovat SATA II. To tady ale řešit nebudeme. Povrchové čtení jsem dal QUICK TEST na všech třech a jsou 100% OK. Na DEEP SCNA nemám teď úplně čas. Spíš by chtěly naformátovat, nejdrřív musím někde sehnat prázdný disk - 500 GB se zálohuje celkem těžko. Teploty jsou naprosto výtečné - ofukuje je nasávací větrák.
Spíš bych řekl, že ten balast, co jsme MOVEli a FIXli, tomu pomůže více.
afroun
================================ OTM ================================================
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
File/Folder C:\WINDOWS\tasks\At*.job not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33616 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
User: vlcek
->Temp folder emptied: 211248595 bytes
->Temporary Internet Files folder emptied: 21724402 bytes
->FireFox cache emptied: 46513667 bytes
->Flash cache emptied: 2872634 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180707 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4336640 bytes
Total Files Cleaned = 274,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 03222011_150430
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_770.dat moved successfully.
Registry entries deleted on Reboot...
======================================= EOF =================================
Po najetí do profilu to psalo, že winlogon.exe musí být ukončen, ale jinak se to zatím chová mravně. HJT to všechno fixnul bezproblémů.
Takže jdu se vrhnout na ty disky.
update:
Jejich paramtery a SMART je všude OK. Jsou taky poměrně nové, mám je asi tak druhým rokem. Přístupové doby a rychlost čtení není nejhorší ale mohlo by to být lepší, tím to však rozhodně nebude. Ale celkem mne fascinuje jak na větších kapacitách jsou ty testy horší, respektive jedna 500GB je docela bída. Spíš by mne ale zajímalo, proč mi pořád nechce fungovat SATA II. To tady ale řešit nebudeme. Povrchové čtení jsem dal QUICK TEST na všech třech a jsou 100% OK. Na DEEP SCNA nemám teď úplně čas. Spíš by chtěly naformátovat, nejdrřív musím někde sehnat prázdný disk - 500 GB se zálohuje celkem těžko. Teploty jsou naprosto výtečné - ofukuje je nasávací větrák.
Spíš bych řekl, že ten balast, co jsme MOVEli a FIXli, tomu pomůže více.
afroun
Re: Nepravidelné zatuhávání
Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!
tímto po sobě uklidí.
Nyní zkusíme větší kalibr tak že pozorně číst, protože tenhle softík netoleruje chyby.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
tímto po sobě uklidí.
Nyní zkusíme větší kalibr tak že pozorně číst, protože tenhle softík netoleruje chyby.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Nepravidelné zatuhávání
Tak a je uklizeno - takove programy co po sobě uklidí úplně vše mám rád.
KDyž jsem měl ještě starý systém, tak jsem spustil ComboFix s tím, že to tam udělá co chce, stejně je to jedno. Jenže předtim mi nehlásil rootkit. Ted mi to zahlásilo Rootkit a zrestartil se. Svět se zbláznil - ani ne den nový systém a je tam Rootkit, se mi ještě nestalo. Na druhou stranu co bych chtěl, vždyť jsou to Windows. Za chvili jsem postnu log.
===================================== START =============================
ComboFix 11-03-21.02 - vlcek 22.03.2011 19:08:36.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.583 [GMT 1:00]
Spuštěný z: c:\staženo\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 110322-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\zlibwapi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-22 do 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-21 18:56 . 2011-03-22 18:02 -------- d-----w- C:\Staženo
2011-03-21 17:15 . 2011-03-21 17:15 -------- d-----w- C:\Diskeeper
2011-03-21 08:06 . 2011-03-21 08:06 -------- d-----w- C:\337e288f7c1e1b9bf002e73c
2011-03-21 07:44 . 2011-03-21 08:05 -------- d-----w- C:\totalcmd
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 22:29 . 2008-04-14 07:53 294912 ----a-w- c:\windows\system32\msh263.drv
2011-03-20 22:29 . 2008-04-14 07:52 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2011-03-20 22:29 . 2008-04-14 07:52 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2011-03-20 22:29 . 2008-04-14 07:51 35328 ----a-w- c:\windows\system32\pid.dll
2011-03-20 22:29 . 2008-04-14 07:51 15360 ----a-w- c:\windows\system32\pjlmon.dll
2011-03-20 22:29 . 2008-04-14 07:51 20992 ----a-w- c:\windows\system32\hid.dll
2011-03-20 22:29 . 2008-04-14 07:51 51200 ----a-w- c:\windows\system32\dmutil.dll
2011-03-20 22:29 . 2008-04-14 07:51 49152 ----a-w- c:\windows\system32\cnbjmon.dll
2011-03-20 22:29 . 2008-04-14 07:10 80000 ----a-w- c:\windows\system32\drivers\parport.sys
2011-03-20 22:29 . 2008-04-14 07:10 46592 ----a-w- c:\windows\system32\drivers\p3.sys
2011-03-20 22:29 . 2008-04-14 06:56 40576 ----a-w- c:\windows\system32\drivers\crusoe.sys
2011-03-20 22:29 . 2008-04-14 06:41 39680 ----a-w- c:\windows\system32\drivers\processr.sys
2011-03-20 22:29 . 2008-04-14 06:38 41600 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-03-20 22:29 . 2008-04-14 06:38 41216 ----a-w- c:\windows\system32\drivers\amdk6.sys
2011-03-20 22:29 . 2008-04-14 06:36 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2011-03-20 22:29 . 2008-04-14 06:36 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2011-03-20 22:29 . 2008-04-13 23:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-03-20 22:29 . 2008-04-13 23:26 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2011-03-20 22:29 . 2008-04-13 23:21 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2011-03-20 22:29 . 2008-04-13 23:21 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2011-03-20 22:29 . 2008-04-13 23:16 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2011-03-20 22:29 . 2008-04-13 23:15 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2011-03-20 22:29 . 2008-04-13 23:15 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2011-03-20 22:29 . 2008-04-13 23:15 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2011-03-20 22:29 . 2008-04-13 23:09 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-03-20 22:29 . 2008-04-13 23:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-03-20 22:29 . 2008-04-13 23:06 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2011-03-20 22:27 . 2001-10-24 11:25 56320 ----a-w- c:\windows\system32\dvdplay.exe
2011-03-20 22:27 . 2001-10-24 11:25 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2011-03-20 22:27 . 2001-10-24 11:25 8192 ----a-w- c:\windows\system32\streamci.dll
2011-03-20 22:27 . 2001-10-24 11:25 72192 ----a-w- c:\windows\system32\sprio800.dll
2011-03-20 22:27 . 2001-10-24 11:25 70656 ----a-w- c:\windows\system32\sprio600.dll
2011-03-20 22:27 . 2001-10-24 11:25 69632 ----a-w- c:\windows\system32\spnike.dll
2011-03-20 22:27 . 2001-10-24 11:25 157696 ----a-w- c:\windows\system32\paqsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 3200 ----a-w- c:\windows\system32\wowfax.dll
2011-03-20 22:27 . 2001-10-24 10:55 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2011-03-20 22:27 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-20 22:27 . 2001-08-17 21:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2011-03-20 22:27 . 2001-08-17 20:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-01-21 14:44 . 2008-04-14 06:51 8466432 ----a-w- c:\windows\system32\shell32.dll
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-01-07 18:58 . 2011-01-07 18:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-01-07 18:58 . 2011-01-07 18:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-01-07 18:58 . 2011-01-07 18:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-01-07 18:58 . 2011-01-07 18:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-01-07 18:58 . 2011-01-07 18:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-01-07 18:58 . 2011-01-07 18:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-01-07 18:58 . 2011-01-07 18:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-01-07 18:58 . 2011-01-07 18:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-01-07 18:58 . 2011-01-07 18:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 18:58 . 2011-01-07 18:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 18:58 . 2011-01-07 18:58 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 18:58 . 2011-01-07 18:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 18:58 . 2011-01-07 18:58 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 18:58 . 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:58 . 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[-] 2011-03-20 . 8B097BAE2A460C37BB4FD5DCBAE7570E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
.
c:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-25 06:07 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-16 17:49 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-16 17:57 1945960 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-16 17:45 1169776 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.3.2011 1:19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.3.2011 1:19 20560]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [21.3.2011 18:09 44368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vlcek\Data aplikací\Mozilla\Firefox\Profiles\qxax9zpf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-22 19:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\_av_proI.tm~a02296
c:\windows\TEMP\_av_proI.tm~a02296\setup.lok 0 bytes
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2848)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2011-03-22 19:16:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-22 18:16
.
Před spuštěním: Volných bajtů: 59 537 494 016
Po spuštění: Volných bajtů: 59 440 734 208
.
- - End Of File - - B4F1B75D3A4DB57BE535EEF041ACCA04
KDyž jsem měl ještě starý systém, tak jsem spustil ComboFix s tím, že to tam udělá co chce, stejně je to jedno. Jenže předtim mi nehlásil rootkit. Ted mi to zahlásilo Rootkit a zrestartil se. Svět se zbláznil - ani ne den nový systém a je tam Rootkit, se mi ještě nestalo. Na druhou stranu co bych chtěl, vždyť jsou to Windows. Za chvili jsem postnu log.
===================================== START =============================
ComboFix 11-03-21.02 - vlcek 22.03.2011 19:08:36.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.583 [GMT 1:00]
Spuštěný z: c:\staženo\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 110322-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\zlibwapi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-22 do 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-21 18:56 . 2011-03-22 18:02 -------- d-----w- C:\Staženo
2011-03-21 17:15 . 2011-03-21 17:15 -------- d-----w- C:\Diskeeper
2011-03-21 08:06 . 2011-03-21 08:06 -------- d-----w- C:\337e288f7c1e1b9bf002e73c
2011-03-21 07:44 . 2011-03-21 08:05 -------- d-----w- C:\totalcmd
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 22:29 . 2008-04-14 07:53 294912 ----a-w- c:\windows\system32\msh263.drv
2011-03-20 22:29 . 2008-04-14 07:52 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2011-03-20 22:29 . 2008-04-14 07:52 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2011-03-20 22:29 . 2008-04-14 07:51 35328 ----a-w- c:\windows\system32\pid.dll
2011-03-20 22:29 . 2008-04-14 07:51 15360 ----a-w- c:\windows\system32\pjlmon.dll
2011-03-20 22:29 . 2008-04-14 07:51 20992 ----a-w- c:\windows\system32\hid.dll
2011-03-20 22:29 . 2008-04-14 07:51 51200 ----a-w- c:\windows\system32\dmutil.dll
2011-03-20 22:29 . 2008-04-14 07:51 49152 ----a-w- c:\windows\system32\cnbjmon.dll
2011-03-20 22:29 . 2008-04-14 07:10 80000 ----a-w- c:\windows\system32\drivers\parport.sys
2011-03-20 22:29 . 2008-04-14 07:10 46592 ----a-w- c:\windows\system32\drivers\p3.sys
2011-03-20 22:29 . 2008-04-14 06:56 40576 ----a-w- c:\windows\system32\drivers\crusoe.sys
2011-03-20 22:29 . 2008-04-14 06:41 39680 ----a-w- c:\windows\system32\drivers\processr.sys
2011-03-20 22:29 . 2008-04-14 06:38 41600 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-03-20 22:29 . 2008-04-14 06:38 41216 ----a-w- c:\windows\system32\drivers\amdk6.sys
2011-03-20 22:29 . 2008-04-14 06:36 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2011-03-20 22:29 . 2008-04-14 06:36 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2011-03-20 22:29 . 2008-04-13 23:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-03-20 22:29 . 2008-04-13 23:26 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2011-03-20 22:29 . 2008-04-13 23:21 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2011-03-20 22:29 . 2008-04-13 23:21 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2011-03-20 22:29 . 2008-04-13 23:16 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2011-03-20 22:29 . 2008-04-13 23:15 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2011-03-20 22:29 . 2008-04-13 23:15 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2011-03-20 22:29 . 2008-04-13 23:15 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2011-03-20 22:29 . 2008-04-13 23:09 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-03-20 22:29 . 2008-04-13 23:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-03-20 22:29 . 2008-04-13 23:06 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2011-03-20 22:27 . 2001-10-24 11:25 56320 ----a-w- c:\windows\system32\dvdplay.exe
2011-03-20 22:27 . 2001-10-24 11:25 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2011-03-20 22:27 . 2001-10-24 11:25 8192 ----a-w- c:\windows\system32\streamci.dll
2011-03-20 22:27 . 2001-10-24 11:25 72192 ----a-w- c:\windows\system32\sprio800.dll
2011-03-20 22:27 . 2001-10-24 11:25 70656 ----a-w- c:\windows\system32\sprio600.dll
2011-03-20 22:27 . 2001-10-24 11:25 69632 ----a-w- c:\windows\system32\spnike.dll
2011-03-20 22:27 . 2001-10-24 11:25 157696 ----a-w- c:\windows\system32\paqsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 3200 ----a-w- c:\windows\system32\wowfax.dll
2011-03-20 22:27 . 2001-10-24 10:55 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2011-03-20 22:27 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-20 22:27 . 2001-08-17 21:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2011-03-20 22:27 . 2001-08-17 20:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-01-21 14:44 . 2008-04-14 06:51 8466432 ----a-w- c:\windows\system32\shell32.dll
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-01-07 18:58 . 2011-01-07 18:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-01-07 18:58 . 2011-01-07 18:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-01-07 18:58 . 2011-01-07 18:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-01-07 18:58 . 2011-01-07 18:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-01-07 18:58 . 2011-01-07 18:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-01-07 18:58 . 2011-01-07 18:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-01-07 18:58 . 2011-01-07 18:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-01-07 18:58 . 2011-01-07 18:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-01-07 18:58 . 2011-01-07 18:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 18:58 . 2011-01-07 18:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 18:58 . 2011-01-07 18:58 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 18:58 . 2011-01-07 18:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 18:58 . 2011-01-07 18:58 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 18:58 . 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:58 . 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[-] 2011-03-20 . 8B097BAE2A460C37BB4FD5DCBAE7570E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
.
c:\windows\System32\regsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-25 06:07 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-16 17:49 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-16 17:57 1945960 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-16 17:45 1169776 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.3.2011 1:19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.3.2011 1:19 20560]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [21.3.2011 18:09 44368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vlcek\Data aplikací\Mozilla\Firefox\Profiles\qxax9zpf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-22 19:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\_av_proI.tm~a02296
c:\windows\TEMP\_av_proI.tm~a02296\setup.lok 0 bytes
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2848)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2011-03-22 19:16:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-22 18:16
.
Před spuštěním: Volných bajtů: 59 537 494 016
Po spuštění: Volných bajtů: 59 440 734 208
.
- - End Of File - - B4F1B75D3A4DB57BE535EEF041ACCA04
Re: Nepravidelné zatuhávání
Ono záleží jaké jsou to Windows 
Pokud jsi tak ještě neučinil, přesuň Combofix na Plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Stáhni TDSSKiller a ulož ho na plochu.
Spusť aplikaci, vyber volbu Spustit kontrolu a klik na Start sken
Pokud aplikace najde infikovaný soubor, ukáže se Ti předvolená akce Cure,
v tom případě potvrď tlačítko Continue
Pokud bude chtít apliakce restartovat počítač, klikni na tlačítko Reboot Now
Pokud si restart nevyžádá, klikni na tlačítko Report.
Po té na Tebe vypadne log, jeho obsah zkopíruj ho sem.
Pokud se log nezobrazí, je uložený na C:\TDSSKiller
Pokud jsi tak ještě neučinil, přesuň Combofix na Plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
FCopy::
c:\windows\ServicePackFiles\i386\regsvc.dll | c:\windows\System32\regsvc.dll
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Stáhni TDSSKiller a ulož ho na plochu.
Spusť aplikaci, vyber volbu Spustit kontrolu a klik na Start sken
Pokud aplikace najde infikovaný soubor, ukáže se Ti předvolená akce Cure,
v tom případě potvrď tlačítko Continue
Pokud bude chtít apliakce restartovat počítač, klikni na tlačítko Reboot Now
Pokud si restart nevyžádá, klikni na tlačítko Report.
Po té na Tebe vypadne log, jeho obsah zkopíruj ho sem.
Pokud se log nezobrazí, je uložený na C:\TDSSKiller
Re: Nepravidelné zatuhávání
Combofix script - na začátku opět detekoval aktivitu rootkitu - je to někde zažraný, že by na jiných discích? No jo koukám, že jsem ho předtím spouštěl od jinud, proč musí být zrovna na ploše?
============================ START =========================
ComboFix 11-03-23.03 - vlcek 23.03.2011 21:59:13.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.588 [GMT 1:00]
Spuštěný z: c:\documents and settings\vlcek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vlcek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 110323-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-23 do 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-21 18:56 . 2011-03-23 20:49 -------- d-----w- C:\Staženo
2011-03-21 17:15 . 2011-03-21 17:15 -------- d-----w- C:\Diskeeper
2011-03-21 08:06 . 2011-03-21 08:06 -------- d-----w- C:\337e288f7c1e1b9bf002e73c
2011-03-21 07:44 . 2011-03-21 08:05 -------- d-----w- C:\totalcmd
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 22:29 . 2008-04-14 07:53 294912 ----a-w- c:\windows\system32\msh263.drv
2011-03-20 22:29 . 2008-04-14 07:52 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2011-03-20 22:29 . 2008-04-14 07:52 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2011-03-20 22:29 . 2008-04-14 07:51 35328 ----a-w- c:\windows\system32\pid.dll
2011-03-20 22:29 . 2008-04-14 07:51 15360 ----a-w- c:\windows\system32\pjlmon.dll
2011-03-20 22:29 . 2008-04-14 07:51 20992 ----a-w- c:\windows\system32\hid.dll
2011-03-20 22:29 . 2008-04-14 07:51 51200 ----a-w- c:\windows\system32\dmutil.dll
2011-03-20 22:29 . 2008-04-14 07:51 49152 ----a-w- c:\windows\system32\cnbjmon.dll
2011-03-20 22:29 . 2008-04-14 07:10 80000 ----a-w- c:\windows\system32\drivers\parport.sys
2011-03-20 22:29 . 2008-04-14 07:10 46592 ----a-w- c:\windows\system32\drivers\p3.sys
2011-03-20 22:29 . 2008-04-14 06:56 40576 ----a-w- c:\windows\system32\drivers\crusoe.sys
2011-03-20 22:29 . 2008-04-14 06:41 39680 ----a-w- c:\windows\system32\drivers\processr.sys
2011-03-20 22:29 . 2008-04-14 06:38 41600 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-03-20 22:29 . 2008-04-14 06:38 41216 ----a-w- c:\windows\system32\drivers\amdk6.sys
2011-03-20 22:29 . 2008-04-14 06:36 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2011-03-20 22:29 . 2008-04-14 06:36 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2011-03-20 22:29 . 2008-04-13 23:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-03-20 22:29 . 2008-04-13 23:26 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2011-03-20 22:29 . 2008-04-13 23:21 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2011-03-20 22:29 . 2008-04-13 23:21 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2011-03-20 22:29 . 2008-04-13 23:16 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2011-03-20 22:29 . 2008-04-13 23:15 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2011-03-20 22:29 . 2008-04-13 23:15 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2011-03-20 22:29 . 2008-04-13 23:15 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2011-03-20 22:29 . 2008-04-13 23:09 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-03-20 22:29 . 2008-04-13 23:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-03-20 22:29 . 2008-04-13 23:06 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2011-03-20 22:27 . 2001-10-24 11:25 56320 ----a-w- c:\windows\system32\dvdplay.exe
2011-03-20 22:27 . 2001-10-24 11:25 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2011-03-20 22:27 . 2001-10-24 11:25 8192 ----a-w- c:\windows\system32\streamci.dll
2011-03-20 22:27 . 2001-10-24 11:25 72192 ----a-w- c:\windows\system32\sprio800.dll
2011-03-20 22:27 . 2001-10-24 11:25 70656 ----a-w- c:\windows\system32\sprio600.dll
2011-03-20 22:27 . 2001-10-24 11:25 69632 ----a-w- c:\windows\system32\spnike.dll
2011-03-20 22:27 . 2001-10-24 11:25 157696 ----a-w- c:\windows\system32\paqsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 3200 ----a-w- c:\windows\system32\wowfax.dll
2011-03-20 22:27 . 2001-10-24 10:55 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2011-03-20 22:27 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-20 22:27 . 2001-08-17 21:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2011-03-20 22:27 . 2001-08-17 20:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-01-21 14:44 . 2008-04-14 06:51 8466432 ----a-w- c:\windows\system32\shell32.dll
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-01-07 18:58 . 2011-01-07 18:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-01-07 18:58 . 2011-01-07 18:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-01-07 18:58 . 2011-01-07 18:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-01-07 18:58 . 2011-01-07 18:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-01-07 18:58 . 2011-01-07 18:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-01-07 18:58 . 2011-01-07 18:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-01-07 18:58 . 2011-01-07 18:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-01-07 18:58 . 2011-01-07 18:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-01-07 18:58 . 2011-01-07 18:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 18:58 . 2011-01-07 18:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 18:58 . 2011-01-07 18:58 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 18:58 . 2011-01-07 18:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 18:58 . 2011-01-07 18:58 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 18:58 . 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:58 . 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[-] 2011-03-20 . 8B097BAE2A460C37BB4FD5DCBAE7570E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
.
c:\windows\System32\regsvc.dll ... chybí !!
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_18.14.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-03-23 20:57 . 2011-03-23 20:57 16384 c:\windows\Temp\Perflib_Perfdata_760.dat
+ 2011-03-23 20:58 . 2011-03-23 20:58 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-03-22 19:48 . 2011-03-22 19:48 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
+ 2011-03-22 18:21 . 2011-03-22 18:21 153104 c:\windows\system32\drivers\tmcomm.sys
+ 2011-03-22 19:48 . 2011-03-22 19:48 195584 c:\windows\Installer\41c67.msi
+ 2011-03-22 19:48 . 2011-03-22 19:48 248832 c:\windows\Installer\41c5a.msi
+ 2011-03-22 19:48 . 2011-03-22 19:48 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-25 06:07 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-16 17:49 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-16 17:57 1945960 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-16 17:45 1169776 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.3.2011 1:19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.3.2011 1:19 20560]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [21.3.2011 18:09 44368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vlcek\Data aplikací\Mozilla\Firefox\Profiles\qxax9zpf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 22:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-03-23 22:04:20
ComboFix-quarantined-files.txt 2011-03-23 21:04
ComboFix2.txt 2011-03-22 20:59
ComboFix3.txt 2011-03-22 20:42
ComboFix4.txt 2011-03-22 18:16
.
Před spuštěním: Volných bajtů: 59 294 285 824
Po spuštění: Volných bajtů: 59 291 152 384
.
- - End Of File - - 3AFCF8986B1AD405172ED3B052E6F47E
============================ START =========================
ComboFix 11-03-23.03 - vlcek 23.03.2011 21:59:13.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.588 [GMT 1:00]
Spuštěný z: c:\documents and settings\vlcek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vlcek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 110323-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-23 do 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-21 18:56 . 2011-03-23 20:49 -------- d-----w- C:\Staženo
2011-03-21 17:15 . 2011-03-21 17:15 -------- d-----w- C:\Diskeeper
2011-03-21 08:06 . 2011-03-21 08:06 -------- d-----w- C:\337e288f7c1e1b9bf002e73c
2011-03-21 07:44 . 2011-03-21 08:05 -------- d-----w- C:\totalcmd
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 22:29 . 2008-04-14 07:53 294912 ----a-w- c:\windows\system32\msh263.drv
2011-03-20 22:29 . 2008-04-14 07:52 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2011-03-20 22:29 . 2008-04-14 07:52 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2011-03-20 22:29 . 2008-04-14 07:51 35328 ----a-w- c:\windows\system32\pid.dll
2011-03-20 22:29 . 2008-04-14 07:51 15360 ----a-w- c:\windows\system32\pjlmon.dll
2011-03-20 22:29 . 2008-04-14 07:51 20992 ----a-w- c:\windows\system32\hid.dll
2011-03-20 22:29 . 2008-04-14 07:51 51200 ----a-w- c:\windows\system32\dmutil.dll
2011-03-20 22:29 . 2008-04-14 07:51 49152 ----a-w- c:\windows\system32\cnbjmon.dll
2011-03-20 22:29 . 2008-04-14 07:10 80000 ----a-w- c:\windows\system32\drivers\parport.sys
2011-03-20 22:29 . 2008-04-14 07:10 46592 ----a-w- c:\windows\system32\drivers\p3.sys
2011-03-20 22:29 . 2008-04-14 06:56 40576 ----a-w- c:\windows\system32\drivers\crusoe.sys
2011-03-20 22:29 . 2008-04-14 06:41 39680 ----a-w- c:\windows\system32\drivers\processr.sys
2011-03-20 22:29 . 2008-04-14 06:38 41600 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-03-20 22:29 . 2008-04-14 06:38 41216 ----a-w- c:\windows\system32\drivers\amdk6.sys
2011-03-20 22:29 . 2008-04-14 06:36 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2011-03-20 22:29 . 2008-04-14 06:36 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2011-03-20 22:29 . 2008-04-13 23:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-03-20 22:29 . 2008-04-13 23:26 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2011-03-20 22:29 . 2008-04-13 23:21 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2011-03-20 22:29 . 2008-04-13 23:21 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2011-03-20 22:29 . 2008-04-13 23:16 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2011-03-20 22:29 . 2008-04-13 23:15 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2011-03-20 22:29 . 2008-04-13 23:15 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2011-03-20 22:29 . 2008-04-13 23:15 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2011-03-20 22:29 . 2008-04-13 23:09 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-03-20 22:29 . 2008-04-13 23:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-03-20 22:29 . 2008-04-13 23:06 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2011-03-20 22:27 . 2001-10-24 11:25 56320 ----a-w- c:\windows\system32\dvdplay.exe
2011-03-20 22:27 . 2001-10-24 11:25 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2011-03-20 22:27 . 2001-10-24 11:25 8192 ----a-w- c:\windows\system32\streamci.dll
2011-03-20 22:27 . 2001-10-24 11:25 72192 ----a-w- c:\windows\system32\sprio800.dll
2011-03-20 22:27 . 2001-10-24 11:25 70656 ----a-w- c:\windows\system32\sprio600.dll
2011-03-20 22:27 . 2001-10-24 11:25 69632 ----a-w- c:\windows\system32\spnike.dll
2011-03-20 22:27 . 2001-10-24 11:25 157696 ----a-w- c:\windows\system32\paqsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 3200 ----a-w- c:\windows\system32\wowfax.dll
2011-03-20 22:27 . 2001-10-24 10:55 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2011-03-20 22:27 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-20 22:27 . 2001-08-17 21:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2011-03-20 22:27 . 2001-08-17 20:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-01-21 14:44 . 2008-04-14 06:51 8466432 ----a-w- c:\windows\system32\shell32.dll
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-01-07 18:58 . 2011-01-07 18:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-01-07 18:58 . 2011-01-07 18:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-01-07 18:58 . 2011-01-07 18:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-01-07 18:58 . 2011-01-07 18:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-01-07 18:58 . 2011-01-07 18:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-01-07 18:58 . 2011-01-07 18:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-01-07 18:58 . 2011-01-07 18:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-01-07 18:58 . 2011-01-07 18:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-01-07 18:58 . 2011-01-07 18:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 18:58 . 2011-01-07 18:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 18:58 . 2011-01-07 18:58 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 18:58 . 2011-01-07 18:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 18:58 . 2011-01-07 18:58 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 18:58 . 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:58 . 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[-] 2011-03-20 . 8B097BAE2A460C37BB4FD5DCBAE7570E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
.
c:\windows\System32\regsvc.dll ... chybí !!
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_18.14.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-03-23 20:57 . 2011-03-23 20:57 16384 c:\windows\Temp\Perflib_Perfdata_760.dat
+ 2011-03-23 20:58 . 2011-03-23 20:58 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-03-22 19:48 . 2011-03-22 19:48 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
+ 2011-03-22 18:21 . 2011-03-22 18:21 153104 c:\windows\system32\drivers\tmcomm.sys
+ 2011-03-22 19:48 . 2011-03-22 19:48 195584 c:\windows\Installer\41c67.msi
+ 2011-03-22 19:48 . 2011-03-22 19:48 248832 c:\windows\Installer\41c5a.msi
+ 2011-03-22 19:48 . 2011-03-22 19:48 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-25 06:07 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-16 17:49 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-16 17:57 1945960 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-16 17:45 1169776 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.3.2011 1:19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.3.2011 1:19 20560]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [21.3.2011 18:09 44368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vlcek\Data aplikací\Mozilla\Firefox\Profiles\qxax9zpf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 22:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-03-23 22:04:20
ComboFix-quarantined-files.txt 2011-03-23 21:04
ComboFix2.txt 2011-03-22 20:59
ComboFix3.txt 2011-03-22 20:42
ComboFix4.txt 2011-03-22 18:16
.
Před spuštěním: Volných bajtů: 59 294 285 824
Po spuštění: Volných bajtů: 59 291 152 384
.
- - End Of File - - 3AFCF8986B1AD405172ED3B052E6F47E
Re: Nepravidelné zatuhávání
TDSS Killer - naprosto čísté. Mám ho zkusit spustit ještě po restartu?
==================================== START ====================
2011/03/23 22:08:42.0375 0640 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/23 22:08:43.0656 0640 ================================================================================
2011/03/23 22:08:43.0656 0640 SystemInfo:
2011/03/23 22:08:43.0656 0640
2011/03/23 22:08:43.0656 0640 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/23 22:08:43.0656 0640 Product type: Workstation
2011/03/23 22:08:43.0656 0640 ComputerName: VLK-67B24A38FCF
2011/03/23 22:08:43.0656 0640 UserName: vlcek
2011/03/23 22:08:43.0656 0640 Windows directory: C:\WINDOWS
2011/03/23 22:08:43.0656 0640 System windows directory: C:\WINDOWS
2011/03/23 22:08:43.0656 0640 Processor architecture: Intel x86
2011/03/23 22:08:43.0656 0640 Number of processors: 2
2011/03/23 22:08:43.0656 0640 Page size: 0x1000
2011/03/23 22:08:43.0656 0640 Boot type: Normal boot
2011/03/23 22:08:43.0656 0640 ================================================================================
2011/03/23 22:08:44.0593 0640 Initialize success
2011/03/23 22:08:45.0484 3164 ================================================================================
2011/03/23 22:08:45.0484 3164 Scan started
2011/03/23 22:08:45.0484 3164 Mode: Manual;
2011/03/23 22:08:45.0484 3164 ================================================================================
2011/03/23 22:08:46.0531 3164 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/23 22:08:46.0671 3164 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/23 22:08:46.0703 3164 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/23 22:08:46.0750 3164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/23 22:08:46.0906 3164 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/23 22:08:47.0515 3164 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2011/03/23 22:08:47.0546 3164 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/23 22:08:47.0578 3164 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/23 22:08:47.0640 3164 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/23 22:08:47.0703 3164 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/23 22:08:47.0750 3164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/23 22:08:47.0796 3164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/23 22:08:47.0812 3164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/23 22:08:47.0843 3164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/23 22:08:47.0890 3164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/23 22:08:48.0093 3164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/23 22:08:48.0125 3164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/23 22:08:48.0156 3164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/23 22:08:48.0203 3164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/23 22:08:48.0328 3164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/23 22:08:48.0375 3164 DKRtWrt (42823617433f6f9463e627644e716358) C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
2011/03/23 22:08:48.0421 3164 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/23 22:08:48.0437 3164 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/23 22:08:48.0468 3164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/23 22:08:48.0484 3164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/23 22:08:48.0515 3164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/23 22:08:48.0546 3164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/23 22:08:48.0562 3164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/23 22:08:48.0578 3164 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/23 22:08:48.0578 3164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/23 22:08:48.0609 3164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/23 22:08:48.0640 3164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/23 22:08:48.0656 3164 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/23 22:08:48.0671 3164 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
2011/03/23 22:08:48.0703 3164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/23 22:08:48.0734 3164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/23 22:08:48.0750 3164 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/23 22:08:48.0796 3164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/23 22:08:48.0843 3164 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/23 22:08:48.0859 3164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/23 22:08:48.0984 3164 IntcAzAudAddService (c4006af18682fca0d8a011a0a21070f8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/23 22:08:49.0031 3164 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/23 22:08:49.0046 3164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/23 22:08:49.0078 3164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/23 22:08:49.0078 3164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/23 22:08:49.0109 3164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/23 22:08:49.0109 3164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/23 22:08:49.0140 3164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/23 22:08:49.0171 3164 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/23 22:08:49.0203 3164 Jraid (c1632fe31d1824a43dea29725312e3fa) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/03/23 22:08:49.0218 3164 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/23 22:08:49.0234 3164 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/23 22:08:49.0265 3164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/23 22:08:49.0281 3164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/23 22:08:49.0343 3164 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/23 22:08:49.0359 3164 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/23 22:08:49.0390 3164 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/23 22:08:49.0406 3164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/23 22:08:49.0437 3164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/23 22:08:49.0484 3164 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/23 22:08:49.0500 3164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/23 22:08:49.0531 3164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/23 22:08:49.0546 3164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/23 22:08:49.0562 3164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/23 22:08:49.0578 3164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/23 22:08:49.0578 3164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/23 22:08:49.0593 3164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/23 22:08:49.0625 3164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/23 22:08:49.0640 3164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/23 22:08:49.0656 3164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/23 22:08:49.0703 3164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/23 22:08:49.0750 3164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/23 22:08:49.0781 3164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/23 22:08:49.0953 3164 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/23 22:08:50.0015 3164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/23 22:08:50.0031 3164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/23 22:08:50.0062 3164 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/23 22:08:50.0078 3164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/23 22:08:50.0093 3164 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/23 22:08:50.0125 3164 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/23 22:08:50.0140 3164 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/23 22:08:50.0156 3164 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/23 22:08:50.0250 3164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/23 22:08:50.0265 3164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/23 22:08:50.0281 3164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/23 22:08:50.0343 3164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/23 22:08:50.0359 3164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/23 22:08:50.0375 3164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/23 22:08:50.0390 3164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/23 22:08:50.0406 3164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/23 22:08:50.0421 3164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/23 22:08:50.0453 3164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/23 22:08:50.0468 3164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/23 22:08:50.0500 3164 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/23 22:08:50.0531 3164 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/03/23 22:08:50.0562 3164 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/03/23 22:08:50.0593 3164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/23 22:08:50.0609 3164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/23 22:08:50.0625 3164 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/23 22:08:50.0656 3164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/23 22:08:50.0718 3164 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/03/23 22:08:50.0765 3164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/23 22:08:50.0781 3164 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/23 22:08:50.0812 3164 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/23 22:08:50.0828 3164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/23 22:08:50.0843 3164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/23 22:08:50.0906 3164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/23 22:08:50.0937 3164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/23 22:08:50.0968 3164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/23 22:08:50.0984 3164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/23 22:08:51.0000 3164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/23 22:08:51.0031 3164 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/03/23 22:08:51.0062 3164 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/03/23 22:08:51.0109 3164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/23 22:08:51.0140 3164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/23 22:08:51.0171 3164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/23 22:08:51.0203 3164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/23 22:08:51.0218 3164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/23 22:08:51.0250 3164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/23 22:08:51.0265 3164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/23 22:08:51.0281 3164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/23 22:08:51.0312 3164 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/23 22:08:51.0328 3164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/23 22:08:51.0359 3164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/23 22:08:51.0546 3164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/23 22:08:51.0562 3164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/23 22:08:51.0703 3164 ================================================================================
2011/03/23 22:08:51.0703 3164 Scan finished
2011/03/23 22:08:51.0703 3164 ================================================================================
==================================== START ====================
2011/03/23 22:08:42.0375 0640 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/23 22:08:43.0656 0640 ================================================================================
2011/03/23 22:08:43.0656 0640 SystemInfo:
2011/03/23 22:08:43.0656 0640
2011/03/23 22:08:43.0656 0640 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/23 22:08:43.0656 0640 Product type: Workstation
2011/03/23 22:08:43.0656 0640 ComputerName: VLK-67B24A38FCF
2011/03/23 22:08:43.0656 0640 UserName: vlcek
2011/03/23 22:08:43.0656 0640 Windows directory: C:\WINDOWS
2011/03/23 22:08:43.0656 0640 System windows directory: C:\WINDOWS
2011/03/23 22:08:43.0656 0640 Processor architecture: Intel x86
2011/03/23 22:08:43.0656 0640 Number of processors: 2
2011/03/23 22:08:43.0656 0640 Page size: 0x1000
2011/03/23 22:08:43.0656 0640 Boot type: Normal boot
2011/03/23 22:08:43.0656 0640 ================================================================================
2011/03/23 22:08:44.0593 0640 Initialize success
2011/03/23 22:08:45.0484 3164 ================================================================================
2011/03/23 22:08:45.0484 3164 Scan started
2011/03/23 22:08:45.0484 3164 Mode: Manual;
2011/03/23 22:08:45.0484 3164 ================================================================================
2011/03/23 22:08:46.0531 3164 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/23 22:08:46.0671 3164 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/23 22:08:46.0703 3164 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/23 22:08:46.0750 3164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/23 22:08:46.0906 3164 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/23 22:08:47.0515 3164 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2011/03/23 22:08:47.0546 3164 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/23 22:08:47.0578 3164 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/23 22:08:47.0640 3164 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/23 22:08:47.0703 3164 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/23 22:08:47.0750 3164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/23 22:08:47.0796 3164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/23 22:08:47.0812 3164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/23 22:08:47.0843 3164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/23 22:08:47.0890 3164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/23 22:08:48.0093 3164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/23 22:08:48.0125 3164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/23 22:08:48.0156 3164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/23 22:08:48.0203 3164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/23 22:08:48.0328 3164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/23 22:08:48.0375 3164 DKRtWrt (42823617433f6f9463e627644e716358) C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
2011/03/23 22:08:48.0421 3164 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/23 22:08:48.0437 3164 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/23 22:08:48.0468 3164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/23 22:08:48.0484 3164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/23 22:08:48.0515 3164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/23 22:08:48.0546 3164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/23 22:08:48.0562 3164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/23 22:08:48.0578 3164 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/23 22:08:48.0578 3164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/23 22:08:48.0609 3164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/23 22:08:48.0640 3164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/23 22:08:48.0656 3164 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/23 22:08:48.0671 3164 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
2011/03/23 22:08:48.0703 3164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/23 22:08:48.0734 3164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/23 22:08:48.0750 3164 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/23 22:08:48.0796 3164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/23 22:08:48.0843 3164 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/23 22:08:48.0859 3164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/23 22:08:48.0984 3164 IntcAzAudAddService (c4006af18682fca0d8a011a0a21070f8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/23 22:08:49.0031 3164 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/23 22:08:49.0046 3164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/23 22:08:49.0078 3164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/23 22:08:49.0078 3164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/23 22:08:49.0109 3164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/23 22:08:49.0109 3164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/23 22:08:49.0140 3164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/23 22:08:49.0171 3164 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/23 22:08:49.0203 3164 Jraid (c1632fe31d1824a43dea29725312e3fa) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/03/23 22:08:49.0218 3164 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/23 22:08:49.0234 3164 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/23 22:08:49.0265 3164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/23 22:08:49.0281 3164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/23 22:08:49.0343 3164 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/23 22:08:49.0359 3164 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/23 22:08:49.0390 3164 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/23 22:08:49.0406 3164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/23 22:08:49.0437 3164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/23 22:08:49.0484 3164 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/23 22:08:49.0500 3164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/23 22:08:49.0531 3164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/23 22:08:49.0546 3164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/23 22:08:49.0562 3164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/23 22:08:49.0578 3164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/23 22:08:49.0578 3164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/23 22:08:49.0593 3164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/23 22:08:49.0625 3164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/23 22:08:49.0640 3164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/23 22:08:49.0656 3164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/23 22:08:49.0703 3164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/23 22:08:49.0750 3164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/23 22:08:49.0781 3164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/23 22:08:49.0953 3164 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/23 22:08:50.0015 3164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/23 22:08:50.0031 3164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/23 22:08:50.0062 3164 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/23 22:08:50.0078 3164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/23 22:08:50.0093 3164 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/23 22:08:50.0125 3164 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/23 22:08:50.0140 3164 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/23 22:08:50.0156 3164 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/23 22:08:50.0250 3164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/23 22:08:50.0265 3164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/23 22:08:50.0281 3164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/23 22:08:50.0343 3164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/23 22:08:50.0359 3164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/23 22:08:50.0375 3164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/23 22:08:50.0390 3164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/23 22:08:50.0406 3164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/23 22:08:50.0421 3164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/23 22:08:50.0453 3164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/23 22:08:50.0468 3164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/23 22:08:50.0500 3164 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/23 22:08:50.0531 3164 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/03/23 22:08:50.0562 3164 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/03/23 22:08:50.0593 3164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/23 22:08:50.0609 3164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/23 22:08:50.0625 3164 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/23 22:08:50.0656 3164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/23 22:08:50.0718 3164 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/03/23 22:08:50.0765 3164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/23 22:08:50.0781 3164 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/23 22:08:50.0812 3164 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/23 22:08:50.0828 3164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/23 22:08:50.0843 3164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/23 22:08:50.0906 3164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/23 22:08:50.0937 3164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/23 22:08:50.0968 3164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/23 22:08:50.0984 3164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/23 22:08:51.0000 3164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/23 22:08:51.0031 3164 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/03/23 22:08:51.0062 3164 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/03/23 22:08:51.0109 3164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/23 22:08:51.0140 3164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/23 22:08:51.0171 3164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/23 22:08:51.0203 3164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/23 22:08:51.0218 3164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/23 22:08:51.0250 3164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/23 22:08:51.0265 3164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/23 22:08:51.0281 3164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/23 22:08:51.0312 3164 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/23 22:08:51.0328 3164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/23 22:08:51.0359 3164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/23 22:08:51.0546 3164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/23 22:08:51.0562 3164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/23 22:08:51.0703 3164 ================================================================================
2011/03/23 22:08:51.0703 3164 Scan finished
2011/03/23 22:08:51.0703 3164 ================================================================================
Re: Nepravidelné zatuhávání
Stáhni SystemLook
spusť aplikaci a do otevřeného okna zkopíruj :
pak klik na Look aplikace vytvoří SystemLook.txt jeho obsah mi sem zkopíruj.
V mezičase použij Cure It z mého podpisu a dej vědět co našel.
spusť aplikaci a do otevřeného okna zkopíruj :
Kód: Vybrat vše
:filefind
regsvc.dll
V mezičase použij Cure It z mého podpisu a dej vědět co našel.
Re: Nepravidelné zatuhávání
Tak je někde něco špatne?
SystemLook 04.09.10 by jpshortstuff
Log created at 22:49 on 23/03/2011 by vlcek
Administrator - Elevation successful
========== filefind ==========
Searching for "regsvc.dll"
No files found.
-= EOF =-
Právě se chystám spustit Cureit.
SystemLook 04.09.10 by jpshortstuff
Log created at 22:49 on 23/03/2011 by vlcek
Administrator - Elevation successful
========== filefind ==========
Searching for "regsvc.dll"
No files found.
-= EOF =-
Právě se chystám spustit Cureit.
Re: Nepravidelné zatuhávání
No knihovnu tam opravdu nemáš, tak že jí ODTUD stáhni a ulož
na Místní disk (C:), nikam jinam !!!
Znovu si otevři Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
na Místní disk (C:), nikam jinam !!!
Znovu si otevři Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
FCopy::
c:\regsvc.dll | c:\windows\System32\regsvc.dll
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Nepravidelné zatuhávání
Omlouvám se za menší prodlevu v postupu řešení.
Combofix jsem spustil se scriptem:
================================= START ================================
ComboFix 11-03-23.03 - vlcek 24.03.2011 17:02:42.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.578 [GMT 1:00]
Spuštěný z: c:\documents and settings\vlcek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vlcek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 110324-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\regsvc.dll --> c:\windows\System32\regsvc.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-24 do 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-24 15:53 . 2004-05-13 16:19 51712 ------w- C:\regsvc.dll
2011-03-21 18:56 . 2011-03-24 15:53 -------- d-----w- C:\Staženo
2011-03-21 17:15 . 2011-03-21 17:15 -------- d-----w- C:\Diskeeper
2011-03-21 08:06 . 2011-03-21 08:06 -------- d-----w- C:\337e288f7c1e1b9bf002e73c
2011-03-21 07:44 . 2011-03-21 08:05 -------- d-----w- C:\totalcmd
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 22:29 . 2008-04-14 07:53 294912 ----a-w- c:\windows\system32\msh263.drv
2011-03-20 22:29 . 2008-04-14 07:52 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2011-03-20 22:29 . 2008-04-14 07:52 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2011-03-20 22:29 . 2008-04-14 07:51 35328 ----a-w- c:\windows\system32\pid.dll
2011-03-20 22:29 . 2008-04-14 07:51 15360 ----a-w- c:\windows\system32\pjlmon.dll
2011-03-20 22:29 . 2008-04-14 07:51 20992 ----a-w- c:\windows\system32\hid.dll
2011-03-20 22:29 . 2008-04-14 07:51 51200 ----a-w- c:\windows\system32\dmutil.dll
2011-03-20 22:29 . 2008-04-14 07:51 49152 ----a-w- c:\windows\system32\cnbjmon.dll
2011-03-20 22:29 . 2008-04-14 07:10 80000 ----a-w- c:\windows\system32\drivers\parport.sys
2011-03-20 22:29 . 2008-04-14 07:10 46592 ----a-w- c:\windows\system32\drivers\p3.sys
2011-03-20 22:29 . 2008-04-14 06:56 40576 ----a-w- c:\windows\system32\drivers\crusoe.sys
2011-03-20 22:29 . 2008-04-14 06:41 39680 ----a-w- c:\windows\system32\drivers\processr.sys
2011-03-20 22:29 . 2008-04-14 06:38 41600 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-03-20 22:29 . 2008-04-14 06:38 41216 ----a-w- c:\windows\system32\drivers\amdk6.sys
2011-03-20 22:29 . 2008-04-14 06:36 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2011-03-20 22:29 . 2008-04-14 06:36 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2011-03-20 22:29 . 2008-04-13 23:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-03-20 22:29 . 2008-04-13 23:26 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2011-03-20 22:29 . 2008-04-13 23:21 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2011-03-20 22:29 . 2008-04-13 23:21 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2011-03-20 22:29 . 2008-04-13 23:16 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2011-03-20 22:29 . 2008-04-13 23:15 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2011-03-20 22:29 . 2008-04-13 23:15 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2011-03-20 22:29 . 2008-04-13 23:15 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2011-03-20 22:29 . 2008-04-13 23:09 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-03-20 22:29 . 2008-04-13 23:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-03-20 22:29 . 2008-04-13 23:06 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2011-03-20 22:27 . 2001-10-24 11:25 56320 ----a-w- c:\windows\system32\dvdplay.exe
2011-03-20 22:27 . 2001-10-24 11:25 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2011-03-20 22:27 . 2001-10-24 11:25 8192 ----a-w- c:\windows\system32\streamci.dll
2011-03-20 22:27 . 2001-10-24 11:25 72192 ----a-w- c:\windows\system32\sprio800.dll
2011-03-20 22:27 . 2001-10-24 11:25 70656 ----a-w- c:\windows\system32\sprio600.dll
2011-03-20 22:27 . 2001-10-24 11:25 69632 ----a-w- c:\windows\system32\spnike.dll
2011-03-20 22:27 . 2001-10-24 11:25 157696 ----a-w- c:\windows\system32\paqsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 3200 ----a-w- c:\windows\system32\wowfax.dll
2011-03-20 22:27 . 2001-10-24 10:55 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2011-03-20 22:27 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-20 22:27 . 2001-08-17 21:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2011-03-20 22:27 . 2001-08-17 20:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-01-21 14:44 . 2008-04-14 06:51 8466432 ----a-w- c:\windows\system32\shell32.dll
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-01-07 18:58 . 2011-01-07 18:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-01-07 18:58 . 2011-01-07 18:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-01-07 18:58 . 2011-01-07 18:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-01-07 18:58 . 2011-01-07 18:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-01-07 18:58 . 2011-01-07 18:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-01-07 18:58 . 2011-01-07 18:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-01-07 18:58 . 2011-01-07 18:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-01-07 18:58 . 2011-01-07 18:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-01-07 18:58 . 2011-01-07 18:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 18:58 . 2011-01-07 18:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 18:58 . 2011-01-07 18:58 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 18:58 . 2011-01-07 18:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 18:58 . 2011-01-07 18:58 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 18:58 . 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:58 . 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[-] 2011-03-20 . 8B097BAE2A460C37BB4FD5DCBAE7570E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2004-05-13 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_18.14.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-03-24 16:01 . 2011-03-24 16:01 16384 c:\windows\Temp\Perflib_Perfdata_74c.dat
+ 2011-03-24 16:01 . 2011-03-24 16:01 16384 c:\windows\Temp\Perflib_Perfdata_668.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-03-22 19:48 . 2011-03-22 19:48 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
+ 2011-03-22 18:21 . 2011-03-22 18:21 153104 c:\windows\system32\drivers\tmcomm.sys
+ 2011-03-22 19:48 . 2011-03-22 19:48 195584 c:\windows\Installer\41c67.msi
+ 2011-03-22 19:48 . 2011-03-22 19:48 248832 c:\windows\Installer\41c5a.msi
+ 2011-03-22 19:48 . 2011-03-22 19:48 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-25 06:07 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-16 17:49 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-16 17:57 1945960 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-16 17:45 1169776 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.3.2011 1:19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.3.2011 1:19 20560]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [21.3.2011 18:09 44368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vlcek\Data aplikací\Mozilla\Firefox\Profiles\qxax9zpf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 17:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-03-24 17:07:51
ComboFix-quarantined-files.txt 2011-03-24 16:07
ComboFix2.txt 2011-03-23 21:04
ComboFix3.txt 2011-03-22 20:59
ComboFix4.txt 2011-03-22 20:42
ComboFix5.txt 2011-03-24 15:56
.
Před spuštěním: Volných bajtů: 60 671 062 016
Po spuštění: Volných bajtů: 60 729 401 344
.
- - End Of File - - F329B0558DA4A7C8C72484CFE8370D1A
Pak jsme zkoušel Dr.Web, poprvé to prostě v průběhů zatuhlo. Dneska ráno jsem to spouštěl znova a stejně nic, prostě to zatuhlo. Ale myslím že to něco provedlo už se to tak nehroutí. Nevím jestli by nebylo lepší to komplet přeinstalovat, jen nevím jestli něco nevězí na ostatních discích.
Combofix jsem spustil se scriptem:
================================= START ================================
ComboFix 11-03-23.03 - vlcek 24.03.2011 17:02:42.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.578 [GMT 1:00]
Spuštěný z: c:\documents and settings\vlcek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vlcek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 110324-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\regsvc.dll --> c:\windows\System32\regsvc.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-24 do 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-24 15:53 . 2004-05-13 16:19 51712 ------w- C:\regsvc.dll
2011-03-21 18:56 . 2011-03-24 15:53 -------- d-----w- C:\Staženo
2011-03-21 17:15 . 2011-03-21 17:15 -------- d-----w- C:\Diskeeper
2011-03-21 08:06 . 2011-03-21 08:06 -------- d-----w- C:\337e288f7c1e1b9bf002e73c
2011-03-21 07:44 . 2011-03-21 08:05 -------- d-----w- C:\totalcmd
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 22:29 . 2008-04-14 07:53 294912 ----a-w- c:\windows\system32\msh263.drv
2011-03-20 22:29 . 2008-04-14 07:52 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2011-03-20 22:29 . 2008-04-14 07:52 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2011-03-20 22:29 . 2008-04-14 07:51 35328 ----a-w- c:\windows\system32\pid.dll
2011-03-20 22:29 . 2008-04-14 07:51 15360 ----a-w- c:\windows\system32\pjlmon.dll
2011-03-20 22:29 . 2008-04-14 07:51 20992 ----a-w- c:\windows\system32\hid.dll
2011-03-20 22:29 . 2008-04-14 07:51 51200 ----a-w- c:\windows\system32\dmutil.dll
2011-03-20 22:29 . 2008-04-14 07:51 49152 ----a-w- c:\windows\system32\cnbjmon.dll
2011-03-20 22:29 . 2008-04-14 07:10 80000 ----a-w- c:\windows\system32\drivers\parport.sys
2011-03-20 22:29 . 2008-04-14 07:10 46592 ----a-w- c:\windows\system32\drivers\p3.sys
2011-03-20 22:29 . 2008-04-14 06:56 40576 ----a-w- c:\windows\system32\drivers\crusoe.sys
2011-03-20 22:29 . 2008-04-14 06:41 39680 ----a-w- c:\windows\system32\drivers\processr.sys
2011-03-20 22:29 . 2008-04-14 06:38 41600 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-03-20 22:29 . 2008-04-14 06:38 41216 ----a-w- c:\windows\system32\drivers\amdk6.sys
2011-03-20 22:29 . 2008-04-14 06:36 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2011-03-20 22:29 . 2008-04-14 06:36 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2011-03-20 22:29 . 2008-04-13 23:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-03-20 22:29 . 2008-04-13 23:26 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2011-03-20 22:29 . 2008-04-13 23:21 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2011-03-20 22:29 . 2008-04-13 23:21 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2011-03-20 22:29 . 2008-04-13 23:16 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2011-03-20 22:29 . 2008-04-13 23:15 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2011-03-20 22:29 . 2008-04-13 23:15 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2011-03-20 22:29 . 2008-04-13 23:15 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2011-03-20 22:29 . 2008-04-13 23:09 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-03-20 22:29 . 2008-04-13 23:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-03-20 22:29 . 2008-04-13 23:06 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2011-03-20 22:27 . 2001-10-24 11:25 56320 ----a-w- c:\windows\system32\dvdplay.exe
2011-03-20 22:27 . 2001-10-24 11:25 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2011-03-20 22:27 . 2001-10-24 11:25 8192 ----a-w- c:\windows\system32\streamci.dll
2011-03-20 22:27 . 2001-10-24 11:25 72192 ----a-w- c:\windows\system32\sprio800.dll
2011-03-20 22:27 . 2001-10-24 11:25 70656 ----a-w- c:\windows\system32\sprio600.dll
2011-03-20 22:27 . 2001-10-24 11:25 69632 ----a-w- c:\windows\system32\spnike.dll
2011-03-20 22:27 . 2001-10-24 11:25 157696 ----a-w- c:\windows\system32\paqsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2011-03-20 22:27 . 2001-10-24 11:24 3200 ----a-w- c:\windows\system32\wowfax.dll
2011-03-20 22:27 . 2001-10-24 10:55 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2011-03-20 22:27 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-20 22:27 . 2001-08-17 21:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2011-03-20 22:27 . 2001-08-17 20:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2011-03-20 22:27 . 2001-08-17 20:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2011-03-20 22:27 . 2001-08-17 20:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-01-21 14:44 . 2008-04-14 06:51 8466432 ----a-w- c:\windows\system32\shell32.dll
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-01-07 18:58 . 2011-01-07 18:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-01-07 18:58 . 2011-01-07 18:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-01-07 18:58 . 2011-01-07 18:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-01-07 18:58 . 2011-01-07 18:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-01-07 18:58 . 2011-01-07 18:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-01-07 18:58 . 2011-01-07 18:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-01-07 18:58 . 2011-01-07 18:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-01-07 18:58 . 2011-01-07 18:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-01-07 18:58 . 2011-01-07 18:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 18:58 . 2011-01-07 18:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 18:58 . 2011-01-07 18:58 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 18:58 . 2011-01-07 18:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 18:58 . 2011-01-07 18:58 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 18:58 . 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:58 . 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[-] 2011-03-20 . 8B097BAE2A460C37BB4FD5DCBAE7570E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2004-05-13 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\system32\regsvc.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_18.14.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-03-24 16:01 . 2011-03-24 16:01 16384 c:\windows\Temp\Perflib_Perfdata_74c.dat
+ 2011-03-24 16:01 . 2011-03-24 16:01 16384 c:\windows\Temp\Perflib_Perfdata_668.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-03-22 19:48 . 2011-03-22 19:48 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
+ 2011-03-22 18:21 . 2011-03-22 18:21 153104 c:\windows\system32\drivers\tmcomm.sys
+ 2011-03-22 19:48 . 2011-03-22 19:48 195584 c:\windows\Installer\41c67.msi
+ 2011-03-22 19:48 . 2011-03-22 19:48 248832 c:\windows\Installer\41c5a.msi
+ 2011-03-22 19:48 . 2011-03-22 19:48 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-25 06:07 1953792 ------r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-16 17:49 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-16 17:57 1945960 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-16 17:45 1169776 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.3.2011 1:19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.3.2011 1:19 20560]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [21.3.2011 18:09 44368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vlcek\Data aplikací\Mozilla\Firefox\Profiles\qxax9zpf.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 17:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-03-24 17:07:51
ComboFix-quarantined-files.txt 2011-03-24 16:07
ComboFix2.txt 2011-03-23 21:04
ComboFix3.txt 2011-03-22 20:59
ComboFix4.txt 2011-03-22 20:42
ComboFix5.txt 2011-03-24 15:56
.
Před spuštěním: Volných bajtů: 60 671 062 016
Po spuštění: Volných bajtů: 60 729 401 344
.
- - End Of File - - F329B0558DA4A7C8C72484CFE8370D1A
Pak jsme zkoušel Dr.Web, poprvé to prostě v průběhů zatuhlo. Dneska ráno jsem to spouštěl znova a stejně nic, prostě to zatuhlo. Ale myslím že to něco provedlo už se to tak nehroutí. Nevím jestli by nebylo lepší to komplet přeinstalovat, jen nevím jestli něco nevězí na ostatních discích.
Re: Nepravidelné zatuhávání
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak zkus ten Cure It spustit v Nouzovém režimu.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak zkus ten Cure It spustit v Nouzovém režimu.
Re: Nepravidelné zatuhávání
ComboFix je pryč a T-Cleaner smazal co mohl. CureIt spustím zítra ráno. Ještě jsem spustil jeden nástroj - Ultimate Process Manager UPM - stále tu máme MBR ROOTKIT 
Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 28.3.2011 23:41:50
================================================================
SmallARK
================================================================
[R]NtClose -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtCreateKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDeleteValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDuplicateObject -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenProcess -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenThread -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtQueryValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtRestoreKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtSetValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
MBR ROOTKIT DETECTED!
Běžící procesy
================================================================
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
Scanner
================================================================
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
[?] RTHDCPL.exe
Spouští se po startu HKLM Run [RTHDCPL]
[R] ashDisp.exe
Spouští se po startu HKLM Run [avast!]
[S] rundll32.exe
Spouští se po startu HKLM Run [NvMediaCenter]
[S] ctfmon.exe
Spouští se po startu HKCU Run [ctfmon.exe]
[R] uTorrent.exe
Spouští se po startu HKCU Run [uTorrent]
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3
[?] mdm.exe
Ověřený Microsoft: Ne
Nemá okno
Soubor 12%
[R] OUTLOOK.EXE
Ověřený Microsoft: Ne
Po spuštění
================================================================
HKLM Run
|_ [?][RTHDCPL] C:\WINDOWS\RTHDCPL.EXE
|_ [R][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll ,NvTaskbarInit
|_ [R][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll ,NvStartup
|_ [R][nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
HKLM BHO
|_ [X][{AE7CD045-E861-484f-8273-0445EE161910}] (Soubor nenalezen)
|_ [X][{F4971EE7-DAA0-4053-9964-665D8EE6A077}] (Soubor nenalezen)
HKCU IE WebBrowser Toolbar
|_ [X][{47833539-D0C5-4125-9FA8-0819E2EAAC93}] (Soubor nenalezen)
HKLM IE Toolbar
|_ [X][{47833539-D0C5-4125-9FA8-0819E2EAAC93}] (Soubor nenalezen)
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] avast! Mail Scanner
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: avast! Mail Scanner
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: avast! Antivirus
[X] avast! Web Scanner
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: avast! Web Scanner
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: avast! Antivirus
[?] Machine Debug Manager
|_ Cesta: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Machine Debug Manager
| |_ MD5: 7CF1B716372B89568AE4C0FE769F5869
|
|_ Jméno: MDM
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: RPCSS
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Service for Realtek HD Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\RtkHDAud.sys
| |_ Výrobce: Realtek Semiconductor Corp.
| |_ Popis: Realtek(r) High Definition Audio Function Driver
| |_ MD5: C4006AF18682FCA0D8A011A0A21070F8
|
|_ Jméno: IntcAzAudAddService
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Jraid
|_ Cesta: C:\WINDOWS\system32\DRIVERS\jraid.sys
| |_ Výrobce: JMicron Technology Corp.
| |_ Popis: JMicron JMB36X RAID Driver
| |_ MD5: C1632FE31D1824A43DEA29725312E3FA
|
|_ Jméno: Jraid
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] nv
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58
| |_ MD5: 18C9B152DA7BEA76B2F9E4B6412E0AAF
|
|_ Jméno: nv
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
| |_ Výrobce: Realtek Semiconductor Corporation
| |_ Popis: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: BADABE0940C01619E8510B90FB314929
|
|_ Jméno: RTLE8023xp
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] SCDEmu
|_ Cesta: C:\WINDOWS\system32\drivers\SCDEmu.sys
| |_ Výrobce: PowerISO Computing, Inc.
| |_ Popis: PowerISO Virtual Drive
| |_ MD5: 23AA53256CE05B975398B78A33474265
|
|_ Jméno: SCDEmu
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Acronis True Image Backup Archive Explorer
|_ Cesta: C:\WINDOWS\system32\DRIVERS\timntr.sys
| |_ Výrobce: Acronis
| |_ Popis: Acronis True Image Backup Archive Explorer
| |_ MD5: 74711884439BDF9CCF446C79CB05FAC0
|
|_ Jméno: timounter
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (1412) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (2248) DkService.exe 0.0.0.0:31038 LISTENING
TCP (1452) uTorrent.exe 0.0.0.0:52789 LISTENING
TCP (3324) alg.exe 127.0.0.1:1047 LISTENING
TCP (2824) ashMaiSv.exe 127.0.0.1:12025 LISTENING
TCP (2844) ashWebSv.exe 127.0.0.1:12080 LISTENING
TCP (2824) ashMaiSv.exe 127.0.0.1:12110 LISTENING
TCP (2824) ashMaiSv.exe 127.0.0.1:12119 LISTENING
TCP (2824) ashMaiSv.exe 127.0.0.1:12143 LISTENING
TCP (4) Systém 192.168.100.101:139 LISTENING
TCP (3412) UPM.exe 192.168.100.101:1365 <-> 109.123.209.238:80 ESTABLISHED
TCP (0) 192.168.100.101:52789 TIME_WAIT
UDP (4) Systém 0.0.0.0:445 TIME_WAIT
UDP (1104) lsass.exe 0.0.0.0:500
UDP (1104) lsass.exe 0.0.0.0:4500
UDP (1452) uTorrent.exe 0.0.0.0:6771
UDP (1452) uTorrent.exe 0.0.0.0:52789
UDP (1508) svchost.exe 127.0.0.1:123
UDP (1736) svchost.exe 127.0.0.1:1900
UDP (1508) svchost.exe 192.168.100.101:123
UDP (4) Systém 192.168.100.101:137
UDP (4) Systém 192.168.100.101:138
UDP (1452) uTorrent.exe 192.168.100.101:1900
UDP (1736) svchost.exe 192.168.100.101:1900
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] aswcmnos.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
|_ MD5: 6D6416FA182FA865D265DFFA5A03C3C2
|_ Výrobce: ALWIL Software
|_ Procesy
|_ aswUpdSv.exe (1828)
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswcmnb.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
|_ MD5: F8DF17A0090F29EE330B34145152F38A
|_ Výrobce: ALWIL Software
|_ Procesy
|_ aswUpdSv.exe (1828)
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswcmns.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
|_ MD5: 7D79CD441ED208D062B326145C7B3AED
|_ Výrobce: ALWIL Software
|_ Procesy
|_ aswUpdSv.exe (1828)
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswscan.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswScan.dll
|_ MD5: 9FB2179200238536B788CB4046C61C24
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswengin.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswEngin.dll
|_ MD5: 144137D2E91504F551E82135673D89AE
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswinteg.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswInteg.dll
|_ MD5: D933B267939363888A40F86017561552
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ashbase.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashBase.dll
|_ MD5: E8B0EDD5C8518D9A1F73AC0C54A94D7C
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswaux.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswAux.dll
|_ MD5: 8EA778943B7E155991AE9E3C818269AB
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] ashtask.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashTask.dll
|_ MD5: 0B9DBFE71F4EB4355985EE60E6A1DC3F
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] ashssqlt.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll
|_ MD5: B26CF29C64FDF7876D0E81C27C80F7BF
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] aavm4h.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
|_ MD5: 6CA1292225B47A5421E941B3CFEF48AF
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aavmrpch.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AavmRpch.dll
|_ MD5: F3EAC60879AE425D81DBA70C3DA76D13
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] ahresstd.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResStd.dll
|_ MD5: 816CAE36B3D430622EB4D40CF9CC1E82
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahresout.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResOut.dll
|_ MD5: D3DE25C3CA9BCE6805E028C5DD304304
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ OUTLOOK.EXE (1544)
[?] ahresmai.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResMai.dll
|_ MD5: 60DA054E9DDFC242346B879EAAF1EBCE
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashMaiSv.exe (2824)
[?] ahresjs.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResJs.dll
|_ MD5: 6A96C7924D6E48C02073418F763586C1
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahjsctns.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
|_ MD5: 2611057BD89079021A077C5771771072
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ explorer.exe (792)
|_ RTHDCPL.exe (1020)
|_ ashDisp.exe (1016)
|_ rundll32.exe (364)
|_ ctfmon.exe (1364)
|_ uTorrent.exe (1452)
|_ ashMaiSv.exe (2824)
|_ wscntfy.exe (3620)
|_ OUTLOOK.EXE (1544)
|_ UPM.exe (3412)
[?] ahresmes.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ahResMes.dll
|_ MD5: A7469E3BE8770E7015CA499BA6729568
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahresp2p.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ahResP2P.dll
|_ MD5: 6E5E0EE9C837229C26C3B53B2036E44D
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahresns.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResNS.dll
|_ MD5: B3840EB1F44C28CA25D304FD1DA86954
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahresws.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResWS.dll
|_ MD5: 0C923A24FB7E7D6B4D210537F36E5296
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashWebSv.exe (2844)
[?] timounter.dll
|_ Cesta: C:\Program Files\Acronis\TrueImageHome\timounter.dll
|_ MD5: F8F5DC09F9FE3F5C02D27B95FC155571
|_ Výrobce: Acronis
|_ Procesy
|_ explorer.exe (792)
[?] avi.dll
|_ Cesta: C:\Program Files\CCCP\Filters\Haali\avi.dll
|_ MD5: 6A7C66DCED9E0EFF08E17AA292CA45C5
|_ Výrobce:
|_ Procesy
|_ explorer.exe (792)
[?] rarext.dll
|_ Cesta: C:\Program Files\WinRAR\RarExt.dll
|_ MD5: EDBBD86134D4EB57B7917A13262ABE8E
|_ Výrobce:
|_ Procesy
|_ explorer.exe (792)
[?] pwrisosh.dll
|_ Cesta: C:\Program Files\PowerISO\PWRISOSH.DLL
|_ MD5: BAA3E635383278EC32A160967A53DB59
|_ Výrobce: PowerISO Computing, Inc.
|_ Procesy
|_ explorer.exe (792)
[?] vsfilter.dll
|_ Cesta: C:\Program Files\CCCP\Filters\VSFilter.dll
|_ MD5: A54AAC5E131EE45575986869C605BE79
|_ Výrobce: Gabest
|_ Procesy
|_ explorer.exe (792)
[?] ffdshow.ax
|_ Cesta: C:\Program Files\CCCP\Filters\FFDShow\ffdshow.ax
|_ MD5: 9F6EEDC57A79AB177F1AE6C85A951969
|_ Výrobce: ?
|_ Procesy
|_ explorer.exe (792)
[?] nppshell_04.dll
|_ Cesta: C:\Program Files\Notepad++\NppShell_04.dll
|_ MD5: 86A591473178AA6B6400A8DA225DF04F
|_ Výrobce: ?
|_ Procesy
|_ explorer.exe (792)
[?] ashuint.dll
|_ Cesta: C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll
|_ MD5: FCE48F51523E38C5E74969766B353D73
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
|_ OUTLOOK.EXE (1544)
[?] xt1922.dll
|_ Cesta: C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll
|_ MD5: 6C08604B5465DE19EAAC58C6A537D0BF
|_ Výrobce: Codejock Software
|_ Procesy
|_ ashDisp.exe (1016)
|_ OUTLOOK.EXE (1544)
[?] ahruistd.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll
|_ MD5: CB39A7024BE54E75E3B696272FDC0987
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruiout.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll
|_ MD5: 9625471205DFC433FB73E231FC9CBB01
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruimai.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll
|_ MD5: 02BD0FEACAA1A65F77806A3C3DEBD046
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruijs.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiJs.dll
|_ MD5: D60AA3B9FE4354E588622BD73E5D56FF
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruimes.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll
|_ MD5: 27BB54223D4AAEBBEB0E65DF776CF6C2
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruip2p.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll
|_ MD5: E5C7E4C34E43BFD68DE1CF2034FE9AF8
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruins.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll
|_ MD5: 99C120153031FBD057D4FA0499FFF755
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruiws.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll
|_ MD5: 8F933065A585EAFD798DD5E49598CDCB
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] lang.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ENGLISH\Lang.dll
|_ MD5: BC517179B72CA423F2C0D90413D345F7
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ OUTLOOK.EXE (1544)
[?] tab.dll
|_ Cesta: C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll
|_ MD5: CE8E6A288C6FF4FE03DF1D4DFAC1D605
|_ Výrobce: Diskeeper Corporation
|_ Procesy
|_ DkService.exe (2248)
[?] msdbg2.dll
|_ Cesta: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
|_ MD5: 2F1C2B887327CECA18C04041EDDD8F20
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ mdm.exe (2344)
[?] langmai.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ENGLISH\LangMai.dll
|_ MD5: 2B2C74A7CC896D33638B74E4187ACE24
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashMaiSv.exe (2824)
[?] adobepdfmakerx.dll
|_ Cesta: C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
|_ MD5: A0FAABB491A7356EE98F4AAFD21BC5CE
|_ Výrobce: ?
|_ Procesy
|_ OUTLOOK.EXE (1544)
[?] usp10.dll
|_ Cesta: C:\Program Files\Microsoft Office\Office12\USP10.DLL
|_ MD5: C92D20A6E35E232004D83DC10A78878A
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ OUTLOOK.EXE (1544)
Výpis souborů
================================================================
\System32:
[?] cmdhere.dll 25 ncmpny, {EFF732B9}
[?] CSVer.dll 7 no vrfy, {9C9DC286}
[?] HHActiveX.dll HHACTI~1.DLL 7 no vrfy, {25B962DB}
[?] MPLBCOMM.dll 7 no vrfy, {82F2554B}
[?] MPMapTrace.dll MPMAPT~1.DLL 12 ncmpny, {E54C794B}
[?] mpPathan.dll 12 ncmpny, {AD85BA26}
[?] mppython.dll 7 no vrfy, {E2136A7B}
[?] mpusbapi.dll 7 no vrfy, {9A516BCB}
[?] mpxerces-c_2_7.dll MPXERC~1.DLL 7 no vrfy, {E710866F}
[?] nvwddi.dll 7 no vrfy, {77878C59}
[?] PEGRPCS.DLL 7 no vrfy, {19CFA79C}
[?] regsvc.dll 12 ncmpny, {0C44ACD8}
[?] sfcfiles.dll 12 ncmpny, {3B61CB96}
[?] vsflex8l.ocx 7 no vrfy, {654981DC}
[?] xRaidAPI.dll 7 no vrfy, {4C1CCFAB}
[?] xRaidSetup.exe XRAIDS~1.EXE 14 no vrfy, {44B16DAD}
\Drivers:
[?] scdemu.sys 14 no vrfy, {38E91C84}
[?] timntr.sys 7 no vrfy, {ED5B9693}
Access violations - HKCU
================================================================
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 28.3.2011 23:41:50
================================================================
SmallARK
================================================================
[R]NtClose -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtCreateKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDeleteValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDuplicateObject -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenProcess -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenThread -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtQueryValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtRestoreKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtSetValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
MBR ROOTKIT DETECTED!
Běžící procesy
================================================================
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
Scanner
================================================================
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
[?] RTHDCPL.exe
Spouští se po startu HKLM Run [RTHDCPL]
[R] ashDisp.exe
Spouští se po startu HKLM Run [avast!]
[S] rundll32.exe
Spouští se po startu HKLM Run [NvMediaCenter]
[S] ctfmon.exe
Spouští se po startu HKCU Run [ctfmon.exe]
[R] uTorrent.exe
Spouští se po startu HKCU Run [uTorrent]
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3
[?] mdm.exe
Ověřený Microsoft: Ne
Nemá okno
Soubor 12%
[R] OUTLOOK.EXE
Ověřený Microsoft: Ne
Po spuštění
================================================================
HKLM Run
|_ [?][RTHDCPL] C:\WINDOWS\RTHDCPL.EXE
|_ [R][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll ,NvTaskbarInit
|_ [R][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll ,NvStartup
|_ [R][nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
HKLM BHO
|_ [X][{AE7CD045-E861-484f-8273-0445EE161910}] (Soubor nenalezen)
|_ [X][{F4971EE7-DAA0-4053-9964-665D8EE6A077}] (Soubor nenalezen)
HKCU IE WebBrowser Toolbar
|_ [X][{47833539-D0C5-4125-9FA8-0819E2EAAC93}] (Soubor nenalezen)
HKLM IE Toolbar
|_ [X][{47833539-D0C5-4125-9FA8-0819E2EAAC93}] (Soubor nenalezen)
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] avast! Mail Scanner
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: avast! Mail Scanner
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: avast! Antivirus
[X] avast! Web Scanner
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: avast! Web Scanner
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: avast! Antivirus
[?] Machine Debug Manager
|_ Cesta: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Machine Debug Manager
| |_ MD5: 7CF1B716372B89568AE4C0FE769F5869
|
|_ Jméno: MDM
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: RPCSS
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Service for Realtek HD Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\RtkHDAud.sys
| |_ Výrobce: Realtek Semiconductor Corp.
| |_ Popis: Realtek(r) High Definition Audio Function Driver
| |_ MD5: C4006AF18682FCA0D8A011A0A21070F8
|
|_ Jméno: IntcAzAudAddService
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Jraid
|_ Cesta: C:\WINDOWS\system32\DRIVERS\jraid.sys
| |_ Výrobce: JMicron Technology Corp.
| |_ Popis: JMicron JMB36X RAID Driver
| |_ MD5: C1632FE31D1824A43DEA29725312E3FA
|
|_ Jméno: Jraid
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] nv
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58
| |_ MD5: 18C9B152DA7BEA76B2F9E4B6412E0AAF
|
|_ Jméno: nv
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
| |_ Výrobce: Realtek Semiconductor Corporation
| |_ Popis: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: BADABE0940C01619E8510B90FB314929
|
|_ Jméno: RTLE8023xp
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] SCDEmu
|_ Cesta: C:\WINDOWS\system32\drivers\SCDEmu.sys
| |_ Výrobce: PowerISO Computing, Inc.
| |_ Popis: PowerISO Virtual Drive
| |_ MD5: 23AA53256CE05B975398B78A33474265
|
|_ Jméno: SCDEmu
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Acronis True Image Backup Archive Explorer
|_ Cesta: C:\WINDOWS\system32\DRIVERS\timntr.sys
| |_ Výrobce: Acronis
| |_ Popis: Acronis True Image Backup Archive Explorer
| |_ MD5: 74711884439BDF9CCF446C79CB05FAC0
|
|_ Jméno: timounter
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (1412) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (2248) DkService.exe 0.0.0.0:31038 LISTENING
TCP (1452) uTorrent.exe 0.0.0.0:52789 LISTENING
TCP (3324) alg.exe 127.0.0.1:1047 LISTENING
TCP (2824) ashMaiSv.exe 127.0.0.1:12025 LISTENING
TCP (2844) ashWebSv.exe 127.0.0.1:12080 LISTENING
TCP (2824) ashMaiSv.exe 127.0.0.1:12110 LISTENING
TCP (2824) ashMaiSv.exe 127.0.0.1:12119 LISTENING
TCP (2824) ashMaiSv.exe 127.0.0.1:12143 LISTENING
TCP (4) Systém 192.168.100.101:139 LISTENING
TCP (3412) UPM.exe 192.168.100.101:1365 <-> 109.123.209.238:80 ESTABLISHED
TCP (0) 192.168.100.101:52789 TIME_WAIT
UDP (4) Systém 0.0.0.0:445 TIME_WAIT
UDP (1104) lsass.exe 0.0.0.0:500
UDP (1104) lsass.exe 0.0.0.0:4500
UDP (1452) uTorrent.exe 0.0.0.0:6771
UDP (1452) uTorrent.exe 0.0.0.0:52789
UDP (1508) svchost.exe 127.0.0.1:123
UDP (1736) svchost.exe 127.0.0.1:1900
UDP (1508) svchost.exe 192.168.100.101:123
UDP (4) Systém 192.168.100.101:137
UDP (4) Systém 192.168.100.101:138
UDP (1452) uTorrent.exe 192.168.100.101:1900
UDP (1736) svchost.exe 192.168.100.101:1900
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] aswcmnos.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
|_ MD5: 6D6416FA182FA865D265DFFA5A03C3C2
|_ Výrobce: ALWIL Software
|_ Procesy
|_ aswUpdSv.exe (1828)
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswcmnb.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
|_ MD5: F8DF17A0090F29EE330B34145152F38A
|_ Výrobce: ALWIL Software
|_ Procesy
|_ aswUpdSv.exe (1828)
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswcmns.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
|_ MD5: 7D79CD441ED208D062B326145C7B3AED
|_ Výrobce: ALWIL Software
|_ Procesy
|_ aswUpdSv.exe (1828)
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswscan.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswScan.dll
|_ MD5: 9FB2179200238536B788CB4046C61C24
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswengin.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswEngin.dll
|_ MD5: 144137D2E91504F551E82135673D89AE
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswinteg.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswInteg.dll
|_ MD5: D933B267939363888A40F86017561552
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ashbase.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashBase.dll
|_ MD5: E8B0EDD5C8518D9A1F73AC0C54A94D7C
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aswaux.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\aswAux.dll
|_ MD5: 8EA778943B7E155991AE9E3C818269AB
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] ashtask.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashTask.dll
|_ MD5: 0B9DBFE71F4EB4355985EE60E6A1DC3F
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] ashssqlt.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll
|_ MD5: B26CF29C64FDF7876D0E81C27C80F7BF
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] aavm4h.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
|_ MD5: 6CA1292225B47A5421E941B3CFEF48AF
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] aavmrpch.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AavmRpch.dll
|_ MD5: F3EAC60879AE425D81DBA70C3DA76D13
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ ashWebSv.exe (2844)
|_ OUTLOOK.EXE (1544)
[?] ahresstd.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResStd.dll
|_ MD5: 816CAE36B3D430622EB4D40CF9CC1E82
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahresout.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResOut.dll
|_ MD5: D3DE25C3CA9BCE6805E028C5DD304304
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ OUTLOOK.EXE (1544)
[?] ahresmai.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResMai.dll
|_ MD5: 60DA054E9DDFC242346B879EAAF1EBCE
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashMaiSv.exe (2824)
[?] ahresjs.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResJs.dll
|_ MD5: 6A96C7924D6E48C02073418F763586C1
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahjsctns.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
|_ MD5: 2611057BD89079021A077C5771771072
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ explorer.exe (792)
|_ RTHDCPL.exe (1020)
|_ ashDisp.exe (1016)
|_ rundll32.exe (364)
|_ ctfmon.exe (1364)
|_ uTorrent.exe (1452)
|_ ashMaiSv.exe (2824)
|_ wscntfy.exe (3620)
|_ OUTLOOK.EXE (1544)
|_ UPM.exe (3412)
[?] ahresmes.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ahResMes.dll
|_ MD5: A7469E3BE8770E7015CA499BA6729568
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahresp2p.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ahResP2P.dll
|_ MD5: 6E5E0EE9C837229C26C3B53B2036E44D
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahresns.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResNS.dll
|_ MD5: B3840EB1F44C28CA25D304FD1DA86954
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
[?] ahresws.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhResWS.dll
|_ MD5: 0C923A24FB7E7D6B4D210537F36E5296
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashServ.exe (1896)
|_ ashWebSv.exe (2844)
[?] timounter.dll
|_ Cesta: C:\Program Files\Acronis\TrueImageHome\timounter.dll
|_ MD5: F8F5DC09F9FE3F5C02D27B95FC155571
|_ Výrobce: Acronis
|_ Procesy
|_ explorer.exe (792)
[?] avi.dll
|_ Cesta: C:\Program Files\CCCP\Filters\Haali\avi.dll
|_ MD5: 6A7C66DCED9E0EFF08E17AA292CA45C5
|_ Výrobce:
|_ Procesy
|_ explorer.exe (792)
[?] rarext.dll
|_ Cesta: C:\Program Files\WinRAR\RarExt.dll
|_ MD5: EDBBD86134D4EB57B7917A13262ABE8E
|_ Výrobce:
|_ Procesy
|_ explorer.exe (792)
[?] pwrisosh.dll
|_ Cesta: C:\Program Files\PowerISO\PWRISOSH.DLL
|_ MD5: BAA3E635383278EC32A160967A53DB59
|_ Výrobce: PowerISO Computing, Inc.
|_ Procesy
|_ explorer.exe (792)
[?] vsfilter.dll
|_ Cesta: C:\Program Files\CCCP\Filters\VSFilter.dll
|_ MD5: A54AAC5E131EE45575986869C605BE79
|_ Výrobce: Gabest
|_ Procesy
|_ explorer.exe (792)
[?] ffdshow.ax
|_ Cesta: C:\Program Files\CCCP\Filters\FFDShow\ffdshow.ax
|_ MD5: 9F6EEDC57A79AB177F1AE6C85A951969
|_ Výrobce: ?
|_ Procesy
|_ explorer.exe (792)
[?] nppshell_04.dll
|_ Cesta: C:\Program Files\Notepad++\NppShell_04.dll
|_ MD5: 86A591473178AA6B6400A8DA225DF04F
|_ Výrobce: ?
|_ Procesy
|_ explorer.exe (792)
[?] ashuint.dll
|_ Cesta: C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll
|_ MD5: FCE48F51523E38C5E74969766B353D73
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
|_ OUTLOOK.EXE (1544)
[?] xt1922.dll
|_ Cesta: C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll
|_ MD5: 6C08604B5465DE19EAAC58C6A537D0BF
|_ Výrobce: Codejock Software
|_ Procesy
|_ ashDisp.exe (1016)
|_ OUTLOOK.EXE (1544)
[?] ahruistd.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll
|_ MD5: CB39A7024BE54E75E3B696272FDC0987
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruiout.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll
|_ MD5: 9625471205DFC433FB73E231FC9CBB01
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruimai.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll
|_ MD5: 02BD0FEACAA1A65F77806A3C3DEBD046
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruijs.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiJs.dll
|_ MD5: D60AA3B9FE4354E588622BD73E5D56FF
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruimes.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll
|_ MD5: 27BB54223D4AAEBBEB0E65DF776CF6C2
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruip2p.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll
|_ MD5: E5C7E4C34E43BFD68DE1CF2034FE9AF8
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruins.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll
|_ MD5: 99C120153031FBD057D4FA0499FFF755
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] ahruiws.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll
|_ MD5: 8F933065A585EAFD798DD5E49598CDCB
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
[?] lang.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ENGLISH\Lang.dll
|_ MD5: BC517179B72CA423F2C0D90413D345F7
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashDisp.exe (1016)
|_ ashMaiSv.exe (2824)
|_ OUTLOOK.EXE (1544)
[?] tab.dll
|_ Cesta: C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll
|_ MD5: CE8E6A288C6FF4FE03DF1D4DFAC1D605
|_ Výrobce: Diskeeper Corporation
|_ Procesy
|_ DkService.exe (2248)
[?] msdbg2.dll
|_ Cesta: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
|_ MD5: 2F1C2B887327CECA18C04041EDDD8F20
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ mdm.exe (2344)
[?] langmai.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast4\ENGLISH\LangMai.dll
|_ MD5: 2B2C74A7CC896D33638B74E4187ACE24
|_ Výrobce: ALWIL Software
|_ Procesy
|_ ashMaiSv.exe (2824)
[?] adobepdfmakerx.dll
|_ Cesta: C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
|_ MD5: A0FAABB491A7356EE98F4AAFD21BC5CE
|_ Výrobce: ?
|_ Procesy
|_ OUTLOOK.EXE (1544)
[?] usp10.dll
|_ Cesta: C:\Program Files\Microsoft Office\Office12\USP10.DLL
|_ MD5: C92D20A6E35E232004D83DC10A78878A
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ OUTLOOK.EXE (1544)
Výpis souborů
================================================================
\System32:
[?] cmdhere.dll 25 ncmpny, {EFF732B9}
[?] CSVer.dll 7 no vrfy, {9C9DC286}
[?] HHActiveX.dll HHACTI~1.DLL 7 no vrfy, {25B962DB}
[?] MPLBCOMM.dll 7 no vrfy, {82F2554B}
[?] MPMapTrace.dll MPMAPT~1.DLL 12 ncmpny, {E54C794B}
[?] mpPathan.dll 12 ncmpny, {AD85BA26}
[?] mppython.dll 7 no vrfy, {E2136A7B}
[?] mpusbapi.dll 7 no vrfy, {9A516BCB}
[?] mpxerces-c_2_7.dll MPXERC~1.DLL 7 no vrfy, {E710866F}
[?] nvwddi.dll 7 no vrfy, {77878C59}
[?] PEGRPCS.DLL 7 no vrfy, {19CFA79C}
[?] regsvc.dll 12 ncmpny, {0C44ACD8}
[?] sfcfiles.dll 12 ncmpny, {3B61CB96}
[?] vsflex8l.ocx 7 no vrfy, {654981DC}
[?] xRaidAPI.dll 7 no vrfy, {4C1CCFAB}
[?] xRaidSetup.exe XRAIDS~1.EXE 14 no vrfy, {44B16DAD}
\Drivers:
[?] scdemu.sys 14 no vrfy, {38E91C84}
[?] timntr.sys 7 no vrfy, {ED5B9693}
Access violations - HKCU
================================================================
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
Re: Nepravidelné zatuhávání
Stáhni MBR
přesuň mbr.exe do adresare C:\Windows
pak přes :
Start >> Spustit >> napiš - cmd >> Enter
vybafne na tebe okénko příkazového řádku a do něj ručně napíšeš příkaz :
mbr.exe -f -s
a klikneš na Enter
Po provedení Restartuj PC a spusť mbr ještě jednou ale už normálně a zkopíruj sem log.
přesuň mbr.exe do adresare C:\Windows
pak přes :
Start >> Spustit >> napiš - cmd >> Enter
vybafne na tebe okénko příkazového řádku a do něj ručně napíšeš příkaz :
mbr.exe -f -s
a klikneš na Enter
Po provedení Restartuj PC a spusť mbr ještě jednou ale už normálně a zkopíruj sem log.
Přispějete na provoz fóra?