Přerušení startu OS WIN, timeout

[petersonyx]

Dobrý den,
mám následující problém při startu OS WinXP Professional. Po natažení plochy dojde k zamrznutí systému na cca 1 - 2 min. Ikona otáčejícího se Avastu se zastaví, po najetí kurzorem myši na spodní lištu se zobrazují přesýpací hodiny. Pak se vše normálně rozeběhne, nezávisí na tom, zda je PC připojeno k internetu nebo ne. Děje se to čím dál častěji (nepravidelně). Ve výpisu Prohlížeče událostí správce počítače/Aplikace je většinou uvedno:
"Chyba, Zdroj: MPSampleSubmission, ID 5000, Popis: EventType avesubmit, P1 microsoft antimalware (kód), P2 2.06212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL, P10 NIL"
Zkoušel jsem i BootVis, abych zjistil čím je systém zaneprázdněn, ale bohužel tento pokus nikdy nevedl k cíli, BootVis hlásil vždy (i v dříve, když PC fungovalo vpořádku) po restartu "Number of Physical drives in the trace file is 0. Trace file has invalid system configuration information", takže tímto způsobem byla diagnostika vyloučena.
Ani skenování Ad-Awarem nebo Microsoft Essentials nevedlo k odhalení nákazy. Na PC je instalován aktivně Comodo, Avast. Většina nepotřebných služeb je vypnuta, stejně tak je po startu potlačeno spouštění aplikací (které nejsou Microsoft).

Děkuji za radu jak diagnostikovat příčinu.

[Rudy]

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

[petersonyx]

Příkládám log RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by petr at 2010-02-03 17:29:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (49%) free of 114 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:48, on 3.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\petr.SUCH-HAG26N1RR3\Dokumenty\Pracovní\RSIT.exe
C:\Program Files\trend micro\petr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: explorer.lnk = C:\WINDOWS\explorer.scf
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5612 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-651377827-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-651377827-839522115-1003UA.job
C:\WINDOWS\tasks\MpIdleTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-14 18702336]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-28 1800464]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cisvc"=3
"WMPNetworkSvc"=3
"rpcapd"=3
"PnkBstrA"=2
"ose"=3
"odserv"=3
"NMSAccessU"=2
"MsMpSvc"=2
"Lavasoft Ad-Aware Service"=2
"JavaQuickStarterService"=2
"idsvc"=3
"ICQ Service"=2
"gupdate"=2
"avast! Web Scanner"=3
"avast! Mail Scanner"=3
"avast! Antivirus"=2
"ATI Smart"=2
"aswUpdSv"=2
"afcdpsrv"=3
"AcrSch2Svc"=3

C:\Documents and Settings\petr.SUCH-HAG26N1RR3\Nabídka Start\Programy\Po spuštění
explorer.lnk - C:\WINDOWS\explorer.scf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-03 17:29:51 ----D---- C:\Program Files\trend micro
2010-02-03 17:29:50 ----D---- C:\rsit
2010-01-20 17:13:46 ----D---- C:\Program Files\MSXML 4.0
2010-01-18 20:35:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-18 20:35:16 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-18 20:35:16 ----A---- C:\WINDOWS\system32\java.exe
2010-01-18 20:34:39 ----D---- C:\Program Files\Common Files\Java
2010-01-18 20:34:19 ----D---- C:\Program Files\Common Files\SourceTec
2010-01-18 18:57:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2010-01-18 18:57:12 ----A---- C:\WINDOWS\system32\msxml4r.dll
2010-01-18 18:57:12 ----A---- C:\WINDOWS\system32\msxml4a.dll
2010-01-18 18:56:13 ----D---- C:\Program Files\SourceTec
2010-01-17 16:39:56 ----D---- C:\Program Files\EA GAMES
2010-01-17 16:34:15 ----A---- C:\debugInstaller.txt
2010-01-13 21:36:45 ----D---- C:\Program Files\Adobe
2010-01-13 21:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 21:32:16 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-03 17:30:49 ----D---- C:\WINDOWS\Temp
2010-02-03 17:30:35 ----D---- C:\Program Files\Mozilla Firefox
2010-02-03 17:29:51 ----RD---- C:\Program Files
2010-02-03 17:22:49 ----SD---- C:\WINDOWS\Tasks
2010-02-03 17:18:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-03 15:08:24 ----D---- C:\Program Files\Warcraft III
2010-02-03 13:57:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-02 20:35:22 ----D---- C:\Program Files\FTP Commander
2010-02-02 17:56:21 ----D---- C:\WINDOWS
2010-02-02 17:49:21 ----D---- C:\WINDOWS\system32
2010-02-02 17:40:31 ----D---- C:\WINDOWS\Prefetch
2010-02-02 17:18:51 ----A---- C:\WINDOWS\system32\guard32.dll
2010-02-01 20:59:51 ----D---- C:\WINDOWS\vbSkinner
2010-02-01 20:27:42 ----D---- C:\WINDOWS\Debug
2010-02-01 20:25:43 ----D---- C:\Documents and Settings\petr.SUCH-HAG26N1RR3\Data aplikací\uTorrent
2010-02-01 14:18:49 ----HD---- C:\WINDOWS\inf
2010-01-29 17:57:51 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-01-29 14:42:28 ----A---- C:\WINDOWS\CD-Start.INI
2010-01-28 17:48:27 ----SHD---- C:\WINDOWS\Installer
2010-01-28 17:48:27 ----D---- C:\Config.Msi
2010-01-26 07:53:12 ----D---- C:\Program Files\CDBurnerXP
2010-01-25 18:13:18 ----D---- C:\WINDOWS\system32\drivers
2010-01-24 17:57:32 ----D---- C:\Documents and Settings\petr.SUCH-HAG26N1RR3\Data aplikací\vlc
2010-01-24 17:57:15 ----D---- C:\Documents and Settings\petr.SUCH-HAG26N1RR3\Data aplikací\dvdcss
2010-01-24 16:55:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-24 16:55:56 ----D---- C:\Program Files\Internet Explorer
2010-01-24 16:55:44 ----D---- C:\WINDOWS\ie8updates
2010-01-24 16:55:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-20 17:13:56 ----D---- C:\WINDOWS\WinSxS
2010-01-18 20:35:16 ----D---- C:\Program Files\Java
2010-01-18 20:34:39 ----D---- C:\Program Files\Common Files
2010-01-17 16:56:47 ----D---- C:\Program Files\ICQ6.5
2010-01-14 14:33:53 ----D---- C:\WINDOWS\AppPatch
2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-13 21:36:53 ----D---- C:\Program Files\Common Files\Adobe
2010-01-13 21:36:52 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2010-01-09 17:28:02 ----D---- C:\Program Files\Eidos
2010-01-07 20:38:11 ----RSH---- C:\boot.ini
2010-01-07 20:38:11 ----N---- C:\WINDOWS\win.ini
2010-01-07 20:38:11 ----N---- C:\WINDOWS\system.ini
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-02 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-01-28 25160]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-08-14 4485632]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-18 5884416]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-08 47360]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2009-06-25 3734976]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2009-11-21 159168]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 avyyf7ll;avyyf7ll; C:\WINDOWS\system32\drivers\avyyf7ll.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-28 723632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-29 1181328]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-09-12 660520]
S4 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-11-21 2326920]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-08-14 602112]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-01 133104]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S4 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 PnkBstrA;PunkBuster; C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe [2007-10-19 63040]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Rudy]

Tento soubor: C:\WINDOWS\explorer.scf otestujte online na www.virustotal.com. Výsledek oznamte.

[petersonyx]

Soubor explorer.scf, na který odkazuje log nemohu v PC najít! v daném adresáři (windows) neexistuje, nechal jsem prohledat celé PC (včetně skrytých složek). Jediný výsledek byl nález tohoto souboru v backupu HD pořízené Acronisem (v 11/09) a uloženém na druhém datovém disku H:. Že by to byla příčina?, co teď? Děkuji.

[Rudy]

Zkuste cestu k souboru zkopírovat do okénka na webu virustotal.

[petersonyx]

Bohužel, do okénka virustotal nelze nic zkopírovat ani vepsat, po kliknutí do okénka se vyvolává dialogové okno pro vložení souboru (vyzkoušeno ve třech prohlížečích).

[Rudy]

Pokud nemáte, zapněte zobrazení skrytých a systémových souborů. Mám za to, že ten soubor není v pořádku a chtěl bych si to ověřit.

[petersonyx]

Mám zapnuto Zobrazovat skryté soubory a složky a deaktivovánu volbu Skrýt chráněné soubory, přesto soubor není explorer.scf není vidět ani nelze vyhledat. V adresáři windows lze najít pouze explorer (zřejmě zástupce) a explorer.exe (aplikace). Co vlastně .scf je?

[Rudy]

Může to být něco z tohoto:

.scf - ScoreMaker multimedia show
.scf - Symphony spelling checker configuration
.scf - Windows Explorer Shell Command soubor
.scf - DNA sequence soubor format
.scf - Photo Soap 2 soubor
.scf - SimTown soubor
.scf - VIA setup configuration soubor

systémový soubor je explorer.exe (startuje plochu, lištu atd.). Ale explorer.scf jsem dosud neviděl.

[petersonyx]

Pokud explorer.scf není přítomen (nelze prostě najít), pomohl by jeho přenos z jiného PC nebo obnovení ze zálohy systému? Jak je možné že výpis z logu RSIT explorer.scf uvádí, když tu není?

[cernohous13]

omlouvám se za vstup

je to C:\WINDOWS\explorer - bez přípony (viz kontextové menu a možnost scanu Avastem)


mám ho i na panelu rychlého spuštění

[JaRon]

pridam aj ja
http://support.microsoft.com/kb/175627

[petersonyx]

přikládám výsledek z testu souboru explorer.scf na virustotal.com jak bylo doporučeno:

Soubor explorer.scf přijatý 2010.02.11 19:32:26 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.11 -
AhnLab-V3 5.0.0.2 2010.02.11 -
AntiVir 7.9.1.160 2010.02.11 -
Antiy-AVL 2.0.3.7 2010.02.11 -
Authentium 5.2.0.5 2010.02.11 -
Avast 4.8.1351.0 2010.02.11 -
AVG 9.0.0.730 2010.02.11 -
BitDefender 7.2 2010.02.11 -
CAT-QuickHeal 10.00 2010.02.11 -
ClamAV 0.96.0.0-git 2010.02.11 -
Comodo 3901 2010.02.11 -
DrWeb 5.0.1.12222 2010.02.11 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7296 2010.02.11 -
F-Prot 4.5.1.85 2010.02.11 -
F-Secure 9.0.15370.0 2010.02.11 -
Fortinet 4.0.14.0 2010.02.11 -
GData 19 2010.02.11 -
Ikarus T3.1.1.80.0 2010.02.11 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.971 2010.02.11 -
Kaspersky 7.0.0.125 2010.02.11 -
McAfee 5889 2010.02.11 -
McAfee+Artemis 5889 2010.02.11 -
McAfee-GW-Edition 6.8.5 2010.02.11 -
Microsoft 1.5406 2010.02.11 -
NOD32 4859 2010.02.11 -
Norman 6.04.08 2010.02.11 -
nProtect 2009.1.8.0 2010.02.11 -
Panda 10.0.2.2 2010.02.11 -
PCTools 7.0.3.5 2010.02.11 -
Prevx 3.0 2010.02.11 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.11 -
Sunbelt 3.9.2398.2 2010.02.11 -
Symantec 20091.2.0.41 2010.02.11 -
TheHacker 6.5.1.1.189 2010.02.11 -
TrendMicro 9.120.0.1004 2010.02.11 -
VBA32 3.12.12.2 2010.02.11 -
ViRobot 2010.2.11.2182 2010.02.11 -
VirusBuster 5.0.21.0 2010.02.11 -
Rozšiřující informace
File size: 80 bytes
MD5...: a3975a7d2c98b30a2ae010754ffb9392
SHA1..: 89d8e97d52c327ef56481223162d1afe78490239
SHA256: 2b2f21d2cda3f368df17a4bebda157f2d69bc5cf6058b8424a02b587e643bf84
ssdeep: 3:t2pTrYXo0dbuvMy+VZXl+YEBb:t2BMPqMdREBb<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: Microsoft Windows 2000 Publisher<br> Microsoft Windows Verification Intermediate PCA<br> Microsoft Root Authority<br>signing date.: 3:42 AM 12/8/1999<br>verified.....: -<br>

[Rudy]

Soubor je čistý. Pro jistotu udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.