Extrémně pomalý PC

[Garfield]

Super. Je to tedy vše? Jak uklidím?

[Rudy]

Pokud vše funguje, pak je to OK. CF odinstalujte Start>spustit>(napsat) comobfix /uninstall>OK. OTM spusťte a klikněte na Cleanup. Pak jej smažte.

[Garfield]

No myslím, že to chodí stejně špatně, jako před vznikem akutního problému, takže se zdá být vše ok . Díky moc za pomoc! .

[Garfield]

Ehm... no... Mám ještě problém:

1) Z plochy mi zmizela polovina ikon (soubory i zástupci) - může to souviset s našimi aktivitami?
2) na C: mi zůstala složka 32788R22FWJFW, která zjevně obsahuje nějaké součásti ComboFixu. Co s tím?

[Rudy]

Je to neškodné. Jestli vám vadí, zkuste ji smazat. Složka by se ale měla jmenovat Quoobox. Tam si CF dělá zálohy. Pokud tam je, také ji můžete smazat.

[Garfield]

Složka smazána, Quoobox jsem nenašel. Ty ikony mě ale trochu znervóznily. Čož o to, důležité soubory tam nebyly a zástupce si vytvořím znovu, ale stejně. Taky mě ještě napadlo, jestli skutečně proběhl CF skript v pohodě. Vás překvapilo, že nevytvořil log, jak měl a já stále vidím babylon jako jeden z vyhledávačů v browserech. Přišlo mi, že skriptem se mělo vše smazat .

[Rudy]

Pokud si nejste jist, zkuste provést nový sken se stejným skriptem, ale v nouz. režimu.

[Garfield]

Tak jsem provedl skript v nouzovém režimu a dostal jsem výsledek - vymazaly se mi oblíbené v browserech...
Po restartování počítače (automaticky CF) jsem nenšal log na obvyklém místě, ale tady: C:\Qoobox\ jsem dohledal ComboFix2.txt. Nicméně se mi teď zdá počítač o něco pomalejší než před provedením skriptu, jestli je to možné...
Nicméně je tedy jasné, že před tím se skript neprovedl, teď ano.

ComboFix 12-01-13.05 - Admin 14.01.2012 19:15:50.13.1 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.895.679 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-14 do 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 17:03 . 2012-01-14 17:03 0 ----a-w- c:\windows\system32\VDME0.tmp
2012-01-14 17:03 . 2012-01-14 17:03 0 ----a-w- c:\windows\system32\VDMDF.tmp
2012-01-14 17:03 . 2012-01-14 17:03 0 ----a-w- c:\windows\system32\VDMDE.tmp
2012-01-14 17:03 . 2012-01-14 17:03 0 ----a-w- c:\windows\system32\VDMDD.tmp
2012-01-14 16:18 . 2012-01-14 16:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2011-12-30 20:10 . 2011-12-30 20:10 237 ----a-w- C:\user.js
2011-12-30 20:09 . 2011-12-30 20:09 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Babylon
2011-12-30 20:09 . 2011-12-30 20:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2011-12-30 20:09 . 2011-12-30 20:09 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Babylon
2011-12-30 20:08 . 2011-12-30 20:08 -------- d-----w- c:\program files\OpenSubtitlesPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 17:15 . 2007-09-20 19:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-14 17:15 . 2010-04-16 20:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-19 18:59 . 2010-03-03 18:54 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2010-03-03 18:54 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2010-03-03 18:54 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2010-03-03 18:54 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-10-22 10:51 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2010-03-03 18:54 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-12 20:38 . 2011-05-28 11:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-07-06 12:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-12-03 15:15 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-04-01 23:02 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-04-05 08:46 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-12-03 15:15 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-12-03 15:15 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-12-03 15:15 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:52 . 2008-12-03 15:15 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2008-04-05 08:46 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2008-12-03 15:15 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-11-20 10:14 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-11-20 10:14 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-11-20 10:14 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:13 . 2004-11-20 10:14 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-11-20 10:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-11-20 10:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2004-11-20 10:14 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2004-11-20 10:14 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-11-20 10:14 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-11-20 10:14 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2004-11-20 10:14 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2004-11-20 10:14 2194944 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-17 14:45 2071552 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-11-20 10:14 186880 ----a-w- c:\windows\system32\encdec.dll
2011-05-01 13:32 . 2011-03-28 21:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]
"SMSERIAL"="sm56hlpr.exe" [2006-01-19 544768]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 106544]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ASUS ChkMail.lnk - c:\program files\ASUS\Asus ChkMail\ChkMail.exe [2006-11-14 32768]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^e-Backup 1.42 Scheduler.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\e-Backup 1.42 Scheduler.lnk
backup=c:\windows\pss\e-Backup 1.42 Scheduler.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3.3.2010 19:54 31704]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [12.2.2010 19:23 148744]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.3.2009 17:55 691696]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.4.2011 0:02 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2008 9:46 314456]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3.3.2010 19:54 494816]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2008 9:46 20568]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [29.12.2009 2:18 14976]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys --> c:\windows\system32\Drivers\gHidPnp.Sys [?]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys --> c:\windows\system32\DRIVERS\gMouUsb.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.74.192.252 192.168.0.1
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\b6wowqfp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 19:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-879246492-1382184936-362750733-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,60,c6,11,7b,37,47,57,20,1c,d2,7d,1f,bc,82,d6,dd,66,38,ce,94,e2,c4,
26,3b,f5,06,0f,42,9d,71,06,ab,6d,bd,ff,cb,3e,40,4d,66,ed,7a,ea,77,4e,b1,c7,\
"??"=hex:db,04,0e,52,89,49,8c,2b,47,79,02,ff,71,4f,c8,12
.
[HKEY_USERS\S-1-5-21-879246492-1382184936-362750733-1005\Software\SecuROM\License information*]
"datasecu"=hex:ba,c8,ca,97,14,fc,a0,93,aa,99,23,b9,de,15,9b,8c,3d,94,54,db,9d,
39,2c,19,ef,bd,b2,f8,c4,20,71,3d,89,8c,45,e1,ff,0b,dd,5a,33,7c,e5,f5,8b,0a,\
"rkeysecu"=hex:77,d7,61,b1,27,06,57,8a,ae,7a,22,f4,50,33,54,8a
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\ACPI\SYN0A06\4&136225a3&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\HID\Vid_0458&Pid_007e&MI_01&Col01\7&14b48b83&0&0000\LogConf]
@DACL=(02 0000)
.
Celkový čas: 2012-01-14 19:22:27
ComboFix-quarantined-files.txt 2012-01-14 18:22
.
Před spuštěním: Volných bajtů: 18 374 950 912
Po spuštění: Volných bajtů: 18 348 769 280
.
- - End Of File - - 9591E7E2040720A592BB1059CF9D23E4

[Rudy]

Co mělo bý smazáno, bylo smazáno. Ješrě nám tam něco vylezlo. Zkuste ještě jednou spustit CF tímto skriptem:

Collect::
c:\windows\system32\VDME0.tmp
c:\windows\system32\VDMDF.tmp
c:\windows\system32\VDMDE.tmp
c:\windows\system32\VDMDD.tmp

[Garfield]

Skript proběhl až na podruhé, ale v pořádku. Zde je log:

ComboFix 12-01-13.05 - Admin 15.01.2012 0:26.15.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.895.536 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Předchozí spuštění --
.
Nakažená kopie c:\windows\system32\Version.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\version.dll
.
--------
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-14 do 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 17:03 . 2012-01-14 17:03 0 ----a-w- c:\windows\system32\VDME0.tmp
2012-01-14 17:03 . 2012-01-14 17:03 0 ----a-w- c:\windows\system32\VDMDF.tmp
2012-01-14 17:03 . 2012-01-14 17:03 0 ----a-w- c:\windows\system32\VDMDE.tmp
2012-01-14 17:03 . 2012-01-14 17:03 0 ----a-w- c:\windows\system32\VDMDD.tmp
2012-01-14 16:18 . 2012-01-14 16:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2011-12-30 20:09 . 2011-12-30 20:09 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Babylon
2011-12-30 20:09 . 2011-12-30 20:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2011-12-30 20:09 . 2011-12-30 20:09 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Babylon
2011-12-30 20:08 . 2011-12-30 20:08 -------- d-----w- c:\program files\OpenSubtitlesPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 17:15 . 2007-09-20 19:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-14 17:15 . 2010-04-16 20:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-19 18:59 . 2010-03-03 18:54 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2010-03-03 18:54 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2010-03-03 18:54 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2010-03-03 18:54 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-10-22 10:51 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2010-03-03 18:54 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-12 20:38 . 2011-05-28 11:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-07-06 12:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-12-03 15:15 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-04-01 23:02 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-04-05 08:46 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-12-03 15:15 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-12-03 15:15 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-12-03 15:15 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:52 . 2008-12-03 15:15 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2008-04-05 08:46 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2008-12-03 15:15 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-11-20 10:14 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-11-20 10:14 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-11-20 10:14 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:13 . 2004-11-20 10:14 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-11-20 10:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-11-20 10:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2004-11-20 10:14 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:29 . 2004-11-20 10:14 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-11-20 10:14 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-11-20 10:14 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2004-11-20 10:14 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2004-11-20 10:14 2194944 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-17 14:45 2071552 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-11-20 10:14 186880 ----a-w- c:\windows\system32\encdec.dll
2011-05-01 13:32 . 2011-03-28 21:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-14_18.21.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-14 23:39 . 2012-01-14 23:39 16384 c:\windows\temp\Perflib_Perfdata_248.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]
"SMSERIAL"="sm56hlpr.exe" [2006-01-19 544768]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 106544]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ASUS ChkMail.lnk - c:\program files\ASUS\Asus ChkMail\ChkMail.exe [2006-11-14 32768]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^e-Backup 1.42 Scheduler.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\e-Backup 1.42 Scheduler.lnk
backup=c:\windows\pss\e-Backup 1.42 Scheduler.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.3.2009 17:55 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.4.2011 0:02 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2008 9:46 314456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3.3.2010 19:54 494816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3.3.2010 19:54 31704]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2008 9:46 20568]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [12.2.2010 19:23 148744]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [29.12.2009 2:18 14976]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys --> c:\windows\system32\Drivers\gHidPnp.Sys [?]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys --> c:\windows\system32\DRIVERS\gMouUsb.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.74.192.252 192.168.0.1
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\b6wowqfp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-15 00:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-879246492-1382184936-362750733-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,60,c6,11,7b,37,47,57,20,1c,d2,7d,1f,bc,82,d6,dd,66,38,ce,94,e2,c4,
26,3b,f5,06,0f,42,9d,71,06,ab,6d,bd,ff,cb,3e,40,4d,66,ed,7a,ea,77,4e,b1,c7,\
"??"=hex:db,04,0e,52,89,49,8c,2b,47,79,02,ff,71,4f,c8,12
.
[HKEY_USERS\S-1-5-21-879246492-1382184936-362750733-1005\Software\SecuROM\License information*]
"datasecu"=hex:ba,c8,ca,97,14,fc,a0,93,aa,99,23,b9,de,15,9b,8c,3d,94,54,db,9d,
39,2c,19,ef,bd,b2,f8,c4,20,71,3d,89,8c,45,e1,ff,0b,dd,5a,33,7c,e5,f5,8b,0a,\
"rkeysecu"=hex:77,d7,61,b1,27,06,57,8a,ae,7a,22,f4,50,33,54,8a
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\ACPI\SYN0A06\4&136225a3&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\HID\Vid_0458&Pid_007e&MI_01&Col01\7&14b48b83&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
.
- - - - - - - > 'csrss.exe'(916)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\sm56hlpr.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\Alwil Software\Avast5\defs\12011401\Sf.bin
.
**************************************************************************
.
Celkový čas: 2012-01-15 00:55:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-14 23:55
ComboFix2.txt 2012-01-14 18:22
.
Před spuštěním: Volných bajtů: 18 255 478 784
Po spuštění: Volných bajtů: 18 225 987 584
.
- - End Of File - - 806AFCF4AC23771085C8B4F5ED197579

[Rudy]

Ještě spusťte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip . Rozbalte na plochu, spusťte a nechte pracovat. Pak dejte log.

[Garfield]

Doufám, že to je ten správný log. Na konci označil jeden soubor jako zamčený/podezřelý. Nevěděl jsem, co s ním, tak jsem ho dal do karantény .

10:33:06.0515 0540 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
10:33:08.0515 0540 ============================================================
10:33:08.0515 0540 Current date / time: 2012/01/15 10:33:08.0515
10:33:08.0515 0540 SystemInfo:
10:33:08.0515 0540
10:33:08.0515 0540 OS Version: 5.1.2600 ServicePack: 3.0
10:33:08.0515 0540 Product type: Workstation
10:33:08.0515 0540 ComputerName: N-385B77DFF9F44
10:33:08.0515 0540 UserName: Admin
10:33:08.0515 0540 Windows directory: C:\WINDOWS
10:33:08.0515 0540 System windows directory: C:\WINDOWS
10:33:08.0515 0540 Processor architecture: Intel x86
10:33:08.0515 0540 Number of processors: 1
10:33:08.0515 0540 Page size: 0x1000
10:33:08.0515 0540 Boot type: Normal boot
10:33:08.0515 0540 ============================================================
10:33:46.0890 0540 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000, SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
10:33:46.0984 0540 Initialize success
10:33:59.0078 2668 ============================================================
10:33:59.0078 2668 Scan started
10:33:59.0078 2668 Mode: Manual;
10:33:59.0078 2668 ============================================================
10:33:59.0468 2668 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:33:59.0468 2668 Aavmker4 - ok
10:33:59.0734 2668 Abiosdsk - ok
10:34:00.0031 2668 abp480n5 - ok
10:34:00.0187 2668 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:34:00.0187 2668 ACPI - ok
10:34:00.0281 2668 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:34:00.0281 2668 ACPIEC - ok
10:34:00.0578 2668 adpu160m - ok
10:34:00.0796 2668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:34:00.0812 2668 aec - ok
10:34:01.0015 2668 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:34:01.0015 2668 AFD - ok
10:34:01.0359 2668 Aha154x - ok
10:34:01.0687 2668 aic78u2 - ok
10:34:01.0984 2668 aic78xx - ok
10:34:02.0296 2668 AliIde - ok
10:34:02.0531 2668 AmdK8 (d2b80a58ed4082da1d2f382f64621dc9) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:34:02.0546 2668 AmdK8 - ok
10:34:02.0843 2668 amsint - ok
10:34:02.0953 2668 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:34:02.0968 2668 Arp1394 - ok
10:34:03.0265 2668 asc - ok
10:34:03.0562 2668 asc3350p - ok
10:34:03.0890 2668 asc3550 - ok
10:34:05.0578 2668 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS
10:34:05.0609 2668 ASNDIS5 - ok
10:34:05.0921 2668 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:34:05.0921 2668 aswFsBlk - ok
10:34:06.0171 2668 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
10:34:06.0203 2668 aswMon2 - ok
10:34:06.0500 2668 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
10:34:06.0500 2668 aswRdr - ok
10:34:06.0718 2668 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
10:34:06.0734 2668 aswSnx - ok
10:34:07.0000 2668 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
10:34:07.0031 2668 aswSP - ok
10:34:07.0281 2668 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
10:34:07.0296 2668 aswTdi - ok
10:34:07.0421 2668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:34:07.0421 2668 AsyncMac - ok
10:34:07.0531 2668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:34:07.0531 2668 atapi - ok
10:34:07.0828 2668 Atdisk - ok
10:34:08.0046 2668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:34:08.0046 2668 audstub - ok
10:34:08.0343 2668 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:34:08.0375 2668 BCM43XX - ok
10:34:08.0437 2668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:34:08.0437 2668 Beep - ok
10:34:08.0500 2668 catchme - ok
10:34:08.0593 2668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:34:08.0593 2668 cbidf2k - ok
10:34:08.0921 2668 cd20xrnt - ok
10:34:09.0015 2668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:34:09.0015 2668 Cdfs - ok
10:34:09.0312 2668 cdrbsdrv - ok
10:34:09.0421 2668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:34:09.0437 2668 Cdrom - ok
10:34:09.0546 2668 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:34:09.0562 2668 CmBatt - ok
10:34:09.0812 2668 cmdGuard (a2c97b4f0db351930d58f467948dc51d) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
10:34:09.0828 2668 cmdGuard - ok
10:34:10.0031 2668 cmdHlp (a736f2263310fee1799de88cb50c1023) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
10:34:10.0031 2668 cmdHlp - ok
10:34:10.0328 2668 CmdIde - ok
10:34:10.0437 2668 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:34:10.0453 2668 Compbatt - ok
10:34:10.0781 2668 Cpqarray - ok
10:34:11.0109 2668 dac2w2k - ok
10:34:11.0453 2668 dac960nt - ok
10:34:11.0531 2668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:34:11.0546 2668 Disk - ok
10:34:11.0875 2668 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
10:34:11.0921 2668 dmboot - ok
10:34:12.0218 2668 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
10:34:12.0234 2668 dmio - ok
10:34:12.0281 2668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:34:12.0281 2668 dmload - ok
10:34:12.0500 2668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:34:12.0500 2668 DMusic - ok
10:34:12.0781 2668 dpti2o - ok
10:34:12.0859 2668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:34:12.0875 2668 drmkaud - ok
10:34:13.0265 2668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:34:13.0265 2668 Fastfat - ok
10:34:13.0593 2668 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
10:34:13.0609 2668 Fips - ok
10:34:13.0796 2668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:34:13.0796 2668 FltMgr - ok
10:34:13.0859 2668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:34:13.0875 2668 Fs_Rec - ok
10:34:13.0953 2668 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:34:13.0953 2668 Ftdisk - ok
10:34:14.0234 2668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:34:14.0234 2668 GEARAspiWDM - ok
10:34:14.0531 2668 gHidPnp - ok
10:34:15.0156 2668 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
10:34:15.0156 2668 giveio - ok
10:34:15.0468 2668 gMouUsb - ok
10:34:15.0781 2668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:34:15.0781 2668 Gpc - ok
10:34:15.0937 2668 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:34:15.0953 2668 HDAudBus - ok
10:34:16.0328 2668 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:34:16.0343 2668 HidUsb - ok
10:34:16.0687 2668 hpn - ok
10:34:16.0921 2668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:34:16.0937 2668 HTTP - ok
10:34:17.0281 2668 i2omp - ok
10:34:17.0625 2668 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:34:17.0625 2668 i8042prt - ok
10:34:17.0953 2668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:34:17.0953 2668 Imapi - ok
10:34:18.0296 2668 ini910u - ok
10:34:18.0531 2668 Inspect (456003490faa4a2361ceacbfb6409172) C:\WINDOWS\system32\DRIVERS\inspect.sys
10:34:18.0531 2668 Inspect - ok
10:34:19.0000 2668 IntcAzAudAddService (0782317ca4b1c229a0854c998c4595fe) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:34:19.0187 2668 IntcAzAudAddService - ok
10:34:19.0500 2668 IntelIde - ok
10:34:19.0828 2668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:34:19.0843 2668 IpNat - ok
10:34:20.0156 2668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:34:20.0171 2668 IPSec - ok
10:34:20.0515 2668 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:34:20.0531 2668 isapnp - ok
10:34:20.0843 2668 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:34:20.0859 2668 Kbdclass - ok
10:34:21.0156 2668 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:34:21.0203 2668 kbdhid - ok
10:34:21.0531 2668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:34:21.0546 2668 kmixer - ok
10:34:21.0796 2668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:34:21.0796 2668 KSecDD - ok
10:34:22.0109 2668 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
10:34:22.0109 2668 MDC8021X - ok
10:34:22.0234 2668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:34:22.0250 2668 mnmdd - ok
10:34:22.0562 2668 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
10:34:22.0562 2668 Modem - ok
10:34:22.0890 2668 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:34:22.0906 2668 Mouclass - ok
10:34:23.0171 2668 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:34:23.0171 2668 mouhid - ok
10:34:23.0500 2668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:34:23.0500 2668 MountMgr - ok
10:34:23.0843 2668 mraid35x - ok
10:34:24.0156 2668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:34:24.0156 2668 MRxDAV - ok
10:34:24.0406 2668 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:34:24.0437 2668 MRxSmb - ok
10:34:24.0750 2668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:34:24.0750 2668 Msfs - ok
10:34:24.0906 2668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:34:24.0906 2668 mssmbios - ok
10:34:25.0093 2668 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
10:34:25.0093 2668 MTsensor - ok
10:34:25.0312 2668 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:34:25.0328 2668 Mup - ok
10:34:25.0656 2668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:34:25.0671 2668 NDIS - ok
10:34:25.0875 2668 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:34:25.0875 2668 NdisTapi - ok
10:34:26.0203 2668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:34:26.0218 2668 Ndisuio - ok
10:34:26.0515 2668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:34:26.0515 2668 NdisWan - ok
10:34:26.0734 2668 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:34:26.0765 2668 NDProxy - ok
10:34:27.0078 2668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:34:27.0078 2668 NetBIOS - ok
10:34:27.0406 2668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:34:27.0421 2668 NetBT - ok
10:34:27.0765 2668 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:34:27.0781 2668 NIC1394 - ok
10:34:28.0015 2668 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
10:34:28.0015 2668 nmwcd - ok
10:34:28.0218 2668 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
10:34:28.0218 2668 nmwcdc - ok
10:34:28.0531 2668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:34:28.0531 2668 Npfs - ok
10:34:28.0859 2668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:34:28.0890 2668 Ntfs - ok
10:34:28.0968 2668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:34:28.0984 2668 Null - ok
10:34:29.0296 2668 nv (b79e623da3614cef319b03696e821ba9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:34:29.0453 2668 nv - ok
10:34:29.0671 2668 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
10:34:29.0671 2668 nvsmu - ok
10:34:29.0984 2668 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:34:30.0000 2668 ohci1394 - ok
10:34:30.0312 2668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:34:30.0312 2668 PartMgr - ok
10:34:30.0390 2668 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
10:34:30.0406 2668 ParVdm - ok
10:34:30.0703 2668 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
10:34:30.0703 2668 PCI - ok
10:34:31.0015 2668 PCIDump - ok
10:34:31.0109 2668 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:34:31.0109 2668 PCIIde - ok
10:34:31.0421 2668 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:34:31.0437 2668 Pcmcia - ok
10:34:31.0750 2668 perc2 - ok
10:34:32.0093 2668 perc2hib - ok
10:34:32.0453 2668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:34:32.0468 2668 PptpMiniport - ok
10:34:32.0765 2668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:34:32.0781 2668 PSched - ok
10:34:32.0828 2668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:34:32.0828 2668 Ptilink - ok
10:34:33.0078 2668 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:34:33.0078 2668 PxHelp20 - ok
10:34:33.0390 2668 ql1080 - ok
10:34:33.0734 2668 Ql10wnt - ok
10:34:34.0046 2668 ql12160 - ok
10:34:34.0375 2668 ql1240 - ok
10:34:34.0687 2668 ql1280 - ok
10:34:34.0750 2668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:34:34.0765 2668 RasAcd - ok
10:34:35.0062 2668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:34:35.0078 2668 Rasl2tp - ok
10:34:35.0375 2668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:34:35.0375 2668 RasPppoe - ok
10:34:35.0453 2668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:34:35.0453 2668 Raspti - ok
10:34:35.0734 2668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:34:35.0750 2668 Rdbss - ok
10:34:35.0812 2668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:34:35.0812 2668 RDPCDD - ok
10:34:36.0140 2668 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:34:36.0156 2668 redbook - ok
10:34:36.0390 2668 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:34:36.0421 2668 rimsptsk - ok
10:34:36.0625 2668 risdptsk (ace2ce73d7b04eac48fb80482e05e770) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
10:34:36.0625 2668 risdptsk - ok
10:34:36.0937 2668 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:34:36.0937 2668 RTL8023xp - ok
10:34:37.0125 2668 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
10:34:37.0125 2668 SBKUPNT - ok
10:34:37.0406 2668 SecDrv (f376a1580204e47f37a721e1cbc5582a) C:\WINDOWS\system32\drivers\SECDRV.SYS
10:34:37.0421 2668 SecDrv - ok
10:34:37.0750 2668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:34:37.0750 2668 Sfloppy - ok
10:34:38.0078 2668 Simbad - ok
10:34:38.0375 2668 smserial (ce2e9d6b8c26c38779581cff1f14b65b) C:\WINDOWS\system32\DRIVERS\smserial.sys
10:34:38.0437 2668 smserial - ok
10:34:38.0781 2668 Sparrow - ok
10:34:39.0515 2668 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
10:34:39.0515 2668 speedfan - ok
10:34:39.0796 2668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:34:39.0796 2668 splitter - ok
10:34:39.0953 2668 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
10:34:39.0953 2668 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
10:34:39.0968 2668 sptd ( LockedFile.Multi.Generic ) - warning
10:34:39.0968 2668 sptd - detected LockedFile.Multi.Generic (1)
10:34:40.0250 2668 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
10:34:40.0265 2668 sr - ok
10:34:40.0484 2668 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:34:40.0515 2668 Srv - ok
10:34:40.0828 2668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:34:40.0828 2668 swenum - ok
10:34:41.0093 2668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:34:41.0093 2668 swmidi - ok
10:34:41.0453 2668 symc810 - ok
10:34:41.0765 2668 symc8xx - ok
10:34:42.0109 2668 sym_hi - ok
10:34:42.0421 2668 sym_u3 - ok
10:34:42.0703 2668 SynTP (9c29e8e9c1c48e9c8bc38f031df4720f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:34:42.0718 2668 SynTP - ok
10:34:43.0000 2668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:34:43.0000 2668 sysaudio - ok
10:34:43.0281 2668 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:34:43.0296 2668 Tcpip - ok
10:34:43.0531 2668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:34:43.0546 2668 TDPIPE - ok
10:34:43.0796 2668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:34:43.0796 2668 TDTCP - ok
10:34:44.0093 2668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:34:44.0093 2668 TermDD - ok
10:34:44.0531 2668 TosIde - ok
10:34:44.0812 2668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:34:44.0812 2668 Udfs - ok
10:34:45.0093 2668 ultra - ok
10:34:45.0281 2668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:34:45.0296 2668 Update - ok
10:34:45.0640 2668 USBAAPL - ok
10:34:45.0921 2668 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:34:45.0921 2668 usbccgp - ok
10:34:46.0046 2668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:34:46.0046 2668 usbehci - ok
10:34:46.0390 2668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:34:46.0406 2668 usbhub - ok
10:34:46.0687 2668 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:34:46.0703 2668 usbohci - ok
10:34:46.0953 2668 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:34:46.0953 2668 usbscan - ok
10:34:47.0218 2668 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:34:47.0218 2668 USBSTOR - ok
10:34:47.0531 2668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:34:47.0546 2668 VgaSave - ok
10:34:47.0859 2668 ViaIde - ok
10:34:48.0125 2668 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
10:34:48.0140 2668 VolSnap - ok
10:34:48.0437 2668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:34:48.0453 2668 Wanarp - ok
10:34:48.0796 2668 WDICA - ok
10:34:49.0078 2668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:34:49.0093 2668 wdmaud - ok
10:34:49.0328 2668 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:34:49.0328 2668 WS2IFSL - ok
10:34:49.0578 2668 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:34:49.0578 2668 WudfPf - ok
10:34:49.0812 2668 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:34:49.0812 2668 WudfRd - ok
10:34:49.0875 2668 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
10:34:50.0000 2668 \Device\Harddisk0\DR0 - ok
10:34:50.0000 2668 Boot (0x1200) (09e4440276a2be5826495588cddab5e0) \Device\Harddisk0\DR0\Partition0
10:34:50.0000 2668 \Device\Harddisk0\DR0\Partition0 - ok
10:34:50.0031 2668 Boot (0x1200) (28497c5de6286924aa66196a481a8f3c) \Device\Harddisk0\DR0\Partition1
10:34:50.0031 2668 \Device\Harddisk0\DR0\Partition1 - ok
10:34:50.0031 2668 ============================================================
10:34:50.0031 2668 Scan finished
10:34:50.0031 2668 ============================================================
10:34:50.0046 4092 Detected object count: 1
10:34:50.0046 4092 Actual detected object count: 1
10:35:07.0515 4092 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
10:35:07.0828 4092 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

[Rudy]

Ok, něco našel a přesunul do karantény. Jak to vypadá nyní?

[Garfield]

Docela dobře . Opět běží tak, jako před problémem.

[Rudy]

To jsem rád!