VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Nestabilita PC

https://forum.viry.cz:443/viewtopic.php?t=110219

Stránka 1 z 1

Nestabilita PC

Napsal: 13 bře 2011 00:49
od Jooony
Dobrý den,
v poslední době se mi PC začalo sekat a po spuštění se s ním dá pracovat jen za předpokladu, že je ukončeno několik "zbytečných" procesů ve Správci úloh. Když jsem spustil na PC Nod32, žádný vir nebyl detekován, akorát u všech souborů v driver.cab se objevila hláška např: "C:\WINDOWS\Driver Cache\i386\driver.cab » CAB » cqsdclr2.dll - archiv je poškozen a soubor nemůže být extrahován"

Prosím o zkontrolování logu a předem Děkuji.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-03-13 00:31:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 251 GB (82%) free of 305 GB
Total RAM: 3071 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:31:33, on 13.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (file missing)

--
End of file - 7016 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1644491937-1801674531-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1644491937-1801674531-1004UA.job
C:\WINDOWS\tasks\RMSchedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-12-07 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-05 13553664]
"nwiz"=nwiz.exe /install []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [2011-01-30 233936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-06-26 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
C:\Program Files\System Control Manager\MGSysCtrl.exe [2008-10-09 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
C:\Program Files\Protector Suite QL\launcher.exe [2008-04-29 49928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-08-19 16850944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2007-09-25 93208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2010-12-27 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-14 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-07 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2008-02-22 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3
"gusvc"=3
"gupdate"=2
"SandraAgentSrv"=3
"RichVideo"=2
"pr2aqlse"=2
"iPod Service"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2008-04-29 96008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"Start_ShowMyComputer"=0
"Start_ShowMyDocs"=0
"NoStrCmpLogical"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\common\mafia ii\pc\Mafia2.exe"="C:\Program Files\Steam\SteamApps\common\mafia ii\pc\Mafia2.exe:*:Enabled:Mafia II"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2011-03-13 00:20:22 ----D---- C:\rsit
2011-03-12 23:58:41 ----D---- C:\WINDOWS\LastGood
2011-03-12 23:41:13 ----D---- C:\Program Files\Trend Micro
2011-03-12 23:20:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2011-03-12 23:19:49 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-12 15:22:15 ----D---- C:\Documents and Settings\Admin\Data aplikací\Media Player Classic
2011-03-12 12:06:01 ----A---- C:\Documents and Settings\All Users\Data aplikací\xmlC2.tmp
2011-03-12 12:06:01 ----A---- C:\Documents and Settings\All Users\Data aplikací\xmlC1.tmp
2011-03-12 12:06:01 ----A---- C:\Documents and Settings\All Users\Data aplikací\xmlC0.tmp
2011-03-12 12:06:01 ----A---- C:\Documents and Settings\All Users\Data aplikací\xmlBF.tmp
2011-03-12 11:47:05 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-03-12 11:46:08 ----D---- C:\Program Files\CCleaner
2011-03-12 10:43:38 ----AH---- C:\san_test.tmp
2011-03-12 10:31:26 ----A---- C:\Documents and Settings\All Users\Data aplikací\xmlA1.tmp
2011-03-12 10:31:26 ----A---- C:\Documents and Settings\All Users\Data aplikací\xmlA0.tmp
2011-03-12 10:31:26 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml9F.tmp
2011-03-12 10:31:26 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml9E.tmp
2011-03-12 10:30:22 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml9D.tmp
2011-03-12 10:30:22 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml9C.tmp
2011-03-12 10:30:22 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml9B.tmp
2011-03-12 10:30:22 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml9A.tmp
2011-03-12 10:21:28 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml99.tmp
2011-03-12 10:21:28 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml98.tmp
2011-03-12 10:21:28 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml97.tmp
2011-03-12 10:21:28 ----A---- C:\Documents and Settings\All Users\Data aplikací\xml96.tmp
2011-03-08 19:26:37 ----D---- C:\Documents and Settings\Admin\Data aplikací\Registry Mechanic
2011-03-08 17:54:48 ----SHD---- C:\found.001
2011-03-07 21:58:39 ----SHD---- C:\found.000
2011-03-05 08:15:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\EA Core
2011-02-28 16:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-02-10 21:56:03 ----A---- C:\WINDOWS\system32\CleanMFT32.exe
2011-02-10 21:55:58 ----D---- C:\Program Files\Common Files\PC Tools
2011-02-10 21:55:48 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-02-10 21:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-10 21:47:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-10 21:47:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-10 21:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-10 21:45:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-10 21:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-10 21:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-01-24 21:01:46 ----D---- C:\Program Files\Common Files\Java
2011-01-24 21:01:31 ----A---- C:\WINDOWS\system32\javaws.exe
2011-01-24 21:01:31 ----A---- C:\WINDOWS\system32\javaw.exe
2011-01-24 21:01:31 ----A---- C:\WINDOWS\system32\java.exe
2011-01-12 12:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-07 15:21:15 ----D---- C:\Program Files\Cenega
2010-12-27 20:36:12 ----D---- C:\Program Files\Steam
2010-12-17 20:43:26 ----D---- C:\Program Files\NVIDIA Corporation
2010-12-17 20:42:02 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-12-17 20:42:02 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-12-17 20:42:01 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-12-17 20:42:00 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-12-17 20:41:59 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-12-17 20:41:58 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-12-17 20:41:57 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-12-17 20:41:56 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-12-17 20:41:55 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-12-17 20:41:55 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-12-17 20:41:53 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-12-17 20:41:53 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-12-17 20:41:52 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-12-17 20:41:50 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-12-17 20:41:49 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-12-17 20:41:48 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-12-17 20:41:46 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-12-17 20:41:45 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-12-17 20:41:44 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-12-16 22:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-16 22:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-16 22:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-16 22:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-16 22:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-16 22:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-16 22:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$

======List of files/folders modified in the last 3 months======

2011-03-13 00:31:29 ----D---- C:\WINDOWS\Temp
2011-03-13 00:29:58 ----HD---- C:\WINDOWS\inf
2011-03-13 00:23:18 ----D---- C:\WINDOWS
2011-03-13 00:20:16 ----D---- C:\WINDOWS\Prefetch
2011-03-13 00:17:08 ----D---- C:\WINDOWS\Debug
2011-03-13 00:16:57 ----D---- C:\WINDOWS\Minidump
2011-03-12 23:58:33 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-12 23:55:16 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-03-12 23:51:54 ----RD---- C:\Program Files
2011-03-12 23:21:38 ----SHD---- C:\WINDOWS\Installer
2011-03-12 23:21:36 ----D---- C:\WINDOWS\system32\config
2011-03-12 16:53:03 ----SH---- C:\boot.ini
2011-03-12 16:53:03 ----A---- C:\WINDOWS\win.ini
2011-03-12 16:53:03 ----A---- C:\WINDOWS\system.ini
2011-03-12 15:55:42 ----A---- C:\WINDOWS\NeroDigital.ini
2011-03-12 14:57:26 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-12 14:10:54 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-12 13:45:53 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2011-03-12 11:48:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-12 11:48:00 ----D---- C:\WINDOWS\system32
2011-03-11 18:27:40 ----D---- C:\WINDOWS\pss
2011-03-10 20:55:56 ----D---- C:\Documents and Settings\Admin\Data aplikací\skypePM
2011-03-10 19:30:14 ----D---- C:\WINDOWS\system32\drivers
2011-03-09 15:45:58 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-09 15:44:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-03-09 15:44:56 ----D---- C:\Program Files\Norton Security Scan
2011-03-09 15:44:49 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-03-09 15:44:47 ----SD---- C:\WINDOWS\Tasks
2011-03-09 15:43:46 ----D---- C:\Program Files\Krtek
2011-03-08 19:19:10 ----D---- C:\Program Files\Ubisoft
2011-03-04 18:33:52 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-03-03 16:30:51 ----D---- C:\Program Files\Mozilla Firefox
2011-02-15 14:51:15 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-11 17:57:47 ----D---- C:\WINDOWS\system32\Macromed
2011-02-10 21:55:58 ----D---- C:\Program Files\Common Files
2011-02-10 21:45:53 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-10 21:45:43 ----D---- C:\Program Files\Internet Explorer
2011-01-24 21:01:05 ----D---- C:\Program Files\Java
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shell32.dll
2011-01-07 15:09:02 ----A---- C:\WINDOWS\system32\atmfd.dll
2010-12-27 20:07:39 ----D---- C:\WINDOWS\system32\wbem
2010-12-27 20:07:39 ----D---- C:\WINDOWS\Registration
2010-12-27 20:07:24 ----D---- C:\hry
2010-12-27 20:07:21 ----D---- C:\WINDOWS\system32\DirectX
2010-12-27 20:06:40 ----D---- C:\WINDOWS\system32\Restore
2010-12-27 19:51:23 ----RSD---- C:\WINDOWS\assembly
2010-12-22 13:34:22 ----A---- C:\WINDOWS\system32\kerberos.dll
2010-12-21 00:52:37 ----A---- C:\WINDOWS\system32\wininet.dll
2010-12-21 00:52:36 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\occache.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\mstime.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\mshtmled.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\licmgr10.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-12-21 00:52:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-12-20 18:25:50 ----A---- C:\WINDOWS\system32\lsasrv.dll
2010-12-20 13:55:37 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-12-20 11:52:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-12-16 22:00:16 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pe3aqlse;Battlestations Midway Environment Driver (pe3aqlse); C:\WINDOWS\system32\drivers\pe3aqlse.sys [2008-02-06 65168]
R0 ps7aqlse;Battlestations Midway Synchronization Driver (ps7aqlse); C:\WINDOWS\system32\drivers\ps7aqlse.sys [2008-02-06 68760]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-14 721904]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-06-27 1315776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-20 4751872]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-05 6629696]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-08-26 157696]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-01-30 50576]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2007-09-14 19352]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2007-09-14 51608]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-02-15 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-01-31 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2007-09-14 29976]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2007-09-14 29208]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2007-09-14 14744]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2008-08-26 159744]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-05 168004]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-05 66872]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ACS;Konfigurační služba Atheros; C:\WINDOWS\system32\acs.exe [2008-07-07 467029]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-03 135664]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 pr2aqlse;Battlestations Midway Drivers Auto Removal (pr2aqlse); C:\WINDOWS\system32\pr2aqlse.exe [2008-02-06 411016]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]

-----------------EOF-----------------

Re: Nestabilita PC

Napsal: 13 bře 2011 10:22
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Nestabilita PC

Napsal: 13 bře 2011 12:04
od Jooony
ComboFix 11-03-12.01 - Admin 13.03.2011 11:33:26.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2628 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Dokumenty\cc_20110312_233505.reg
.
Nakažená kopie c:\windows\system32\autoconv.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\autoconv.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-13 do 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-12 23:20 . 2011-03-12 23:20 -------- d-----w- C:\rsit
2011-03-12 22:41 . 2011-03-12 23:31 -------- d-----w- c:\program files\Trend Micro
2011-03-12 22:20 . 2011-03-12 22:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2011-03-12 22:19 . 2011-03-12 22:19 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-12 14:22 . 2011-03-13 00:33 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Media Player Classic
2011-03-12 11:06 . 2011-03-12 11:06 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlC2.tmp
2011-03-12 11:06 . 2011-03-12 11:06 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlC1.tmp
2011-03-12 11:06 . 2011-03-12 11:06 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlC0.tmp
2011-03-12 11:06 . 2011-03-12 11:06 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlBF.tmp
2011-03-12 10:47 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-12 10:47 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-12 10:46 . 2011-03-12 10:46 -------- d-----w- c:\program files\CCleaner
2011-03-12 09:43 . 2011-03-12 09:49 3221225472 ---ha-w- C:\san_test.tmp
2011-03-12 09:31 . 2011-03-12 09:31 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlA1.tmp
2011-03-12 09:31 . 2011-03-12 09:31 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlA0.tmp
2011-03-12 09:31 . 2011-03-12 09:31 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml9F.tmp
2011-03-12 09:31 . 2011-03-12 09:31 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml9E.tmp
2011-03-12 09:30 . 2011-03-12 09:30 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml9D.tmp
2011-03-12 09:30 . 2011-03-12 09:30 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml9C.tmp
2011-03-12 09:30 . 2011-03-12 09:30 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml9B.tmp
2011-03-12 09:30 . 2011-03-12 09:30 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml9A.tmp
2011-03-12 09:21 . 2011-03-12 09:21 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml99.tmp
2011-03-12 09:21 . 2011-03-12 09:21 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml98.tmp
2011-03-12 09:21 . 2011-03-12 09:21 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml97.tmp
2011-03-12 09:21 . 2011-03-12 09:21 0 ----a-w- c:\documents and settings\All Users\Data aplikací\xml96.tmp
2011-03-08 18:26 . 2011-03-08 18:26 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Registry Mechanic
2011-03-08 16:54 . 2011-03-08 16:54 -------- d-----w- C:\found.001
2011-03-07 20:58 . 2011-03-07 20:58 -------- d-----w- C:\found.000
2011-03-05 07:15 . 2011-03-05 07:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EA Core
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 17:33 . 2009-11-05 22:04 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-04 17:33 . 2009-11-05 22:04 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-05 13553664]
"nwiz"="nwiz.exe" [2008-11-05 1630208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Start_ShowMyComputer"= 0 (0x0)
"Start_ShowMyDocs"= 0 (0x0)
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-29 16:43 96008 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-02-06 12:23 2021400 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-26 17:10 133104 ----atw- c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 14:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 15:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2008-10-09 08:19 688128 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-04-29 16:21 49928 ----a-w- c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-07 15:24 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-08-19 10:28 16850944 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2007-09-25 22:03 93208 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-27 19:37 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-14 17:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-07 18:08 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"RichVideo"=2 (0x2)
"pr2aqlse"=2 (0x2)
"iPod Service"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pe3aqlse;Battlestations Midway Environment Driver (pe3aqlse);c:\windows\system32\drivers\pe3aqlse.sys [6.2.2008 11:19 65168]
R0 ps7aqlse;Battlestations Midway Synchronization Driver (ps7aqlse);c:\windows\system32\drivers\ps7aqlse.sys [6.2.2008 11:18 68760]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.5.2009 18:58 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 13:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 13:23 727720]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [12.5.2009 21:14 159744]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10.2.2011 21:56 583640]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [12.5.2009 21:19 157696]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [?]
S3 ABMLCZ;ABMLCZ;c:\docume~1\Admin\LOCALS~1\Temp\ABMLCZ.exe --> c:\docume~1\Admin\LOCALS~1\Temp\ABMLCZ.exe [?]
S3 HVVB;HVVB;c:\docume~1\Admin\LOCALS~1\Temp\HVVB.exe --> c:\docume~1\Admin\LOCALS~1\Temp\HVVB.exe [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [?]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.3.2010 13:44 135664]
S4 pr2aqlse;Battlestations Midway Drivers Auto Removal (pr2aqlse);c:\windows\system32\pr2aqlse.exe svc --> c:\windows\system32\pr2aqlse.exe svc [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 12:44]
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 12:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\01wwbr10.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 11:45
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-1644491937-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f1,15,1a,2a,08,c6,c1,1e,2f,e6,2c,20,a9,64,3c,0f,a9,ff,1c,ca,e0,4c,c3,
a4,61,fa,85,69,39,7e,79,78,46,d5,6c,46,fd,89,35,43,60,59,8d,43,33,1a,5e,e0,\
"??"=hex:ff,0b,9e,ae,55,48,66,18,0e,77,0e,c4,61,c0,ac,c0
.
[HKEY_USERS\S-1-5-21-73586283-1644491937-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d9,0c,ef,cb,13,8d,b9,d1,89,6a,41,50,ce,6a,50,c2,82,84,2a,60,d9,
b8,b3,7b,a3,64,5c,fe,4a,61,01,43,cd,a9,97,56,ba,ad,d0,bd,4a,7a,ce,69,28,41,\
"rkeysecu"=hex:36,e9,e6,e0,93,44,c2,c4,bc,90,ce,18,9a,a0,dc,70
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
.
- - - - - - - > 'explorer.exe'(1436)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-03-13 11:49:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-13 10:49
.
Před spuštěním: Volných bajtů: 263 551 975 424
Po spuštění: Volných bajtů: 266 974 793 728
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 865898E34308463538F410BF5D0021A0

Re: Nestabilita PC

Napsal: 13 bře 2011 12:12
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\docume~1\Admin\LOCALS~1\Temp\ABMLCZ.exe
c:\docume~1\Admin\LOCALS~1\Temp\HVVB.exe

Driver::
ABMLCZ
HVVB
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Nestabilita PC

Napsal: 13 bře 2011 12:52
od Jooony
Pokud je to vše tak DĚKUJI za vyřešení problému i za rychlou reakci.

Re: Nestabilita PC

Napsal: 13 bře 2011 18:03
od Rudy
V případě, že problém pominul, je to vše.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz