VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Rootkit? Zpomalený PC a podivné chování

https://forum.viry.cz:443/viewtopic.php?t=102825

Stránka 1 z 2

Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 14:18
od Paulos
Zdravím, přicházím s mírně problémovým PC, tentokrát je to můj (pořád nic proti tomu, co občas vídám, ale začíná mě to znervózňovat). Počítač se mi zdá být oproti normálu zpomalený, dneska, když jsem se pokoušel zadat do adresního řádku Chromu "the avenger", hodil BSoD (nemůžu se k těm informacím dostat) a nyní mám kurzívu v Google Chrome a Steamu. Mám podezření na rootkit, podívejte se:

AVG Anti-Rootkit Free:
C:\Windows\System32\Drivers\aufbwt25.SYS,Hidden driver file
C:\Windows\System32\Drivers\azwpvfwd.SYS,Hidden driver file

Abych to udělal zajímavější, GMER spadne chvíli po spuštění. Prosím pěkně o pomoc a vyčištění PC. Děkuju předem!

RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Pavel at 2010-07-18 13:59:42
Microsoft Windows 7 Ultimate
System drive C: has 11 GB (17%) free of 65 GB
Total RAM: 1023 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:00:05, on 18.7.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\V0420Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\LifeView MVP\RemoteControl.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
C:\Program Files\Launchy\Launchy.exe
C:\Users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Users\Pavel\Desktop\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Pavel\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0420Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0420Ext.ax
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] "E:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView MVP\RemoteControl.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "e:\hry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: iReboot 1.1.1.lnk = C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Pavel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Pavel\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O15 - Trusted Zone: http://software.kuaiche.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0019C12E-4FF2-46B8-B5FB-A6D2D934B8CA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0019C12E-4FF2-46B8-B5FB-A6D2D934B8CA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0019C12E-4FF2-46B8-B5FB-A6D2D934B8CA}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)
O23 - Service: Fast Multimedia Timer - Unknown owner - C:\Windows\system32\fmmtimersvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iReboot Background Service (iReboot) - Unknown owner - C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: ProgDVB Scheduler Service (ProgDVBService) - Unknown owner - C:\Program Files\ProgDVB\ProgDVBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: VisualSVN Server (VisualSVNServer) - Apache Software Foundation - C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

--
End of file - 8630 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1278905916-617490914-3079557870-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1278905916-617490914-3079557870-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\Pavel\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22 157232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"V0420Mon.exe"=C:\Windows\V0420Mon.exe [2007-04-30 32768]
"C:\Windows\system32\V0420Ext.ax"=C:\Windows\system32\RegSvr32.exe [2009-07-14 14848]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe []
"UpdatePDRShortCut"=E:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2009-05-26 1159168]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-29 7625248]
"DTVRemote"=C:\Program Files\LifeView MVP\RemoteControl.exe [2007-02-09 69632]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-05-11 2528584]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 136176]
"Steam"=e:\hry\steam\steam.exe [2010-05-09 1238352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
iReboot 1.1.1.lnk - C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-18 13:37:51 ----D---- C:\Program Files\trend micro
2010-07-18 13:37:50 ----D---- C:\rsit
2010-07-18 13:11:00 ----D---- C:\!KillBox
2010-07-18 13:06:42 ----D---- C:\Windows\system32\oodag
2010-07-18 13:03:12 ----D---- C:\Program Files\OO Software
2010-07-17 15:14:44 ----D---- C:\Program Files\Microsoft SSL ChainSaver
2010-07-16 09:22:52 ----D---- C:\Users\Pavel\AppData\Roaming\Launchy
2010-07-16 09:22:46 ----D---- C:\Program Files\Launchy
2010-07-14 19:42:26 ----D---- C:\Users\Pavel\AppData\Roaming\dvdcss
2010-07-13 21:17:59 ----D---- C:\Program Files\Windows Live SkyDrive
2010-07-13 21:17:35 ----D---- C:\Program Files\Windows Live
2010-07-13 21:14:13 ----D---- C:\Program Files\Common Files\Windows Live
2010-07-11 19:08:21 ----D---- C:\Extendir
2010-07-11 17:38:35 ----D---- C:\Users\Pavel\AppData\Roaming\Blender Foundation
2010-07-11 17:38:31 ----D---- C:\Program Files\Blender Foundation
2010-07-10 21:23:19 ----D---- C:\Users\Pavel\AppData\Roaming\Audacity
2010-07-10 21:23:03 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2010-07-10 19:40:42 ----A---- C:\Windows\system32\drivers\AmdLLD.sys
2010-07-10 19:40:40 ----D---- C:\Program Files\AMD
2010-07-10 19:40:03 ----D---- C:\Windows\system32\AGEIA
2010-07-10 19:40:03 ----D---- C:\Program Files\AGEIA Technologies
2010-07-10 19:38:51 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-07-10 19:38:51 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\XAudioD2_7.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\XAPOFXD1_5.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\XactEngineD3_7.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\XactEngineA3_7.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\X3DAudioD1_7.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\D3dx9d_43.dll
2010-07-10 15:04:01 ----A---- C:\Windows\system32\d3dx9d_33.dll
2010-07-10 15:03:59 ----A---- C:\Windows\system32\D3DX11d_43.dll
2010-07-10 15:03:59 ----A---- C:\Windows\system32\D3DX10d_43.dll
2010-07-10 15:03:59 ----A---- C:\Windows\system32\d3dref9.dll
2010-07-10 15:03:58 ----A---- C:\Windows\system32\D3DCSXd_43.dll
2010-07-10 15:03:57 ----A---- C:\Windows\system32\d3d9d.dll
2010-07-10 15:03:55 ----A---- C:\Windows\system32\D3D11SDKLayers.dll
2010-07-10 15:03:54 ----A---- C:\Windows\system32\D3D11Ref.dll
2010-07-10 15:03:53 ----A---- C:\Windows\system32\D3D10SDKLayers.DLL
2010-07-10 15:03:53 ----A---- C:\Windows\system32\D3D10Ref.DLL
2010-07-10 15:02:30 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-07-10 15:02:30 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-07-10 14:59:34 ----A---- C:\Windows\dxsdkuninst.exe
2010-07-10 14:59:33 ----D---- C:\Program Files\Microsoft DirectX SDK (June 2010)
2010-07-10 13:36:10 ----D---- C:\Program Files\Microsoft Windows Performance Toolkit
2010-07-10 13:33:23 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2010-07-10 13:32:52 ----D---- C:\Program Files\Application Verifier
2010-07-10 12:43:31 ----D---- C:\ea975158002bb4c4a19cf7 – kopie
2010-07-09 23:52:27 ----D---- C:\Program Files\Windows Mobile 6.5.3 DTK
2010-07-09 23:08:37 ----D---- C:\Program Files\Windows Mobile 6 SDK
2010-07-09 21:03:18 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-07-09 20:47:04 ----D---- C:\Program Files\Microsoft Device Emulator
2010-07-09 20:46:38 ----D---- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2010-07-09 20:37:08 ----A---- C:\Windows\ODBC.INI
2010-07-09 20:23:45 ----D---- C:\Program Files\Common Files\Designer
2010-07-09 20:23:07 ----D---- C:\ProgramData\PreEmptive Solutions
2010-07-09 20:23:06 ----D---- C:\Program Files\HTML Help Workshop
2010-07-09 20:23:06 ----D---- C:\Program Files\Common Files\Business Objects
2010-07-09 20:23:06 ----D---- C:\Program Files\CE Remote Tools
2010-07-09 20:16:12 ----D---- C:\Program Files\Microsoft Office
2010-07-09 20:16:11 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-07-08 21:19:26 ----A---- C:\Windows\system32\RestoratorContextMenu.dll
2010-07-08 21:19:24 ----D---- C:\Program Files\Restorator 2007
2010-07-08 21:10:27 ----D---- C:\Program Files\XN Resource Editor
2010-07-08 08:19:47 ----D---- C:\Program Files\Minefield
2010-07-08 08:01:21 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 1
2010-07-07 18:21:24 ----D---- C:\Flash
2010-07-06 19:38:03 ----D---- C:\License
2010-07-06 19:38:03 ----D---- C:\DirectX9
2010-07-06 19:38:03 ----D---- C:\Autorun
2010-07-06 12:02:21 ----D---- C:\MinGW
2010-07-06 11:44:48 ----A---- C:\Windows\system32\pywintypes26.dll
2010-07-06 11:44:48 ----A---- C:\Windows\system32\pythoncom26.dll
2010-07-06 11:42:00 ----D---- C:\Windows\symbols
2010-07-06 11:41:48 ----D---- C:\Program Files\Common Files\Merge Modules
2010-07-06 11:20:27 ----D---- C:\Python26
2010-07-05 22:05:20 ----D---- C:\Program Files\VisualSVN Server
2010-07-05 19:39:17 ----D---- C:\Program Files\Alcohol Soft
2010-07-05 18:43:03 ----A---- C:\Windows\system32\drivers\ezplay.sys
2010-07-05 18:43:03 ----A---- C:\Users\Pavel\AppData\Roaming\ezplay.sys
2010-07-05 18:43:03 ----A---- C:\Users\Pavel\AppData\Roaming\ezplay.ini
2010-07-05 18:41:43 ----D---- C:\Users\Pavel\AppData\Roaming\Vso
2010-07-05 18:41:43 ----A---- C:\Windows\system32\drivers\pcouffin.sys
2010-07-05 18:41:43 ----A---- C:\Users\Pavel\AppData\Roaming\pcouffin.sys
2010-07-05 18:41:43 ----A---- C:\Users\Pavel\AppData\Roaming\inst.exe
2010-07-05 18:41:26 ----D---- C:\Program Files\VSO
2010-06-30 14:48:39 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2010-06-30 14:48:02 ----D---- C:\Program Files\VideoLAN
2010-06-30 14:26:47 ----D---- C:\Program Files\ProgDVB
2010-06-30 14:25:52 ----D---- C:\ProgramData\ProgDVB
2010-06-30 10:20:34 ----D---- C:\Program Files\LifeView MVP
2010-06-29 10:51:38 ----D---- C:\Users\Pavel\AppData\Roaming\NVIDIA
2010-06-28 22:26:34 ----D---- C:\Program Files\SMPlayer
2010-06-28 11:36:30 ----D---- C:\Users\Pavel\AppData\Roaming\CDRoller
2010-06-28 11:36:28 ----D---- C:\Program Files\CDRoller
2010-06-28 10:57:53 ----D---- C:\Program Files\Smart Projects
2010-06-28 09:22:59 ----D---- C:\Windows\system32\RTCOM
2010-06-28 09:22:29 ----A---- C:\Windows\system32\WavesLib.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\SRSWOW.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\SRSTSXT.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\SRSTSHD.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\SRSHP360.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\RtkPgExt.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\RtkCoInst.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\RtkApoApi.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2010-06-28 09:22:28 ----D---- C:\Program Files\Realtek
2010-06-28 09:22:28 ----A---- C:\Windows\system32\RtkAPO.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\RP3DHT32.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\RP3DAA32.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\FMAPO.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\AERTARen.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\AERTACap.dll
2010-06-28 09:22:26 ----HD---- C:\Program Files\Temp
2010-06-28 09:22:26 ----A---- C:\Windows\RtlExUpd.dll
2010-06-28 09:22:02 ----A---- C:\Windows\Language_trs.ini
2010-06-27 16:02:42 ----A---- C:\Windows\system32\ntdll.dll
2010-06-27 16:02:34 ----A---- C:\Windows\system32\CPFilters.dll
2010-06-27 16:02:33 ----A---- C:\Windows\system32\msdri.dll
2010-06-26 22:01:01 ----D---- C:\Program Files\Ubisoft
2010-06-26 21:59:26 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-06-26 21:59:26 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-06-26 21:59:25 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-06-26 20:47:20 ----D---- C:\ProgramData\Apple Computer
2010-06-26 20:47:20 ----D---- C:\Program Files\QuickTime
2010-06-26 20:45:55 ----D---- C:\Program Files\Common Files\Apple
2010-06-26 20:45:27 ----D---- C:\Program Files\Apple Software Update
2010-06-25 18:45:06 ----D---- C:\Program Files\Internet Explorer Platform Preview
2010-06-25 18:39:44 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-06-25 18:39:44 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\FntCache.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\DWrite.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\d3d10warp.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\d2d1.dll
2010-06-25 18:38:22 ----A---- C:\Windows\system32\mfreadwrite.dll
2010-06-25 18:38:22 ----A---- C:\Windows\system32\mf.dll
2010-06-25 18:38:21 ----A---- C:\Windows\system32\WMVDECOD.DLL
2010-06-23 21:14:22 ----D---- C:\Users\Pavel\AppData\Roaming\TortoiseSVN
2010-06-23 21:08:50 ----D---- C:\Users\Pavel\AppData\Roaming\Subversion
2010-06-23 21:07:37 ----D---- C:\Program Files\TortoiseSVN
2010-06-23 21:07:37 ----D---- C:\Program Files\Common Files\TortoiseOverlays
2010-06-22 21:00:10 ----A---- C:\Windows\IsUninst.exe
2010-06-22 17:49:18 ----D---- C:\Program Files\CCleaner
2010-06-22 17:36:20 ----D---- C:\Program Files\Defraggler
2010-06-22 14:11:08 ----D---- C:\Users\Pavel\AppData\Roaming\Dropbox
2010-06-20 10:09:24 ----D---- C:\Windows\SUA
2010-06-19 17:40:45 ----D---- C:\Program Files\TagScanner
2010-06-19 12:26:34 ----A---- C:\Windows\system32\drivers\ext2fsd.sys

======List of files/folders modified in the last 1 months======

2010-07-18 13:56:49 ----D---- C:\Windows\Temp
2010-07-18 13:54:02 ----D---- C:\Windows\system32\config
2010-07-18 13:44:04 ----SHD---- C:\System Volume Information
2010-07-18 13:43:17 ----D---- C:\Windows\Prefetch
2010-07-18 13:41:11 ----SHD---- C:\Windows\Installer
2010-07-18 13:40:59 ----D---- C:\Windows\system32\drivers
2010-07-18 13:40:59 ----D---- C:\Windows\system32\catroot
2010-07-18 13:40:58 ----SD---- C:\ProgramData\Microsoft
2010-07-18 13:40:33 ----RD---- C:\Program Files
2010-07-18 13:28:42 ----D---- C:\Windows
2010-07-18 13:24:49 ----D---- C:\Windows\Minidump
2010-07-18 13:24:32 ----D---- C:\Windows\System32
2010-07-18 13:03:03 ----D---- C:\Windows\system32\catroot2
2010-07-17 15:22:31 ----D---- C:\Windows\inf
2010-07-17 15:22:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-16 17:10:22 ----RSD---- C:\Windows\assembly
2010-07-16 17:10:22 ----D---- C:\Windows\Microsoft.NET
2010-07-16 15:04:12 ----D---- C:\HammerAutosave
2010-07-14 10:24:58 ----D---- C:\Windows\debug
2010-07-13 21:29:00 ----D---- C:\Program Files\Microsoft
2010-07-13 21:18:05 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-13 21:16:05 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-07-13 21:14:13 ----D---- C:\Program Files\Common Files
2010-07-13 16:16:00 ----AD---- C:\ProgramData\TEMP
2010-07-13 00:04:51 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2010-07-12 23:40:52 ----D---- C:\Ervius Package Creation
2010-07-12 16:06:05 ----D---- C:\Users\Pavel\AppData\Roaming\skypePM
2010-07-12 12:30:50 ----D---- C:\Windows\LiveKernelReports
2010-07-11 18:41:18 ----D---- C:\Windows\system32\LogFiles
2010-07-10 22:51:15 ----D---- C:\Windows\system32\DriverStore
2010-07-10 20:48:21 ----D---- C:\Users\Pavel\AppData\Roaming\BITS
2010-07-10 19:39:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-10 15:00:19 ----D---- C:\ProgramData\Microsoft Help
2010-07-10 14:59:23 ----D---- C:\Windows\Logs
2010-07-10 13:04:32 ----D---- C:\Windows\winsxs
2010-07-10 12:03:16 ----D---- C:\Windows\system32\Tasks
2010-07-10 09:57:24 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2010-07-09 22:41:45 ----D---- C:\Windows\system32\1033
2010-07-09 20:32:23 ----D---- C:\Windows\Help
2010-07-09 20:23:40 ----RSD---- C:\Windows\Fonts
2010-07-09 20:23:07 ----HD---- C:\ProgramData
2010-07-09 16:53:02 ----D---- C:\Program Files\Opera
2010-07-09 13:07:05 ----D---- C:\Users\Pavel\AppData\Roaming\gtk-2.0
2010-07-09 12:12:28 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-08 09:23:33 ----D---- C:\Windows\system32\NDF
2010-07-06 19:40:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-06 18:46:10 ----D---- C:\Downloads
2010-07-06 13:03:50 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2010-07-06 11:41:48 ----D---- C:\Program Files\MSBuild
2010-07-06 11:41:48 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2010-07-02 21:39:05 ----A---- C:\Windows\system32\MRT.exe
2010-07-02 18:42:08 ----D---- C:\Program Files\Common Files\Steam
2010-07-02 14:06:37 ----D---- C:\ProgramData\CyberLink
2010-06-29 08:15:31 ----D---- C:\Program Files\Microsoft SDKs
2010-06-28 21:59:08 ----D---- C:\Windows\Tasks
2010-06-28 20:54:11 ----AD---- C:\Program Files-second
2010-06-27 22:54:55 ----D---- C:\Windows\ehome
2010-06-27 16:04:03 ----D---- C:\Windows\AppPatch
2010-06-24 20:55:32 ----D---- C:\Users\Pavel\AppData\Roaming\Media Player Classic
2010-06-22 18:10:15 ----D---- C:\Windows\system32\appmgmt
2010-06-22 18:09:32 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-22 18:06:48 ----D---- C:\Windows\ShellNew
2010-06-22 18:04:48 ----D---- C:\Program Files\Common Files\System
2010-06-22 18:04:46 ----A---- C:\Windows\win.ini
2010-06-22 16:03:18 ----D---- C:\Windows\Downloaded Program Files
2010-06-20 13:02:08 ----D---- C:\Windows\rescache
2010-06-20 10:09:24 ----D---- C:\Windows\system32\en-US
2010-06-20 10:09:24 ----D---- C:\Windows\system32\cs-CZ
2010-06-20 10:09:24 ----D---- C:\Windows\PolicyDefinitions
2010-06-20 10:09:24 ----D---- C:\Windows\en-US
2010-06-19 12:25:58 ----D---- C:\Program Files\Ext2Fsd

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-05 697328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 Ext2Fsd;Linux ext2 file system driver; C:\Windows\system32\drivers\Ext2Fsd.sys [2009-10-30 657280]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 55040]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-12-31 295936]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\Windows\system32\DRIVERS\l260x86.sys [2009-07-14 29184]
R3 ezplay;VSO Software ezplay; C:\Windows\System32\Drivers\ezplay.sys [2010-07-05 94208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-29 2735504]
R3 LVMST;LVMST service; C:\Windows\system32\DRIVERS\LVMST.sys [2006-11-16 829312]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-07-05 47360]
R3 PsxDrv;@%systemroot%\system32\suares.dll,-107; C:\Windows\system32\drivers\psxdrv.sys [2009-07-14 9216]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
R3 V0420VID;Live! Cam Vista IM (VF0420); C:\Windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]
S3 a3m0nqvx;a3m0nqvx; C:\Windows\system32\drivers\a3m0nqvx.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 aktt5izp;aktt5izp; C:\Windows\system32\drivers\aktt5izp.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDISPM;RDPDISPM; C:\Windows\system32\DRIVERS\rdpdispm.sys [2010-06-06 9040]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\Windows\system32\DRIVERS\wceusbsh.sys [2005-08-09 104576]
S3 ZSMC301b;USB WEBCAM; C:\Windows\System32\Drivers\usbVM31b.sys [2004-03-03 90534]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Fast Multimedia Timer;Fast Multimedia Timer; C:\Windows\system32\fmmtimersvc.exe [2007-06-27 6656]
R2 iReboot;iReboot Background Service; C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe [2009-09-15 17408]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
R2 ProgDVBService;ProgDVB Scheduler Service; C:\Program Files\ProgDVB\ProgDVBService.exe [2010-06-25 7680]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2009-04-17 247152]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R2 VisualSVNServer;VisualSVN Server; C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe [2010-04-24 23840]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-02 395048]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

EDIT: Našel jsem tu zatracenou zprávu o BSoD :)
Podpis problému
Název události problému: BlueScreen
Verze operačního systému: 6.1.7600.2.0.0.256.1
ID národního prostředí: 1029

Další informace o tomto problému
BCCode: f4
BCP1: 00000003
BCP2: 857B7718
BCP3: 857B7884
BCP4: 82E34D90
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1
ID sady: 0xF4_C0000005_IMAGE_csrss.exe_Win7
Informace o serveru: 687e57b0-8dd8-4bf6-8dc0-51487a657d91

A ještě o pádu GMERu:
Popis
Cesta k chybující aplikaci: E:\Downloads\pw0su306.exe

Podpis problému
Název události problému: APPCRASH
Název aplikace: pw0su306.exe
Verze aplikace: 1.0.15.15281
Časové razítko aplikace: 4b2763f0
Název chybného modulu: pw0su306.exe
Verze chybného modulu: 1.0.15.15281
Časové razítko chybného modulu: 4b2763f0
Kód výjimky: c0000005
Posun výjimky: 0005c887
Verze operačního systému: 6.1.7600.2.0.0.256.1
ID národního prostředí: 1029
Další informace 1: 2609
Další informace 2: 2609570e3f803705f1bc6bd31216984b
Další informace 3: b7ae
Další informace 4: b7ae49a9cd64e3b328d09300410a6471

Další informace o tomto problému
ID sady: 1960634873

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 15:31
od motji
Hezké odpoledne :)

:arrow: Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

- :!: Ted nerestartujte počítač! :!:

:arrow: přejmenujte combofix na vir.com

:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 16:24
od Paulos
Taky pěkné odpoledne :-)
Přikládám log z Combofixu. Doufám, že nevadí, že sám na počátku restartoval PC kvůli virtuálním mechanikám.
Ještě postřeh z minulých týdnů:
  • měl jsem určité problémy se stahováním souborů z Microsoftích serverů, Chrome hlásil 404ku; IE taky, nicméně k ní přidal http://www.mybrowserbar.com (nebo něco hodně podobného). Jedinej FlashGet, který se mi v IE nabídnul, dokázal soubor stáhnout.
Další nepravosti budu vypisovat jak mě budou napadat :-D

A FlashGet 3 je podle ComboFixu malware?

ComboFix 10-07-16.02 - Pavel 18.07.2010 16:55:24.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.1023.289 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\vir.com
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll
c:\program files\FlashGet Network\FlashGet 3\p2score.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\system volume information\WindowsImageBackup
c:\users\Pavel\AppData\Roaming\BITS
c:\users\Pavel\AppData\Roaming\BITS\BITS.ini
c:\users\Pavel\AppData\Roaming\BITS\DHTTable.dat
c:\users\Pavel\AppData\Roaming\BITS\ProxyList.ini
c:\users\Pavel\AppData\Roaming\BITS\UPnP.ini
c:\users\Pavel\AppData\Roaming\FlashGetBHO
c:\users\Pavel\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
c:\users\Pavel\AppData\Roaming\FlashGetBHO\FlashGetHook.dll
c:\users\Pavel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
c:\users\Pavel\AppData\Roaming\FlashGetBHO\GetUrl.htm
c:\users\Pavel\AppData\Roaming\inst.exe
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
D:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-18 do 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-18 12:33 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-07-18 11:37 . 2010-07-18 11:59 -------- d-----w- c:\program files\trend micro
2010-07-18 11:37 . 2010-07-18 11:38 -------- d-----w- C:\rsit
2010-07-18 11:11 . 2010-07-18 11:11 -------- d-----w- C:\!KillBox
2010-07-18 11:06 . 2010-07-18 11:06 -------- d-----w- c:\windows\system32\oodag
2010-07-18 11:04 . 2010-07-18 11:04 -------- d-----w- c:\users\Pavel\AppData\Local\O&O
2010-07-18 11:03 . 2010-07-18 11:03 -------- d-----w- c:\program files\OO Software
2010-07-17 13:14 . 2010-07-17 13:26 -------- d-----w- c:\program files\Microsoft SSL ChainSaver
2010-07-16 07:22 . 2010-07-18 13:32 -------- d-----w- c:\users\Pavel\AppData\Roaming\Launchy
2010-07-16 07:22 . 2010-07-16 07:22 -------- d-----w- c:\program files\Launchy
2010-07-14 17:42 . 2010-07-14 17:42 -------- d-----w- c:\users\Pavel\AppData\Roaming\dvdcss
2010-07-13 19:17 . 2010-07-13 19:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-13 19:17 . 2010-07-13 19:30 -------- d-----w- c:\program files\Windows Live
2010-07-13 19:14 . 2010-07-13 19:14 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-11 17:08 . 2010-07-11 17:08 -------- d-----w- C:\Extendir
2010-07-11 15:38 . 2010-07-11 15:38 -------- d-----w- c:\users\Pavel\AppData\Roaming\Blender Foundation
2010-07-11 15:38 . 2010-07-11 15:38 -------- d-----w- c:\program files\Blender Foundation
2010-07-10 20:53 . 2010-07-10 20:55 -------- d-----w- c:\users\Pavel\.android
2010-07-10 19:23 . 2010-07-10 19:35 -------- d-----w- c:\users\Pavel\AppData\Roaming\Audacity
2010-07-10 19:23 . 2010-07-10 19:23 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-07-10 17:40 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-07-10 17:40 . 2010-07-10 17:40 -------- d-----w- c:\program files\AMD
2010-07-10 17:40 . 2010-07-10 17:40 -------- d-----w- c:\users\Pavel\AppData\Local\Downloaded Installations
2010-07-10 17:40 . 2010-07-10 17:40 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-10 17:40 . 2010-07-10 17:40 -------- d-----w- c:\windows\system32\AGEIA
2010-07-10 17:38 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-07-10 17:38 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-07-10 13:04 . 2010-06-02 12:23 954200 ----a-w- c:\windows\system32\XAudioD2_7.dll
2010-07-10 13:04 . 2010-06-02 12:23 349528 ----a-w- c:\windows\system32\XactEngineD3_7.dll
2010-07-10 13:04 . 2010-06-02 12:23 131928 ----a-w- c:\windows\system32\XAPOFXD1_5.dll
2010-07-10 13:04 . 2010-06-02 12:23 45400 ----a-w- c:\windows\system32\X3DAudioD1_7.dll
2010-07-10 13:04 . 2010-06-02 12:23 435032 ----a-w- c:\windows\system32\XactEngineA3_7.dll
2010-07-10 13:04 . 2010-06-02 12:23 2261336 ----a-w- c:\windows\system32\D3dx9d_43.dll
2010-07-10 13:04 . 2010-06-02 12:23 3795800 ----a-w- c:\windows\system32\d3dx9d_33.dll
2010-07-10 13:03 . 2010-06-02 12:23 514392 ----a-w- c:\windows\system32\D3DX10d_43.dll
2010-07-10 13:03 . 2010-06-02 12:23 348504 ----a-w- c:\windows\system32\d3dref9.dll
2010-07-10 13:03 . 2010-06-02 12:23 268120 ----a-w- c:\windows\system32\D3DX11d_43.dll
2010-07-10 13:03 . 2010-06-02 12:23 1883992 ----a-w- c:\windows\system32\D3DCSXd_43.dll
2010-07-10 13:03 . 2010-06-02 12:23 2719064 ----a-w- c:\windows\system32\d3d9d.dll
2010-07-10 13:03 . 2010-06-02 12:23 496472 ----a-w- c:\windows\system32\D3D11SDKLayers.dll
2010-07-10 11:36 . 2010-07-10 11:36 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-07-10 11:33 . 2010-07-10 11:33 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-07-10 11:32 . 2010-07-10 11:32 -------- d-----w- c:\program files\Application Verifier
2010-07-10 10:43 . 2010-07-10 10:43 -------- d-----w- C:\ea975158002bb4c4a19cf7 – kopie
2010-07-09 21:52 . 2010-07-09 21:53 -------- d-----w- c:\program files\Windows Mobile 6.5.3 DTK
2010-07-09 21:08 . 2010-07-09 21:42 -------- d-----w- c:\program files\Windows Mobile 6 SDK
2010-07-09 19:03 . 2010-07-09 19:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-09 18:47 . 2010-07-09 18:47 -------- d-----w- c:\program files\Microsoft Device Emulator
2010-07-09 18:46 . 2010-07-09 18:46 -------- d-----w- c:\program files\Microsoft SQL Server 2005 Mobile Edition
2010-07-09 18:23 . 2010-07-09 18:23 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-07-09 18:23 . 2010-07-09 18:32 -------- d-----w- c:\program files\HTML Help Workshop
2010-07-09 18:23 . 2010-07-09 18:25 -------- d-----w- c:\program files\Common Files\Business Objects
2010-07-09 18:23 . 2010-07-09 18:23 -------- d-----w- c:\program files\CE Remote Tools
2010-07-09 18:16 . 2010-07-09 20:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-08 19:19 . 2007-07-29 13:53 117248 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-07-08 19:19 . 2010-07-08 19:19 -------- d-----w- c:\program files\Restorator 2007
2010-07-08 19:10 . 2010-07-08 19:10 -------- d-----w- c:\program files\XN Resource Editor
2010-07-08 06:19 . 2010-07-08 06:19 -------- d-----w- c:\program files\Minefield
2010-07-08 06:01 . 2010-07-08 06:01 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-07 16:21 . 2010-07-09 20:42 -------- d-----w- C:\Flash
2010-07-06 17:38 . 2010-07-18 11:07 -------- d-----w- C:\Autorun
2010-07-06 17:38 . 2010-07-06 17:38 -------- d-----w- C:\DirectX9
2010-07-06 17:38 . 2010-07-06 17:38 -------- d-----w- C:\License
2010-07-06 10:02 . 2010-07-06 10:03 -------- d-----w- C:\MinGW
2010-07-06 09:44 . 2009-07-05 12:36 354304 ----a-w- c:\windows\system32\pythoncom26.dll
2010-07-06 09:44 . 2009-07-05 12:35 110592 ----a-w- c:\windows\system32\pywintypes26.dll
2010-07-06 09:42 . 2010-07-06 09:42 -------- d-----w- c:\windows\symbols
2010-07-06 09:41 . 2010-07-09 20:38 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-07-06 09:20 . 2010-07-06 12:43 -------- d-----w- C:\Python26
2010-07-06 09:00 . 2010-07-06 09:00 -------- d-----w- c:\users\Pavel\.idlerc
2010-07-05 20:05 . 2010-07-05 20:05 -------- d-----w- c:\program files\VisualSVN Server
2010-07-05 17:39 . 2010-07-05 17:39 -------- d-----w- c:\program files\Alcohol Soft
2010-07-05 16:43 . 2010-07-05 16:43 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2010-07-05 16:41 . 2010-07-05 17:23 -------- d-----w- c:\users\Pavel\AppData\Roaming\Vso
2010-07-05 16:41 . 2010-07-05 16:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-05 16:41 . 2010-07-05 16:41 -------- d-----w- c:\program files\VSO
2010-06-30 12:48 . 2010-07-14 17:42 -------- d-----w- c:\users\Pavel\AppData\Roaming\vlc
2010-06-30 12:48 . 2010-06-30 12:48 -------- d-----w- c:\program files\VideoLAN
2010-06-30 12:26 . 2010-06-30 12:39 -------- d-----w- c:\program files\ProgDVB
2010-06-30 12:25 . 2010-07-01 18:58 -------- d-----w- c:\programdata\ProgDVB
2010-06-30 08:20 . 2010-06-30 08:20 -------- d-----w- c:\program files\LifeView MVP
2010-06-29 08:51 . 2010-06-29 08:51 -------- d-----w- c:\users\Pavel\AppData\Roaming\NVIDIA
2010-06-28 20:36 . 2010-06-28 20:36 -------- d-----w- c:\users\Pavel\fontconfig
2010-06-28 20:28 . 2010-07-11 20:42 -------- d-----w- c:\users\Pavel\.smplayer
2010-06-28 20:26 . 2010-06-28 20:27 -------- d-----w- c:\program files\SMPlayer
2010-06-28 19:35 . 2010-06-28 19:35 -------- d-----w- c:\users\Pavel\AppData\Local\Microsoft_Corporation
2010-06-28 09:36 . 2010-06-28 09:36 -------- d-----w- c:\users\Pavel\AppData\Roaming\CDRoller
2010-06-28 09:36 . 2010-06-28 09:36 -------- d-----w- c:\program files\CDRoller
2010-06-28 08:57 . 2010-06-28 08:57 -------- d-----w- c:\program files\Smart Projects
2010-06-27 14:02 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-27 14:02 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-27 14:02 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-26 20:01 . 2010-06-26 20:01 -------- d-----w- c:\program files\Ubisoft
2010-06-26 19:59 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-06-26 19:59 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-06-26 19:59 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-06-26 18:47 . 2010-06-26 18:51 -------- d-----w- c:\programdata\Apple Computer
2010-06-26 18:47 . 2010-06-26 18:48 -------- d-----w- c:\program files\QuickTime
2010-06-26 18:45 . 2010-06-26 18:45 -------- d-----w- c:\program files\Common Files\Apple
2010-06-26 18:45 . 2010-06-26 18:45 -------- d-----w- c:\program files\Apple Software Update
2010-06-25 16:45 . 2010-06-25 16:45 -------- d-----w- c:\program files\Internet Explorer Platform Preview
2010-06-25 16:39 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-06-25 16:39 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-06-25 16:39 . 2010-05-09 09:18 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-06-25 16:39 . 2010-05-09 09:18 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-06-25 16:39 . 2010-05-09 09:18 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-06-25 16:39 . 2010-05-09 09:18 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-06-25 16:39 . 2010-05-09 09:18 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-06-25 16:38 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-06-25 16:38 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-06-25 16:38 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-06-24 16:29 . 2010-07-18 14:48 -------- d-----w- c:\users\Pavel\AppData\Local\TSVNCache
2010-06-23 19:14 . 2010-07-08 20:11 -------- d-----w- c:\users\Pavel\AppData\Roaming\TortoiseSVN
2010-06-23 19:08 . 2010-06-23 19:08 -------- d-----w- c:\users\Pavel\AppData\Roaming\Subversion
2010-06-23 19:07 . 2010-06-23 19:07 -------- d-----w- c:\program files\TortoiseSVN
2010-06-23 19:07 . 2010-06-23 19:07 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-06-22 19:00 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-22 15:49 . 2010-06-22 15:49 -------- d-----w- c:\program files\CCleaner
2010-06-22 15:36 . 2010-06-22 15:36 -------- d-----w- c:\program files\Defraggler
2010-06-22 12:11 . 2010-07-18 13:33 -------- d-----w- c:\users\Pavel\AppData\Roaming\Dropbox
2010-06-20 08:09 . 2010-06-20 08:09 -------- d-----w- c:\windows\SUA
2010-06-19 15:40 . 2010-06-19 15:40 -------- d-----w- c:\program files\TagScanner
2010-06-19 10:26 . 2009-10-30 12:20 657280 ----a-w- c:\windows\system32\drivers\ext2fsd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 13:22 . 2010-05-23 11:16 667320 ----a-w- c:\windows\system32\perfh005.dat
2010-07-17 13:22 . 2010-05-23 11:16 139992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-13 19:29 . 2010-05-02 16:25 -------- d-----w- c:\program files\Microsoft
2010-07-13 19:16 . 2010-04-18 18:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-12 22:04 . 2010-05-02 17:14 -------- d-----w- c:\users\Pavel\AppData\Roaming\Skype
2010-07-12 14:06 . 2010-05-02 17:16 -------- d-----w- c:\users\Pavel\AppData\Roaming\skypePM
2010-07-11 15:26 . 2010-03-28 20:06 120120 ----a-w- c:\users\Pavel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-10 20:51 . 2010-07-10 20:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01009.Wdf
2010-07-10 17:41 . 2010-07-10 17:41 10134 ----a-r- c:\users\Pavel\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-07-10 17:39 . 2010-05-19 15:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-10 13:03 . 2010-07-10 12:59 -------- d-----w- c:\program files\Microsoft DirectX SDK (June 2010)
2010-07-10 13:00 . 2010-05-24 14:08 -------- d-----w- c:\programdata\Microsoft Help
2010-07-10 12:59 . 2010-07-10 12:59 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-07-09 14:53 . 2010-03-28 20:17 -------- d-----w- c:\program files\Opera
2010-07-09 11:07 . 2010-03-29 14:14 -------- d-----w- c:\users\Pavel\AppData\Roaming\gtk-2.0
2010-07-09 10:12 . 2010-04-23 13:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-06 17:40 . 2010-05-27 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 11:03 . 2010-05-02 17:04 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-06 09:45 . 2010-07-06 09:45 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-07-06 09:41 . 2010-04-18 18:19 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-07-06 09:41 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-07-05 17:23 . 2010-04-30 18:21 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-05 16:43 . 2010-07-05 16:43 94208 ----a-w- c:\users\Pavel\AppData\Roaming\ezplay.sys
2010-07-05 16:43 . 2010-07-05 16:43 94208 ----a-w- c:\users\Pavel\AppData\Roaming\ezplay.sys
2010-07-05 16:41 . 2010-07-05 16:41 47360 ----a-w- c:\users\Pavel\AppData\Roaming\pcouffin.sys
2010-07-05 16:41 . 2010-07-05 16:41 47360 ----a-w- c:\users\Pavel\AppData\Roaming\pcouffin.sys
2010-07-02 16:42 . 2010-03-29 16:54 -------- d-----w- c:\program files\Common Files\Steam
2010-07-02 12:06 . 2010-06-12 07:32 -------- d-----w- c:\programdata\CyberLink
2010-07-01 11:38 . 2010-07-01 11:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-07-01 11:38 . 2010-07-01 11:38 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-29 06:15 . 2010-04-18 18:19 -------- d-----w- c:\program files\Microsoft SDKs
2010-06-28 07:23 . 2010-06-28 07:22 -------- d--h--w- c:\program files\Temp
2010-06-28 07:22 . 2010-06-28 07:22 -------- d-----w- c:\program files\Realtek
2010-06-24 18:55 . 2010-04-10 06:46 -------- d-----w- c:\users\Pavel\AppData\Roaming\Media Player Classic
2010-06-22 12:11 . 2010-06-22 12:11 89831 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\Uninstall.exe
2010-06-19 10:25 . 2010-04-18 17:38 -------- d-----w- c:\program files\Ext2Fsd
2010-06-17 15:35 . 2010-03-29 13:52 1 ----a-w- c:\users\Pavel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-13 12:34 . 2010-06-13 12:34 50 ----a-w- c:\windows\system32\bridf07a.dat
2010-06-13 12:34 . 2010-06-13 12:34 -------- d-----w- c:\program files\Brother
2010-06-13 12:33 . 2010-06-13 12:33 -------- d-----w- c:\programdata\Brother
2010-06-13 12:33 . 2010-06-13 12:33 -------- d-----w- c:\users\Pavel\AppData\Roaming\InstallShield
2010-06-12 17:37 . 2010-06-12 17:37 -------- d-----w- c:\program files\FLAC
2010-06-12 07:38 . 2010-06-12 07:38 53319 ----a-w- c:\programdata\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
2010-06-12 07:38 . 2010-06-12 07:37 -------- d-----w- c:\programdata\SmartSound Software Inc
2010-06-12 07:37 . 2010-06-12 07:37 -------- d-----w- c:\program files\SmartSound Software
2010-06-12 07:37 . 2010-05-27 14:54 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-12 07:37 . 2010-06-12 07:37 -------- d-----w- c:\program files\Cyberlink
2010-06-12 07:33 . 2010-06-12 07:34 36864 ----a-w- c:\programdata\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2010-06-12 07:33 . 2010-06-12 07:33 -------- d-----w- c:\users\Pavel\AppData\Roaming\CyberLink
2010-06-10 14:18 . 2010-06-10 14:18 -------- d-----w- c:\users\Pavel\AppData\Roaming\ImgBurn
2010-06-06 18:53 . 2010-06-06 18:53 -------- d-----w- c:\programdata\Seeing Machines
2010-06-06 18:53 . 2010-06-06 18:53 -------- d-----w- c:\users\Pavel\AppData\Roaming\Seeing Machines
2010-06-06 18:48 . 2010-06-06 18:48 10134 ----a-r- c:\users\Pavel\AppData\Roaming\Microsoft\Installer\{ED8CF72B-8F45-445C-8EFF-C11CF2818732}\ARPPRODUCTICON.exe
2010-06-06 16:51 . 2010-06-06 16:51 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys
2010-06-06 16:51 . 2010-06-06 16:51 118736 ----a-w- c:\windows\system32\rdpdispd.dll
2010-06-05 01:17 . 2010-04-06 18:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 15:07 . 2010-06-02 15:07 -------- d-----w- c:\users\Pavel\AppData\Roaming\Datarescue
2010-06-02 15:07 . 2010-06-02 15:07 -------- d-----w- c:\program files\IDA Free
2010-06-02 12:23 . 2010-07-10 13:03 525144 ----a-w- c:\windows\system32\D3D11Ref.dll
2010-06-02 12:23 . 2010-07-10 13:03 442712 ----a-w- c:\windows\system32\D3D10SDKLayers.DLL
2010-06-02 12:23 . 2010-07-10 13:03 367960 ----a-w- c:\windows\system32\D3D10Ref.DLL
2010-06-02 02:55 . 2010-07-10 13:02 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-10 13:02 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-10 13:02 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 17:37 . 2010-03-29 15:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 15:49 . 2010-05-27 14:56 -------- d-----w- c:\programdata\POPWWPROFILES
2010-05-27 15:17 . 2010-05-27 15:17 -------- d-----w- c:\program files\Paint.NET
2010-05-27 07:24 . 2010-06-11 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 15:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 16:39 . 2010-05-26 16:38 -------- d-----w- c:\program files\PDFCreator
2010-05-26 09:41 . 2010-07-10 13:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-07-10 13:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-07-10 13:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-07-10 13:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 09:41 . 2010-07-10 13:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-24 16:52 . 2010-05-24 16:52 -------- d-----w- c:\program files\FMOD SoundSystem
2010-05-24 14:17 . 2010-05-24 13:55 -------- d-----w- c:\users\Pavel\AppData\Roaming\GetRightToGo
2010-05-23 13:27 . 2010-05-23 13:27 -------- d-----w- c:\program files\Windows Virtual PC
2010-05-23 11:19 . 2010-03-28 19:49 -------- d-----w- c:\programdata\NVIDIA
2010-05-23 11:19 . 2010-03-28 19:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-23 11:15 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-23 11:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-23 11:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-23 11:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-23 11:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-23 11:15 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-23 11:14 . 2010-05-23 11:16 292004 ----a-w- c:\windows\system32\perfi005.dat
2010-05-23 11:14 . 2010-05-23 11:16 36232 ----a-w- c:\windows\system32\perfd005.dat
2010-05-23 11:14 . 2010-05-23 11:15 36232 ----a-w- c:\windows\inf\PERFLIB\0405\perfd.dat
2010-05-23 11:14 . 2010-05-23 11:15 36232 ----a-w- c:\windows\inf\PERFLIB\0405\perfc.dat
2010-05-23 11:14 . 2010-05-23 11:15 292004 ----a-w- c:\windows\inf\PERFLIB\0405\perfi.dat
2010-05-23 11:14 . 2010-05-23 11:15 292004 ----a-w- c:\windows\inf\PERFLIB\0405\perfh.dat
2010-05-23 10:55 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-05-23 10:55 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-05-23 10:54 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-05-21 05:18 . 2010-06-11 15:49 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-20 17:37 . 2010-05-20 17:37 -------- d-----w- c:\program files\Common Files\OCP Software
2010-05-20 17:37 . 2010-05-20 17:37 -------- d-----w- c:\users\Pavel\AppData\Roaming\OCP Software
2010-05-20 17:37 . 2010-05-20 17:37 -------- d-----w- c:\program files\OCP Software
2010-05-20 17:36 . 2010-05-20 17:36 -------- d-----w- c:\program files\MSXML 4.0
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-05-23 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-28 136176]
"Steam"="e:\hry\steam\steam.exe" [2010-05-09 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0420Ext.ax"="c:\windows\system32\V0420Ext.ax" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-29 32768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UpdatePDRShortCut"="e:\program files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe" [2007-02-09 69632]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-05-11 2528584]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iReboot 1.1.1.lnk - c:\program files\NeoSmart Technologies\iReboot\iReboot.exe [2009-9-15 232960]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-7-16 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Fast Multimedia Timer;Fast Multimedia Timer;c:\windows\system32\fmmtimersvc.exe [2007-06-27 6656]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
R2 ProgDVBService;ProgDVB Scheduler Service;c:\program files\ProgDVB\ProgDVBService.exe [2010-06-25 7680]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-06-06 9040]
R3 WatAdminSvc;WatAdminSvc; [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-05 697328]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S2 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2009-09-15 17408]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 VisualSVNServer;VisualSVN Server;c:\program files\VisualSVN Server\bin\VisualSVNServer.exe [2010-04-24 23840]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]
S3 LVMST;LVMST service;c:\windows\system32\DRIVERS\LVMST.sys [2006-11-16 829312]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 9216]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 13:18]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 13:18]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278905916-617490914-3079557870-1001Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 20:10]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278905916-617490914-3079557870-1001UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 20:10]
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - c:\users\Pavel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Pavel\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
TCP: {0019C12E-4FF2-46B8-B5FB-A6D2D934B8CA} = 192.168.1.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\ztzw3rny.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\users\Pavel\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
HKLM-Run-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe
AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-07-18 17:18:42
ComboFix-quarantined-files.txt 2010-07-18 15:18

Před spuštěním: Volných bajtů: 10 966 921 216
Po spuštění: Volných bajtů: 10 940 764 160

- - End Of File - - 7A3615A226F21A91F789DFFB4DDF6C94

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 16:36
od motji
Nevím proč, ale nějakou verzi Flahsgetu maže :o
Killbox jste použil na co?

:arrow: Tuto složku znáte?
c:\users\Pavel\.idlerc

:arrow: Dejte soubor otestovat na http://www.virustotal.com

c:\windows\system32\drivers\ext2fsd.sys
c:\users\Pavel\AppData\Roaming\ezplay.sys
c:\windows\system32\slwga.dll
c:\windows\system32\user32.dll

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 17:02
od Paulos
Killbox jsem zkoušel použít na složku Autorun v C:\ - vytvořila se tam po instalaci Prince of Persia: Písky času - no a smazat nešla, ani přejmenovat (ačkoliv oprávnění jsem nastavil jak nejlíp to šlo), dokonce když jsem ji chtěl smazat s restartem, Killbox vyhodil po 10s čekání chybu, že se smazala nějaká důležitá hodnota v registru, kterou pro ten účel chtěl použít.
Dále se s PoP vytvořily Autorun.inf, Autorun.exe a PrinceOfPersia.ico - stejný problém, ale stačilo přejmenovat Autorun.inf na cokoliv jiného, restartovat PC a vše už jde smazat, včetně té složky. Takže v pořádku ;-)

.idlerc je nejspíš něco spojeného s Pythonem a IDLE, který mám nainstalovaný. A v té složce je jen jeden soubor, navíc ještě prázdný.

ext2fsd.sys je driver pro přístup na linuxové oddíly (mírně upravený, rád způsoboval BSoD), ale pro jistotu jsem jej otestoval: (0)
http://www.virustotal.com/cs/analisis/3 ... 1279468193
ezplay.sys: (0)
http://www.virustotal.com/cs/analisis/b ... 1279468369
slwga.dll: (0)
http://www.virustotal.com/cs/analisis/4 ... 1279468531
user32.dll: (0)
http://www.virustotal.com/cs/analisis/8 ... 1279468658

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 17:16
od motji
At koukám jak koukám, rootkita nevidím :o . Podle mě to byli drivery od Daemona nebo alcoholu, zrovna AVG je rád označuje za rootkity, protože využívají jejich techniku :roll: .

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0420Ext.ax"=-

Restore::
c:\windows\System32\user32.dll
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 18:02
od Paulos
No, Windows naběhly :) GMER už při spouštění nespadne a systém se zdá být docela rychlý. Tady je log:


ComboFix 10-07-16.02 - Pavel 18.07.2010 18:30:20.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.1023.206 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\vir.com
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\System32\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\user32.dll.bak

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-18 do 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-18 16:44 . 2010-07-18 16:48 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2010-07-18 16:44 . 2010-07-18 16:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-18 16:44 . 2010-07-18 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-18 12:33 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-07-18 11:37 . 2010-07-18 11:59 -------- d-----w- c:\program files\trend micro
2010-07-18 11:37 . 2010-07-18 11:38 -------- d-----w- C:\rsit
2010-07-18 11:11 . 2010-07-18 11:11 -------- d-----w- C:\!KillBox
2010-07-18 11:06 . 2010-07-18 11:06 -------- d-----w- c:\windows\system32\oodag
2010-07-18 11:04 . 2010-07-18 11:04 -------- d-----w- c:\users\Pavel\AppData\Local\O&O
2010-07-18 11:03 . 2010-07-18 11:03 -------- d-----w- c:\program files\OO Software
2010-07-17 13:14 . 2010-07-17 13:26 -------- d-----w- c:\program files\Microsoft SSL ChainSaver
2010-07-16 07:22 . 2010-07-18 13:32 -------- d-----w- c:\users\Pavel\AppData\Roaming\Launchy
2010-07-16 07:22 . 2010-07-16 07:22 -------- d-----w- c:\program files\Launchy
2010-07-14 17:42 . 2010-07-14 17:42 -------- d-----w- c:\users\Pavel\AppData\Roaming\dvdcss
2010-07-13 19:17 . 2010-07-13 19:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-13 19:17 . 2010-07-13 19:30 -------- d-----w- c:\program files\Windows Live
2010-07-13 19:14 . 2010-07-13 19:14 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-11 17:08 . 2010-07-11 17:08 -------- d-----w- C:\Extendir
2010-07-11 15:38 . 2010-07-11 15:38 -------- d-----w- c:\users\Pavel\AppData\Roaming\Blender Foundation
2010-07-11 15:38 . 2010-07-11 15:38 -------- d-----w- c:\program files\Blender Foundation
2010-07-10 20:53 . 2010-07-10 20:55 -------- d-----w- c:\users\Pavel\.android
2010-07-10 19:23 . 2010-07-10 19:35 -------- d-----w- c:\users\Pavel\AppData\Roaming\Audacity
2010-07-10 19:23 . 2010-07-10 19:23 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-07-10 17:40 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-07-10 17:40 . 2010-07-10 17:40 -------- d-----w- c:\program files\AMD
2010-07-10 17:40 . 2010-07-10 17:40 -------- d-----w- c:\users\Pavel\AppData\Local\Downloaded Installations
2010-07-10 17:40 . 2010-07-10 17:40 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-10 17:40 . 2010-07-10 17:40 -------- d-----w- c:\windows\system32\AGEIA
2010-07-10 17:38 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-07-10 17:38 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-07-10 13:04 . 2010-06-02 12:23 954200 ----a-w- c:\windows\system32\XAudioD2_7.dll
2010-07-10 13:04 . 2010-06-02 12:23 349528 ----a-w- c:\windows\system32\XactEngineD3_7.dll
2010-07-10 13:04 . 2010-06-02 12:23 131928 ----a-w- c:\windows\system32\XAPOFXD1_5.dll
2010-07-10 13:04 . 2010-06-02 12:23 45400 ----a-w- c:\windows\system32\X3DAudioD1_7.dll
2010-07-10 13:04 . 2010-06-02 12:23 435032 ----a-w- c:\windows\system32\XactEngineA3_7.dll
2010-07-10 13:04 . 2010-06-02 12:23 2261336 ----a-w- c:\windows\system32\D3dx9d_43.dll
2010-07-10 13:04 . 2010-06-02 12:23 3795800 ----a-w- c:\windows\system32\d3dx9d_33.dll
2010-07-10 13:03 . 2010-06-02 12:23 514392 ----a-w- c:\windows\system32\D3DX10d_43.dll
2010-07-10 13:03 . 2010-06-02 12:23 348504 ----a-w- c:\windows\system32\d3dref9.dll
2010-07-10 13:03 . 2010-06-02 12:23 268120 ----a-w- c:\windows\system32\D3DX11d_43.dll
2010-07-10 13:03 . 2010-06-02 12:23 1883992 ----a-w- c:\windows\system32\D3DCSXd_43.dll
2010-07-10 13:03 . 2010-06-02 12:23 2719064 ----a-w- c:\windows\system32\d3d9d.dll
2010-07-10 13:03 . 2010-06-02 12:23 496472 ----a-w- c:\windows\system32\D3D11SDKLayers.dll
2010-07-10 11:36 . 2010-07-10 11:36 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-07-10 11:33 . 2010-07-10 11:33 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-07-10 11:32 . 2010-07-10 11:32 -------- d-----w- c:\program files\Application Verifier
2010-07-10 10:43 . 2010-07-10 10:43 -------- d-----w- C:\ea975158002bb4c4a19cf7 – kopie
2010-07-09 21:52 . 2010-07-09 21:53 -------- d-----w- c:\program files\Windows Mobile 6.5.3 DTK
2010-07-09 21:08 . 2010-07-09 21:42 -------- d-----w- c:\program files\Windows Mobile 6 SDK
2010-07-09 19:03 . 2010-07-09 19:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-09 18:47 . 2010-07-09 18:47 -------- d-----w- c:\program files\Microsoft Device Emulator
2010-07-09 18:46 . 2010-07-09 18:46 -------- d-----w- c:\program files\Microsoft SQL Server 2005 Mobile Edition
2010-07-09 18:23 . 2010-07-09 18:23 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-07-09 18:23 . 2010-07-09 18:32 -------- d-----w- c:\program files\HTML Help Workshop
2010-07-09 18:23 . 2010-07-09 18:25 -------- d-----w- c:\program files\Common Files\Business Objects
2010-07-09 18:23 . 2010-07-09 18:23 -------- d-----w- c:\program files\CE Remote Tools
2010-07-09 18:16 . 2010-07-09 20:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-08 19:19 . 2007-07-29 13:53 117248 ----a-w- c:\windows\system32\RestoratorContextMenu.dll
2010-07-08 19:19 . 2010-07-08 19:19 -------- d-----w- c:\program files\Restorator 2007
2010-07-08 19:10 . 2010-07-08 19:10 -------- d-----w- c:\program files\XN Resource Editor
2010-07-08 06:19 . 2010-07-08 06:19 -------- d-----w- c:\program files\Minefield
2010-07-08 06:01 . 2010-07-08 06:01 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-07 16:21 . 2010-07-09 20:42 -------- d-----w- C:\Flash
2010-07-06 17:38 . 2010-07-06 17:38 -------- d-----w- C:\DirectX9
2010-07-06 17:38 . 2010-07-06 17:38 -------- d-----w- C:\License
2010-07-06 10:02 . 2010-07-06 10:03 -------- d-----w- C:\MinGW
2010-07-06 09:44 . 2009-07-05 12:36 354304 ----a-w- c:\windows\system32\pythoncom26.dll
2010-07-06 09:44 . 2009-07-05 12:35 110592 ----a-w- c:\windows\system32\pywintypes26.dll
2010-07-06 09:42 . 2010-07-06 09:42 -------- d-----w- c:\windows\symbols
2010-07-06 09:41 . 2010-07-09 20:38 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-07-06 09:20 . 2010-07-06 12:43 -------- d-----w- C:\Python26
2010-07-06 09:00 . 2010-07-06 09:00 -------- d-----w- c:\users\Pavel\.idlerc
2010-07-05 20:05 . 2010-07-05 20:05 -------- d-----w- c:\program files\VisualSVN Server
2010-07-05 17:39 . 2010-07-05 17:39 -------- d-----w- c:\program files\Alcohol Soft
2010-07-05 16:43 . 2010-07-05 16:43 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2010-07-05 16:41 . 2010-07-05 17:23 -------- d-----w- c:\users\Pavel\AppData\Roaming\Vso
2010-07-05 16:41 . 2010-07-05 16:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-05 16:41 . 2010-07-05 16:41 -------- d-----w- c:\program files\VSO
2010-06-30 12:48 . 2010-07-14 17:42 -------- d-----w- c:\users\Pavel\AppData\Roaming\vlc
2010-06-30 12:48 . 2010-06-30 12:48 -------- d-----w- c:\program files\VideoLAN
2010-06-30 12:26 . 2010-06-30 12:39 -------- d-----w- c:\program files\ProgDVB
2010-06-30 12:25 . 2010-07-01 18:58 -------- d-----w- c:\programdata\ProgDVB
2010-06-30 08:20 . 2010-06-30 08:20 -------- d-----w- c:\program files\LifeView MVP
2010-06-29 08:51 . 2010-06-29 08:51 -------- d-----w- c:\users\Pavel\AppData\Roaming\NVIDIA
2010-06-28 20:36 . 2010-06-28 20:36 -------- d-----w- c:\users\Pavel\fontconfig
2010-06-28 20:28 . 2010-07-11 20:42 -------- d-----w- c:\users\Pavel\.smplayer
2010-06-28 20:26 . 2010-06-28 20:27 -------- d-----w- c:\program files\SMPlayer
2010-06-28 19:35 . 2010-06-28 19:35 -------- d-----w- c:\users\Pavel\AppData\Local\Microsoft_Corporation
2010-06-28 09:36 . 2010-06-28 09:36 -------- d-----w- c:\users\Pavel\AppData\Roaming\CDRoller
2010-06-28 09:36 . 2010-06-28 09:36 -------- d-----w- c:\program files\CDRoller
2010-06-28 08:57 . 2010-06-28 08:57 -------- d-----w- c:\program files\Smart Projects
2010-06-27 14:02 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-27 14:02 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-27 14:02 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-26 20:01 . 2010-06-26 20:01 -------- d-----w- c:\program files\Ubisoft
2010-06-26 19:59 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-06-26 19:59 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-06-26 19:59 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-06-26 18:47 . 2010-06-26 18:51 -------- d-----w- c:\programdata\Apple Computer
2010-06-26 18:47 . 2010-06-26 18:48 -------- d-----w- c:\program files\QuickTime
2010-06-26 18:45 . 2010-06-26 18:45 -------- d-----w- c:\program files\Common Files\Apple
2010-06-26 18:45 . 2010-06-26 18:45 -------- d-----w- c:\program files\Apple Software Update
2010-06-25 16:45 . 2010-06-25 16:45 -------- d-----w- c:\program files\Internet Explorer Platform Preview
2010-06-25 16:39 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-06-25 16:39 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-06-25 16:39 . 2010-05-09 09:18 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-06-25 16:39 . 2010-05-09 09:18 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-06-25 16:39 . 2010-05-09 09:18 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-06-25 16:39 . 2010-05-09 09:18 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-06-25 16:39 . 2010-05-09 09:18 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-06-25 16:38 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-06-25 16:38 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-06-25 16:38 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-06-24 16:29 . 2010-07-18 15:18 -------- d-----w- c:\users\Pavel\AppData\Local\TSVNCache
2010-06-23 19:14 . 2010-07-08 20:11 -------- d-----w- c:\users\Pavel\AppData\Roaming\TortoiseSVN
2010-06-23 19:08 . 2010-06-23 19:08 -------- d-----w- c:\users\Pavel\AppData\Roaming\Subversion
2010-06-23 19:07 . 2010-06-23 19:07 -------- d-----w- c:\program files\TortoiseSVN
2010-06-23 19:07 . 2010-06-23 19:07 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-06-22 19:00 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-22 15:49 . 2010-06-22 15:49 -------- d-----w- c:\program files\CCleaner
2010-06-22 15:36 . 2010-06-22 15:36 -------- d-----w- c:\program files\Defraggler
2010-06-22 12:11 . 2010-07-18 16:48 -------- d-----w- c:\users\Pavel\AppData\Roaming\Dropbox
2010-06-20 08:09 . 2010-06-20 08:09 -------- d-----w- c:\windows\SUA
2010-06-19 15:40 . 2010-06-19 15:40 -------- d-----w- c:\program files\TagScanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 13:22 . 2010-05-23 11:16 667320 ----a-w- c:\windows\system32\perfh005.dat
2010-07-17 13:22 . 2010-05-23 11:16 139992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-13 19:29 . 2010-05-02 16:25 -------- d-----w- c:\program files\Microsoft
2010-07-13 19:16 . 2010-04-18 18:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-12 22:04 . 2010-05-02 17:14 -------- d-----w- c:\users\Pavel\AppData\Roaming\Skype
2010-07-12 14:06 . 2010-05-02 17:16 -------- d-----w- c:\users\Pavel\AppData\Roaming\skypePM
2010-07-11 15:26 . 2010-03-28 20:06 120120 ----a-w- c:\users\Pavel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-10 20:51 . 2010-07-10 20:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01009.Wdf
2010-07-10 17:39 . 2010-05-19 15:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-10 13:03 . 2010-07-10 12:59 -------- d-----w- c:\program files\Microsoft DirectX SDK (June 2010)
2010-07-10 13:00 . 2010-05-24 14:08 -------- d-----w- c:\programdata\Microsoft Help
2010-07-10 12:59 . 2010-07-10 12:59 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-07-09 14:53 . 2010-03-28 20:17 -------- d-----w- c:\program files\Opera
2010-07-09 11:07 . 2010-03-29 14:14 -------- d-----w- c:\users\Pavel\AppData\Roaming\gtk-2.0
2010-07-09 10:12 . 2010-04-23 13:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-06 17:40 . 2010-05-27 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 11:03 . 2010-05-02 17:04 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-06 09:41 . 2010-04-18 18:19 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-07-06 09:41 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-07-05 17:23 . 2010-04-30 18:21 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-05 16:43 . 2010-07-05 16:43 94208 ----a-w- c:\users\Pavel\AppData\Roaming\ezplay.sys
2010-07-05 16:41 . 2010-07-05 16:41 47360 ----a-w- c:\users\Pavel\AppData\Roaming\pcouffin.sys
2010-07-02 16:42 . 2010-03-29 16:54 -------- d-----w- c:\program files\Common Files\Steam
2010-07-02 12:06 . 2010-06-12 07:32 -------- d-----w- c:\programdata\CyberLink
2010-06-29 06:15 . 2010-04-18 18:19 -------- d-----w- c:\program files\Microsoft SDKs
2010-06-28 07:23 . 2010-06-28 07:22 -------- d--h--w- c:\program files\Temp
2010-06-28 07:22 . 2010-06-28 07:22 -------- d-----w- c:\program files\Realtek
2010-06-24 18:55 . 2010-04-10 06:46 -------- d-----w- c:\users\Pavel\AppData\Roaming\Media Player Classic
2010-06-19 10:25 . 2010-04-18 17:38 -------- d-----w- c:\program files\Ext2Fsd
2010-06-13 12:34 . 2010-06-13 12:34 50 ----a-w- c:\windows\system32\bridf07a.dat
2010-06-13 12:34 . 2010-06-13 12:34 -------- d-----w- c:\program files\Brother
2010-06-13 12:33 . 2010-06-13 12:33 -------- d-----w- c:\programdata\Brother
2010-06-13 12:33 . 2010-06-13 12:33 -------- d-----w- c:\users\Pavel\AppData\Roaming\InstallShield
2010-06-12 17:37 . 2010-06-12 17:37 -------- d-----w- c:\program files\FLAC
2010-06-12 07:38 . 2010-06-12 07:37 -------- d-----w- c:\programdata\SmartSound Software Inc
2010-06-12 07:37 . 2010-06-12 07:37 -------- d-----w- c:\program files\SmartSound Software
2010-06-12 07:37 . 2010-05-27 14:54 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-12 07:37 . 2010-06-12 07:37 -------- d-----w- c:\program files\Cyberlink
2010-06-12 07:33 . 2010-06-12 07:33 -------- d-----w- c:\users\Pavel\AppData\Roaming\CyberLink
2010-06-10 14:18 . 2010-06-10 14:18 -------- d-----w- c:\users\Pavel\AppData\Roaming\ImgBurn
2010-06-06 18:53 . 2010-06-06 18:53 -------- d-----w- c:\programdata\Seeing Machines
2010-06-06 18:53 . 2010-06-06 18:53 -------- d-----w- c:\users\Pavel\AppData\Roaming\Seeing Machines
2010-06-06 16:51 . 2010-06-06 16:51 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys
2010-06-06 16:51 . 2010-06-06 16:51 118736 ----a-w- c:\windows\system32\rdpdispd.dll
2010-06-05 01:17 . 2010-04-06 18:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 15:07 . 2010-06-02 15:07 -------- d-----w- c:\users\Pavel\AppData\Roaming\Datarescue
2010-06-02 15:07 . 2010-06-02 15:07 -------- d-----w- c:\program files\IDA Free
2010-06-02 12:23 . 2010-07-10 13:03 525144 ----a-w- c:\windows\system32\D3D11Ref.dll
2010-06-02 12:23 . 2010-07-10 13:03 442712 ----a-w- c:\windows\system32\D3D10SDKLayers.DLL
2010-06-02 12:23 . 2010-07-10 13:03 367960 ----a-w- c:\windows\system32\D3D10Ref.DLL
2010-06-02 02:55 . 2010-07-10 13:02 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-10 13:02 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-10 13:02 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-01 17:37 . 2010-03-29 15:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 15:49 . 2010-05-27 14:56 -------- d-----w- c:\programdata\POPWWPROFILES
2010-05-27 15:17 . 2010-05-27 15:17 -------- d-----w- c:\program files\Paint.NET
2010-05-27 07:24 . 2010-06-11 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 15:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 16:39 . 2010-05-26 16:38 -------- d-----w- c:\program files\PDFCreator
2010-05-26 09:41 . 2010-07-10 13:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-07-10 13:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-07-10 13:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-07-10 13:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 09:41 . 2010-07-10 13:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-24 16:52 . 2010-05-24 16:52 -------- d-----w- c:\program files\FMOD SoundSystem
2010-05-24 14:17 . 2010-05-24 13:55 -------- d-----w- c:\users\Pavel\AppData\Roaming\GetRightToGo
2010-05-23 13:27 . 2010-05-23 13:27 -------- d-----w- c:\program files\Windows Virtual PC
2010-05-23 11:19 . 2010-03-28 19:49 -------- d-----w- c:\programdata\NVIDIA
2010-05-23 11:19 . 2010-03-28 19:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-23 11:15 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-05-23 11:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-23 11:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-05-23 11:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-05-23 11:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-05-23 11:15 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-23 11:14 . 2010-05-23 11:16 292004 ----a-w- c:\windows\system32\perfi005.dat
2010-05-23 11:14 . 2010-05-23 11:16 36232 ----a-w- c:\windows\system32\perfd005.dat
2010-05-23 11:14 . 2010-05-23 11:15 36232 ----a-w- c:\windows\inf\PERFLIB\0405\perfd.dat
2010-05-23 11:14 . 2010-05-23 11:15 36232 ----a-w- c:\windows\inf\PERFLIB\0405\perfc.dat
2010-05-23 11:14 . 2010-05-23 11:15 292004 ----a-w- c:\windows\inf\PERFLIB\0405\perfi.dat
2010-05-23 11:14 . 2010-05-23 11:15 292004 ----a-w- c:\windows\inf\PERFLIB\0405\perfh.dat
2010-05-23 10:55 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-05-23 10:55 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-05-21 05:18 . 2010-06-11 15:49 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-20 17:37 . 2010-05-20 17:37 -------- d-----w- c:\program files\Common Files\OCP Software
2010-05-20 17:37 . 2010-05-20 17:37 -------- d-----w- c:\users\Pavel\AppData\Roaming\OCP Software
2010-05-20 17:37 . 2010-05-20 17:37 -------- d-----w- c:\program files\OCP Software
2010-05-20 17:36 . 2010-05-20 17:36 -------- d-----w- c:\program files\MSXML 4.0
2010-05-11 20:36 . 2010-05-11 20:36 1254728 ----a-w- c:\windows\system32\ooscrsav.scr
2010-05-11 20:35 . 2010-05-11 20:35 200008 ----a-w- c:\windows\system32\oodbs.exe
2010-05-11 20:31 . 2010-05-11 20:31 546120 ----a-w- c:\windows\system32\oodssrs.dll
2010-05-11 20:31 . 2010-05-11 20:31 10056 ----a-w- c:\windows\system32\oodbsrs.dll
2010-05-02 17:16 . 2010-05-02 17:16 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-01 14:49 . 2010-06-11 15:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 03:58 . 2010-04-29 03:58 26112 ----a-w- c:\windows\system32\drivers\androidusb.sys
2010-04-23 07:13 . 2010-05-26 14:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-22 19:56 . 2010-04-22 19:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-28 136176]
"Steam"="e:\hry\steam\steam.exe" [2010-05-09 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0420Ext.ax"="c:\windows\system32\V0420Ext.ax" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-29 32768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UpdatePDRShortCut"="e:\program files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe" [2007-02-09 69632]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-05-11 2528584]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iReboot 1.1.1.lnk - c:\program files\NeoSmart Technologies\iReboot\iReboot.exe [2009-9-15 232960]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-7-16 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-06-06 9040]
R3 WatAdminSvc;WatAdminSvc; [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-05 697328]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S2 Fast Multimedia Timer;Fast Multimedia Timer;c:\windows\system32\fmmtimersvc.exe [2007-06-27 6656]
S2 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2009-09-15 17408]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
S2 ProgDVBService;ProgDVB Scheduler Service;c:\program files\ProgDVB\ProgDVBService.exe [2010-06-25 7680]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 VisualSVNServer;VisualSVN Server;c:\program files\VisualSVN Server\bin\VisualSVNServer.exe [2010-04-24 23840]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]
S3 LVMST;LVMST service;c:\windows\system32\DRIVERS\LVMST.sys [2006-11-16 829312]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 9216]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 13:18]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 13:18]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278905916-617490914-3079557870-1001Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 20:10]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1278905916-617490914-3079557870-1001UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 20:10]
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - c:\users\Pavel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Pavel\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
TCP: {0019C12E-4FF2-46B8-B5FB-A6D2D934B8CA} = 192.168.1.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\ztzw3rny.default\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5852)
c:\program files\TeamViewer\Version5\tv.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\psxss.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\windows\system32\conhost.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-07-18 19:00:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-18 17:00
ComboFix2.txt 2010-07-18 15:18

Před spuštěním: Volných bajtů: 11 276 566 528
Po spuštění: Volných bajtů: 11 217 678 336

- - End Of File - - 9E69F215B0B78CEC17CCC0A37FF097A1

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 18:06
od motji
Až budete mít hotový gmer, poprosím o log. :)

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 18:31
od Paulos
GMER hotov. Jen dodám, že po aplikaci toho CFScriptu mi Daemon Tools při startu vyhazuje chybu (musíte mít aspoň Win2000, STPD 1.0 atd.) - to se vyřeší přeinstalací.

A BSoD u Google Chromu prý nejsou úplně výjimečné i s čistým PC...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-18 19:31:51
Windows 6.1.7600
Running: pw0su306.exe; Driver: C:\Users\Pavel\AppData\Local\Temp\pgldapow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C062D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C05898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C7D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9A56DC9D 28 Bytes JMP BFE30E34
.text peauth.sys 9A56DCC1 28 Bytes JMP BFE30E58
PAGE peauth.sys 9A573E20 101 Bytes [E4, 53, 98, C6, 81, 30, E4, ...]
PAGE peauth.sys 9A57402C 102 Bytes [47, A8, F3, B8, 71, BF, 82, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\OO Software\Defrag\oodag.exe[356] kernel32.dll!SetUnhandledExceptionFilter 76B93162 5 Bytes JMP 00401280 C:\Program Files\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Launchy\Launchy.exe[4000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74CE5E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Launchy\Launchy.exe[4000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74CE5E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Launchy\Launchy.exe[4000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74CE5E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Launchy\Launchy.exe[4000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74CE5E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process C:\Windows\system32\SearchFilterHost.exe (*** hidden *** ) 2916

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x43 0xBA 0x8F 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x31 0x66 0xD6 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x32 0xAB 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA6 0x55 0x68 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0x92 0xCC 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF5 0x5E 0x8B 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x43 0xBA 0x8F 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x31 0x66 0xD6 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x32 0xAB 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA6 0x55 0x68 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0x92 0xCC 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF5 0x5E 0x8B 0x3B ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL DC6C4E39C508D8E899EBE13C3996CCA89FBCCA6DE2539170775FB1D4A811A26F1DCEE45CDC2CF0D02703C18611192F3E3F0DF3C030027F716AB604B47879DD5AA240AFBA33B66B4C3FA017CEC9DF01C8AB623D9DA4709447F1034E9CDC216B2013EE42BABCEA9FF9AC85C4128E90F5507630733ABD4303828508EC9B494D99F9680F2562024F18D70F739EF09B92763C0267DA700EE4AD156B0A2CE44408E9037056555E9FAF134BD733EDB143119CD98605273E3B802DD4C1D152CD691F913BCC7FC07EC31B821ECF10EF3B6AFD385C1002044581094EFBF82F15D268A57A05F248CDB635E40EF9105A559A098BCDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555A2D97226D213B5550D2A18E9122A33E3667C9D1260A20594D24D0839344D853E63E98E6401CD4D0450A2A6F0808785EEF7FB8701EAF0F343D91C423843AE9721291DEBCAAF0CDBFC7320CAD7E732D1624FB528132A410408201A9E464B2A50B469BA821DCF635974310DDB3B1167039C6FBCE7B30186831F149F343BEA057E329B7D3E3BD610B540A82DB42CEEF6C830C078B2BE784581F808D79EE0E29A318517770C7F61DFA2E75C95B22D92C596638F23F786BC9652382FC280739958BECE9C8EDC332EB595ACB

---- EOF - GMER 1.0.15 ----

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 18:32
od motji
Přeinstalace to opravdu napraví.

Otestujte na www.virostotal.com
C:\Windows\system32\SearchFilterHost.exe

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 18:40
od Paulos
(rýp: virostotal neznám :-D)

http://www.virustotal.com/cs/analisis/0 ... 1279474555

BSoD u Google Chrome bohužel tedy neustaly, ale některým se toto dělo i na křišťálově čistých PC, takže bych to viděl spíš na bug dev verze.

Vypadá to tedy, že můj PC je čistý. Pokud už na mě nic nemáte, tak děkuju moc! :)

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 18:53
od motji
Omlouvám se :oops: , seká se mi tu počítač, peoto ta chyba :oops: .

:arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

:arrow: Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 19:30
od Paulos
Combofix pryč, CCleaner znám, použil jsem, stejně jako T-Cleaner. OTC čistka provedena.

Log z RSIT z nyní již naprosto normálního PC :) Ale díky ještě jednou!

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pavel at 2010-07-18 20:26:23
Microsoft Windows 7 Ultimate
System drive C: has 13 GB (19%) free of 65 GB
Total RAM: 1023 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:27:24, on 18.7.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\V0420Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\LifeView MVP\RemoteControl.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
E:\Hry\Steam\Steam.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
C:\Program Files\Launchy\Launchy.exe
C:\Users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Pavel\Desktop\RSIT.exe
C:\Program Files\trend micro\Pavel.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0420Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0420Ext.ax
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] "E:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "E:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView MVP\RemoteControl.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Steam] "e:\hry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - Startup: Dropbox.lnk = Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: iReboot 1.1.1.lnk = C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Pavel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Pavel\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O15 - Trusted Zone: http://software.kuaiche.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0019C12E-4FF2-46B8-B5FB-A6D2D934B8CA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0019C12E-4FF2-46B8-B5FB-A6D2D934B8CA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0019C12E-4FF2-46B8-B5FB-A6D2D934B8CA}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)
O23 - Service: Fast Multimedia Timer - Unknown owner - C:\Windows\system32\fmmtimersvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iReboot Background Service (iReboot) - Unknown owner - C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: ProgDVB Scheduler Service (ProgDVBService) - Unknown owner - C:\Program Files\ProgDVB\ProgDVBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: VisualSVN Server (VisualSVNServer) - Apache Software Foundation - C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

--
End of file - 7328 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-22 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"V0420Mon.exe"=C:\Windows\V0420Mon.exe [2007-04-30 32768]
"C:\Windows\system32\V0420Ext.ax"=C:\Windows\system32\RegSvr32.exe [2009-07-14 14848]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"UpdatePDRShortCut"=E:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2009-05-26 1159168]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-29 7625248]
"DTVRemote"=C:\Program Files\LifeView MVP\RemoteControl.exe [2007-02-09 69632]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-05-11 2528584]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=e:\hry\steam\steam.exe [2010-05-09 1238352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
iReboot 1.1.1.lnk - C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-18 20:26:23 ----D---- C:\rsit
2010-07-18 18:47:25 ----D---- C:\$RECYCLE.BIN
2010-07-18 18:44:56 ----D---- C:\Windows\temp
2010-07-18 16:51:13 ----D---- C:\Windows\ERDNT
2010-07-18 14:33:39 ----A---- C:\Windows\system32\drivers\AvgArCln.sys
2010-07-18 14:33:37 ----D---- C:\Program Files\GRISOFT
2010-07-18 13:37:51 ----D---- C:\Program Files\trend micro
2010-07-18 13:06:42 ----D---- C:\Windows\system32\oodag
2010-07-18 13:03:12 ----D---- C:\Program Files\OO Software
2010-07-17 15:14:44 ----D---- C:\Program Files\Microsoft SSL ChainSaver
2010-07-16 09:22:52 ----D---- C:\Users\Pavel\AppData\Roaming\Launchy
2010-07-16 09:22:46 ----D---- C:\Program Files\Launchy
2010-07-14 19:42:26 ----D---- C:\Users\Pavel\AppData\Roaming\dvdcss
2010-07-13 21:17:59 ----D---- C:\Program Files\Windows Live SkyDrive
2010-07-13 21:17:35 ----D---- C:\Program Files\Windows Live
2010-07-13 21:14:13 ----D---- C:\Program Files\Common Files\Windows Live
2010-07-11 19:08:21 ----D---- C:\Extendir
2010-07-11 17:38:35 ----D---- C:\Users\Pavel\AppData\Roaming\Blender Foundation
2010-07-11 17:38:31 ----D---- C:\Program Files\Blender Foundation
2010-07-10 21:23:19 ----D---- C:\Users\Pavel\AppData\Roaming\Audacity
2010-07-10 21:23:03 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2010-07-10 19:40:42 ----A---- C:\Windows\system32\drivers\AmdLLD.sys
2010-07-10 19:40:40 ----D---- C:\Program Files\AMD
2010-07-10 19:40:03 ----D---- C:\Windows\system32\AGEIA
2010-07-10 19:40:03 ----D---- C:\Program Files\AGEIA Technologies
2010-07-10 19:38:51 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-07-10 19:38:51 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\XAudioD2_7.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\XAPOFXD1_5.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\XactEngineD3_7.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\XactEngineA3_7.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\X3DAudioD1_7.dll
2010-07-10 15:04:02 ----A---- C:\Windows\system32\D3dx9d_43.dll
2010-07-10 15:04:01 ----A---- C:\Windows\system32\d3dx9d_33.dll
2010-07-10 15:03:59 ----A---- C:\Windows\system32\D3DX11d_43.dll
2010-07-10 15:03:59 ----A---- C:\Windows\system32\D3DX10d_43.dll
2010-07-10 15:03:59 ----A---- C:\Windows\system32\d3dref9.dll
2010-07-10 15:03:58 ----A---- C:\Windows\system32\D3DCSXd_43.dll
2010-07-10 15:03:57 ----A---- C:\Windows\system32\d3d9d.dll
2010-07-10 15:03:55 ----A---- C:\Windows\system32\D3D11SDKLayers.dll
2010-07-10 15:03:54 ----A---- C:\Windows\system32\D3D11Ref.dll
2010-07-10 15:03:53 ----A---- C:\Windows\system32\D3D10SDKLayers.DLL
2010-07-10 15:03:53 ----A---- C:\Windows\system32\D3D10Ref.DLL
2010-07-10 15:02:30 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-07-10 15:02:30 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-07-10 15:02:29 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-07-10 14:59:34 ----A---- C:\Windows\dxsdkuninst.exe
2010-07-10 14:59:33 ----D---- C:\Program Files\Microsoft DirectX SDK (June 2010)
2010-07-10 13:36:10 ----D---- C:\Program Files\Microsoft Windows Performance Toolkit
2010-07-10 13:33:23 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2010-07-10 13:32:52 ----D---- C:\Program Files\Application Verifier
2010-07-10 12:43:31 ----D---- C:\ea975158002bb4c4a19cf7 – kopie
2010-07-09 23:52:27 ----D---- C:\Program Files\Windows Mobile 6.5.3 DTK
2010-07-09 23:08:37 ----D---- C:\Program Files\Windows Mobile 6 SDK
2010-07-09 21:03:18 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-07-09 20:47:04 ----D---- C:\Program Files\Microsoft Device Emulator
2010-07-09 20:46:38 ----D---- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2010-07-09 20:37:08 ----A---- C:\Windows\ODBC.INI
2010-07-09 20:23:45 ----D---- C:\Program Files\Common Files\Designer
2010-07-09 20:23:07 ----D---- C:\ProgramData\PreEmptive Solutions
2010-07-09 20:23:06 ----D---- C:\Program Files\HTML Help Workshop
2010-07-09 20:23:06 ----D---- C:\Program Files\Common Files\Business Objects
2010-07-09 20:23:06 ----D---- C:\Program Files\CE Remote Tools
2010-07-09 20:16:12 ----D---- C:\Program Files\Microsoft Office
2010-07-09 20:16:11 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-07-08 21:19:26 ----A---- C:\Windows\system32\RestoratorContextMenu.dll
2010-07-08 21:19:24 ----D---- C:\Program Files\Restorator 2007
2010-07-08 21:10:27 ----D---- C:\Program Files\XN Resource Editor
2010-07-08 08:19:47 ----D---- C:\Program Files\Minefield
2010-07-08 08:01:21 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 1
2010-07-07 18:21:24 ----D---- C:\Flash
2010-07-06 19:38:03 ----D---- C:\License
2010-07-06 19:38:03 ----D---- C:\DirectX9
2010-07-06 12:02:21 ----D---- C:\MinGW
2010-07-06 11:44:48 ----A---- C:\Windows\system32\pywintypes26.dll
2010-07-06 11:44:48 ----A---- C:\Windows\system32\pythoncom26.dll
2010-07-06 11:42:00 ----D---- C:\Windows\symbols
2010-07-06 11:41:48 ----D---- C:\Program Files\Common Files\Merge Modules
2010-07-06 11:20:27 ----D---- C:\Python26
2010-07-05 22:05:20 ----D---- C:\Program Files\VisualSVN Server
2010-07-05 19:39:17 ----D---- C:\Program Files\Alcohol Soft
2010-07-05 18:43:03 ----A---- C:\Windows\system32\drivers\ezplay.sys
2010-07-05 18:43:03 ----A---- C:\Users\Pavel\AppData\Roaming\ezplay.sys
2010-07-05 18:43:03 ----A---- C:\Users\Pavel\AppData\Roaming\ezplay.ini
2010-07-05 18:41:43 ----D---- C:\Users\Pavel\AppData\Roaming\Vso
2010-07-05 18:41:43 ----A---- C:\Windows\system32\drivers\pcouffin.sys
2010-07-05 18:41:43 ----A---- C:\Users\Pavel\AppData\Roaming\pcouffin.sys
2010-07-05 18:41:26 ----D---- C:\Program Files\VSO
2010-06-30 14:48:39 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2010-06-30 14:48:02 ----D---- C:\Program Files\VideoLAN
2010-06-30 14:26:47 ----D---- C:\Program Files\ProgDVB
2010-06-30 14:25:52 ----D---- C:\ProgramData\ProgDVB
2010-06-30 10:20:34 ----D---- C:\Program Files\LifeView MVP
2010-06-29 10:51:38 ----D---- C:\Users\Pavel\AppData\Roaming\NVIDIA
2010-06-28 22:26:34 ----D---- C:\Program Files\SMPlayer
2010-06-28 11:36:30 ----D---- C:\Users\Pavel\AppData\Roaming\CDRoller
2010-06-28 11:36:28 ----D---- C:\Program Files\CDRoller
2010-06-28 10:57:53 ----D---- C:\Program Files\Smart Projects
2010-06-28 09:22:59 ----D---- C:\Windows\system32\RTCOM
2010-06-28 09:22:29 ----A---- C:\Windows\system32\WavesLib.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\SRSWOW.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\SRSTSXT.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\SRSTSHD.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\SRSHP360.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\RtkPgExt.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\RtkCoInst.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\RtkApoApi.dll
2010-06-28 09:22:29 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2010-06-28 09:22:28 ----D---- C:\Program Files\Realtek
2010-06-28 09:22:28 ----A---- C:\Windows\system32\RtkAPO.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\RP3DHT32.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\RP3DAA32.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\FMAPO.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\AERTARen.dll
2010-06-28 09:22:28 ----A---- C:\Windows\system32\AERTACap.dll
2010-06-28 09:22:26 ----HD---- C:\Program Files\Temp
2010-06-28 09:22:26 ----A---- C:\Windows\RtlExUpd.dll
2010-06-28 09:22:02 ----A---- C:\Windows\Language_trs.ini
2010-06-27 16:02:42 ----A---- C:\Windows\system32\ntdll.dll
2010-06-27 16:02:34 ----A---- C:\Windows\system32\CPFilters.dll
2010-06-27 16:02:33 ----A---- C:\Windows\system32\msdri.dll
2010-06-26 22:01:01 ----D---- C:\Program Files\Ubisoft
2010-06-26 21:59:26 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-06-26 21:59:26 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-06-26 21:59:25 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-06-26 20:47:20 ----D---- C:\ProgramData\Apple Computer
2010-06-26 20:47:20 ----D---- C:\Program Files\QuickTime
2010-06-26 20:45:55 ----D---- C:\Program Files\Common Files\Apple
2010-06-26 20:45:27 ----D---- C:\Program Files\Apple Software Update
2010-06-25 18:45:06 ----D---- C:\Program Files\Internet Explorer Platform Preview
2010-06-25 18:39:44 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-06-25 18:39:44 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\FntCache.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\DWrite.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\d3d10warp.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-06-25 18:39:07 ----A---- C:\Windows\system32\d2d1.dll
2010-06-25 18:38:22 ----A---- C:\Windows\system32\mfreadwrite.dll
2010-06-25 18:38:22 ----A---- C:\Windows\system32\mf.dll
2010-06-25 18:38:21 ----A---- C:\Windows\system32\WMVDECOD.DLL
2010-06-23 21:14:22 ----D---- C:\Users\Pavel\AppData\Roaming\TortoiseSVN
2010-06-23 21:08:50 ----D---- C:\Users\Pavel\AppData\Roaming\Subversion
2010-06-23 21:07:37 ----D---- C:\Program Files\TortoiseSVN
2010-06-23 21:07:37 ----D---- C:\Program Files\Common Files\TortoiseOverlays
2010-06-22 21:00:10 ----A---- C:\Windows\IsUninst.exe
2010-06-22 17:49:18 ----D---- C:\Program Files\CCleaner
2010-06-22 17:36:20 ----D---- C:\Program Files\Defraggler
2010-06-22 14:11:08 ----D---- C:\Users\Pavel\AppData\Roaming\Dropbox
2010-06-20 10:09:24 ----D---- C:\Windows\SUA
2010-06-19 17:40:45 ----D---- C:\Program Files\TagScanner
2010-06-19 12:26:34 ----A---- C:\Windows\system32\drivers\ext2fsd.sys

======List of files/folders modified in the last 1 months======

2010-07-18 20:26:44 ----D---- C:\Windows\Prefetch
2010-07-18 20:23:49 ----D---- C:\Windows\system32\Tasks
2010-07-18 20:23:14 ----D---- C:\Windows\Tasks
2010-07-18 20:22:30 ----D---- C:\Windows
2010-07-18 20:17:23 ----D---- C:\Users\Pavel\AppData\Roaming\Media Player Classic
2010-07-18 20:17:15 ----D---- C:\Windows\Minidump
2010-07-18 20:17:15 ----D---- C:\Windows\debug
2010-07-18 19:00:28 ----D---- C:\Windows\system32\drivers
2010-07-18 18:47:41 ----A---- C:\Windows\system.ini
2010-07-18 18:47:20 ----D---- C:\Windows\system32\drivers\etc
2010-07-18 18:38:43 ----D---- C:\Windows\System32
2010-07-18 18:38:43 ----D---- C:\Windows\AppPatch
2010-07-18 18:38:41 ----D---- C:\Program Files\Common Files
2010-07-18 17:09:24 ----SHD---- C:\System Volume Information
2010-07-18 17:09:24 ----RD---- C:\Program Files
2010-07-18 16:49:13 ----D---- C:\Windows\system32\config
2010-07-18 13:41:11 ----SHD---- C:\Windows\Installer
2010-07-18 13:40:59 ----D---- C:\Windows\system32\catroot
2010-07-18 13:40:58 ----SD---- C:\ProgramData\Microsoft
2010-07-18 13:03:03 ----D---- C:\Windows\system32\catroot2
2010-07-17 15:22:31 ----D---- C:\Windows\inf
2010-07-17 15:22:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-16 17:10:22 ----RSD---- C:\Windows\assembly
2010-07-16 17:10:22 ----D---- C:\Windows\Microsoft.NET
2010-07-16 15:04:12 ----D---- C:\HammerAutosave
2010-07-13 21:29:00 ----D---- C:\Program Files\Microsoft
2010-07-13 21:18:05 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-13 21:16:05 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-07-13 16:16:00 ----AD---- C:\ProgramData\TEMP
2010-07-13 00:04:51 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2010-07-12 23:40:52 ----D---- C:\Ervius Package Creation
2010-07-12 16:06:05 ----D---- C:\Users\Pavel\AppData\Roaming\skypePM
2010-07-12 12:30:50 ----D---- C:\Windows\LiveKernelReports
2010-07-11 18:41:18 ----D---- C:\Windows\system32\LogFiles
2010-07-10 22:51:15 ----D---- C:\Windows\system32\DriverStore
2010-07-10 19:39:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-10 15:00:19 ----D---- C:\ProgramData\Microsoft Help
2010-07-10 14:59:23 ----D---- C:\Windows\Logs
2010-07-10 13:04:32 ----D---- C:\Windows\winsxs
2010-07-10 09:57:24 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2010-07-09 22:41:45 ----D---- C:\Windows\system32\1033
2010-07-09 20:32:23 ----D---- C:\Windows\Help
2010-07-09 20:23:40 ----RSD---- C:\Windows\Fonts
2010-07-09 20:23:07 ----D---- C:\ProgramData
2010-07-09 16:53:02 ----D---- C:\Program Files\Opera
2010-07-09 13:07:05 ----D---- C:\Users\Pavel\AppData\Roaming\gtk-2.0
2010-07-09 12:12:28 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-08 09:23:33 ----D---- C:\Windows\system32\NDF
2010-07-06 19:40:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-06 18:46:10 ----D---- C:\Downloads
2010-07-06 13:03:50 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2010-07-06 11:41:48 ----D---- C:\Program Files\MSBuild
2010-07-06 11:41:48 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2010-07-02 21:39:05 ----A---- C:\Windows\system32\MRT.exe
2010-07-02 18:42:08 ----D---- C:\Program Files\Common Files\Steam
2010-07-02 14:06:37 ----D---- C:\ProgramData\CyberLink
2010-06-29 08:15:31 ----D---- C:\Program Files\Microsoft SDKs
2010-06-28 20:54:11 ----AD---- C:\Program Files-second
2010-06-27 22:54:55 ----D---- C:\Windows\ehome
2010-06-22 18:10:15 ----D---- C:\Windows\system32\appmgmt
2010-06-22 18:09:32 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-22 18:06:48 ----D---- C:\Windows\ShellNew
2010-06-22 18:04:48 ----D---- C:\Program Files\Common Files\System
2010-06-22 18:04:46 ----A---- C:\Windows\win.ini
2010-06-22 16:03:18 ----D---- C:\Windows\Downloaded Program Files
2010-06-20 13:02:08 ----D---- C:\Windows\rescache
2010-06-20 10:09:24 ----D---- C:\Windows\system32\en-US
2010-06-20 10:09:24 ----D---- C:\Windows\system32\cs-CZ
2010-06-20 10:09:24 ----D---- C:\Windows\PolicyDefinitions
2010-06-20 10:09:24 ----D---- C:\Windows\en-US
2010-06-19 12:25:58 ----D---- C:\Program Files\Ext2Fsd

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVG Anti-Rootkit;AVG Anti-Rootkit; C:\Windows\System32\DRIVERS\avgarkt.sys [2007-01-31 5632]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\Windows\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 Ext2Fsd;Linux ext2 file system driver; C:\Windows\system32\drivers\Ext2Fsd.sys [2009-10-30 657280]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 55040]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-12-31 295936]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\Windows\system32\DRIVERS\l260x86.sys [2009-07-14 29184]
R3 ezplay;VSO Software ezplay; C:\Windows\System32\Drivers\ezplay.sys [2010-07-05 94208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-29 2735504]
R3 LVMST;LVMST service; C:\Windows\system32\DRIVERS\LVMST.sys [2006-11-16 829312]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-07-05 47360]
R3 PsxDrv;@%systemroot%\system32\suares.dll,-107; C:\Windows\system32\drivers\psxdrv.sys [2009-07-14 9216]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
R3 V0420VID;Live! Cam Vista IM (VF0420); C:\Windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDISPM;RDPDISPM; C:\Windows\system32\DRIVERS\rdpdispm.sys [2010-06-06 9040]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\Windows\system32\DRIVERS\wceusbsh.sys [2005-08-09 104576]
S3 ZSMC301b;USB WEBCAM; C:\Windows\System32\Drivers\usbVM31b.sys [2004-03-03 90534]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-05 697328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Fast Multimedia Timer;Fast Multimedia Timer; C:\Windows\system32\fmmtimersvc.exe [2007-06-27 6656]
R2 iReboot;iReboot Background Service; C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe [2009-09-15 17408]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
R2 ProgDVBService;ProgDVB Scheduler Service; C:\Program Files\ProgDVB\ProgDVBService.exe [2010-06-25 7680]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2009-04-17 247152]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R2 VisualSVNServer;VisualSVN Server; C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe [2010-04-24 23840]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-02 395048]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 20:41
od motji
:arrow: Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.


:arrow: Můžete omezit spouštění zbytečných programů po startu
- Stáhněte z mého podpisu program StartUpLite
- vypíše seznam zbytečně spouštěných programů po startu,
- vyberete které chcete zastavit,u nich zaškrtnete Disable a klikněte na Continue


:arrow: Nedoporučujeme mít na jednom systému Daemon a alcohol, mohou se mezi sebou prát.

Jinak AVG antirootkit Vám právě jako rootkity detekoval drivery od těchto virtuálek, drivery začínající na A a po restartu mohou měnit název.

Pokud nejsou problémy, je to vše :) .

Re: Rootkit? Zpomalený PC a podivné chování

Napsal: 18 črc 2010 20:46
od Paulos
Aha...
Provedeno, jiné problémy už nejsou. Alcohol mám trial, čili asi půjde pryč on.
Na spouštěné programy jsem si našel kanón od Sysinternals :)

Fakt naposledy děkuju :D a přeju pěkný večer.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz