Pomalý NB

Zpráva

avatar · #1 Příspěvek od **avatar** » 18 led 2010 19:34

Zdravým, tu je log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Michal at 2010-01-18 19:30:57
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 80 GB (60%) free of 133 GB
Total RAM: 2039 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:11, on 18. 1. 2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Downloads\RSIT(3).exe
C:\Program Files\trend micro\Michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Delete USB Error Key] "C:\Program Files\Samsung\Samsung New PC Studio\USB Drivers\SPS3_USB_Driver_Setup.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-21-2075627770-404306645-2307974809-1001\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'User')
O4 - HKUS\S-1-5-21-2075627770-404306645-2307974809-1001\..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (User 'User')
O4 - S-1-5-21-2075627770-404306645-2307974809-1001 Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (User 'User')
O4 - S-1-5-21-2075627770-404306645-2307974809-1001 User Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (User 'User')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{892CCB96-41CF-4CB0-B8DD-B45F99B6CA91}: NameServer = 192.168.1.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8419 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL [2009-10-29 4150160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL [2009-11-03 556432]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-05-22 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-05-22 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-05-22 133656]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-05-23 197904]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NPSStartup"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Delete USB Error Key"=C:\Program Files\Samsung\Samsung New PC Studio\USB Drivers\SPS3_USB_Driver_Setup.exe [2007-07-24 126976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-01-16 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\Windows\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL [2009-10-29 4150160]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideClock"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-01-18 19:30:59 ----D---- C:\Program Files\trend micro
2010-01-18 19:30:57 ----D---- C:\rsit
2010-01-16 14:10:16 ----D---- C:\ProgramData\PC Suite
2010-01-16 14:04:24 ----D---- C:\Program Files\MarkAnyContentSAFER
2010-01-16 12:50:27 ----A---- C:\Windows\system32\DIFxAPI.dll
2010-01-16 12:49:07 ----D---- C:\Program Files\DIFX
2010-01-16 12:49:06 ----D---- C:\Windows\LastGood
2010-01-16 12:48:35 ----A---- C:\Windows\system32\FsUsbExService.Exe
2010-01-16 12:48:35 ----A---- C:\Windows\system32\FsUsbExDevice.Dll
2010-01-16 12:47:24 ----D---- C:\Program Files\MarkAny
2010-01-16 12:47:22 ----D---- C:\Program Files\PC Connectivity Solution
2010-01-16 12:46:40 ----D---- C:\Program Files\Samsung
2010-01-15 21:37:12 ----D---- C:\Program Files\SystemRequirementsLab
2010-01-15 20:01:38 ----D---- C:\Program Files\18 Wheels of Steel Haulin
2010-01-14 20:23:54 ----D---- C:\Program Files\18 Wheels of Steel Convoy
2010-01-09 22:41:22 ----D---- C:\Windows\pss
2010-01-08 19:31:08 ----D---- C:\Program Files\Mozilla Firefox
2010-01-06 12:54:48 ----A---- C:\Windows\system32\rmoc3260.dll
2010-01-06 12:54:48 ----A---- C:\Windows\system32\pndx5032.dll
2010-01-06 12:54:48 ----A---- C:\Windows\system32\pndx5016.dll
2010-01-06 12:54:48 ----A---- C:\Windows\system32\pncrt.dll
2010-01-06 12:54:47 ----A---- C:\Windows\avisplitter.ini
2010-01-06 12:54:44 ----A---- C:\Windows\system32\yv12vfw.dll
2010-01-06 12:54:44 ----A---- C:\Windows\system32\xvidvfw.dll
2010-01-06 12:54:44 ----A---- C:\Windows\system32\xvidcore.dll
2010-01-06 12:54:44 ----A---- C:\Windows\system32\DivXc32f.dll
2010-01-06 12:54:44 ----A---- C:\Windows\system32\DivXc32.dll
2010-01-06 12:54:42 ----A---- C:\Windows\system32\qt-dx331.dll
2010-01-06 12:54:42 ----A---- C:\Windows\system32\dpl100.dll
2010-01-06 12:54:38 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-01-06 12:54:38 ----A---- C:\Windows\system32\ff_vfw.dll
2010-01-06 12:54:38 ----A---- C:\Windows\system32\divx.dll
2010-01-06 12:54:35 ----D---- C:\Program Files\K-Lite Codec Pack
2010-01-04 18:50:24 ----A---- C:\UsbFix.txt
2009-12-30 20:33:04 ----D---- C:\Users\Michal\AppData\Roaming\.purple
2009-12-30 20:29:55 ----D---- C:\Program Files\Aspell
2009-12-30 20:29:12 ----D---- C:\Program Files\Pidgin
2009-12-30 20:29:04 ----D---- C:\Program Files\Common Files\GTK
2009-12-29 15:17:48 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-12-28 19:26:26 ----D---- C:\Program Files\CCleaner
2009-12-24 08:33:56 ----D---- C:\ProgramData\Avira
2009-12-24 08:33:56 ----D---- C:\Program Files\Avira
2009-12-24 07:39:40 ----D---- C:\Windows\temp
2009-12-24 07:39:13 ----SHD---- C:\$RECYCLE.BIN
2009-12-24 06:34:18 ----A---- C:\Windows\zip.exe
2009-12-24 06:34:18 ----A---- C:\Windows\SWXCACLS.exe
2009-12-24 06:34:18 ----A---- C:\Windows\SWSC.exe
2009-12-24 06:34:18 ----A---- C:\Windows\SWREG.exe
2009-12-24 06:34:18 ----A---- C:\Windows\sed.exe
2009-12-24 06:34:18 ----A---- C:\Windows\PEV.exe
2009-12-24 06:34:18 ----A---- C:\Windows\NIRCMD.exe
2009-12-24 06:34:18 ----A---- C:\Windows\MBR.exe
2009-12-24 06:34:18 ----A---- C:\Windows\grep.exe
2009-12-24 06:33:12 ----D---- C:\Windows\ERDNT
2009-12-23 18:14:07 ----D---- C:\Users\Michal\AppData\Roaming\WinRAR
2009-12-22 14:04:06 ----D---- C:\ProgramData\NOS
2009-12-21 09:34:49 ----D---- C:\archive_db
2009-12-19 14:48:07 ----A---- C:\Windows\system32\quartz.dll

======List of files/folders modified in the last 1 months======

2010-01-18 19:30:59 ----RD---- C:\Program Files
2010-01-18 18:53:14 ----D---- C:\Users\Michal\AppData\Roaming\Mozilla
2010-01-18 18:51:51 ----D---- C:\Windows\Prefetch
2010-01-16 14:17:31 ----SHD---- C:\System Volume Information
2010-01-16 14:13:57 ----D---- C:\Windows\System32
2010-01-16 14:13:57 ----D---- C:\Windows\inf
2010-01-16 14:13:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-16 14:10:53 ----D---- C:\Windows\system32\drivers
2010-01-16 14:10:16 ----D---- C:\ProgramData
2010-01-16 14:05:57 ----SHD---- C:\Windows\Installer
2010-01-16 14:05:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-16 12:50:31 ----D---- C:\Windows\system32\catroot
2010-01-16 12:50:29 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2010-01-16 12:50:17 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-16 12:49:06 ----D---- C:\Windows
2010-01-16 12:48:23 ----D---- C:\Users\Michal\AppData\Roaming\Samsung
2010-01-16 12:48:06 ----D---- C:\Windows\winsxs
2010-01-15 21:38:49 ----SD---- C:\Windows\Downloaded Program Files
2010-01-09 18:23:18 ----D---- C:\Windows\system32\catroot2
2010-01-08 20:11:09 ----D---- C:\ProgramData\Microsoft Help
2010-01-04 20:08:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-30 20:29:04 ----D---- C:\Program Files\Common Files
2009-12-24 08:33:06 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-24 07:37:55 ----A---- C:\Windows\system.ini
2009-12-24 07:35:48 ----D---- C:\Windows\AppPatch
2009-12-23 18:21:34 ----D---- C:\Windows\Minidump
2009-12-23 16:15:12 ----D---- C:\Windows\system32\wbem
2009-12-23 16:14:29 ----D---- C:\Windows\system32\config
2009-12-23 16:14:13 ----D---- C:\Windows\Tasks
2009-12-23 16:14:13 ----D---- C:\Windows\system32\spool
2009-12-23 16:14:13 ----D---- C:\Windows\system32\Msdtc
2009-12-23 16:14:13 ----D---- C:\Windows\system32\CodeIntegrity
2009-12-23 16:14:13 ----D---- C:\Windows\rescache
2009-12-23 16:14:09 ----D---- C:\Windows\registration
2009-12-23 16:14:05 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-27 56816]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-05-24 223616]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-08-03 36608]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2008-04-14 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 catchme;catchme; \??\C:\Users\Michal\AppData\Local\Temp\catchme.sys []
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2010-01-16 5632]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-23 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-08-03 233472]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\Windows\system32\flcdlock.exe [2007-06-08 172131]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]

-----------------EOF-----------------

Edit: Heuresterika aviry našla vírus HTML malware v zložke kde je cache mozilly. Presunul som do karantény.

#2 Příspěvek od **Rudy** » 18 led 2010 20:12

Nic nebezpečného nevidím. Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

avatar · #3 Příspěvek od **avatar** » 18 led 2010 20:15

Urobím rýchlu. Ked niečo nájde dám úplnú.

Malwarebytes' Anti-Malware 1.43
Verzia databázy: 3493
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

18. 1. 2010 20:19:05
mbam-log-2010-01-18 (20-19-05).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 99484
Uplynutý cas: 4 minute(s), 7 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

#4 Příspěvek od **Rudy** » 18 led 2010 20:28

Co jste instaloval těsně před tím, než se problém objevil?

avatar · #5 Příspěvek od **avatar** » 18 led 2010 20:30

Napálené hry.

Na deskope kde som inštaloval tiež no problem. A ešte sa mi pri spustení NB samo zmenilo rozlíšenie.

#6 Příspěvek od **Rudy** » 18 led 2010 20:34

Takže nelegální soft. Odinstalujte, PC vyčistěte CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 . Pokud se vám následkem toho nějak poškodil systém, pak je to váš problém: http://www.viry.cz/forum/viewtopic.php?f=5&t=64194 .

avatar · #7 Příspěvek od **avatar** » 18 led 2010 20:36

Ale tým to byť nemohlo. Na deskope všetko OK. U kamaráta všetko OK. Ani AV predtým nenahlásil infekciu. Odstránené. Prečistené. Problém pretrváva.
EDIT: Inštaloval som Samsung PC studio ešte.

#8 Příspěvek od **Rudy** » 18 led 2010 20:41

Zkuste ještě plný sken MBAM.

avatar · #9 Příspěvek od **avatar** » 19 led 2010 19:42

Nič nenašlo.

#10 Příspěvek od **Rudy** » 19 led 2010 21:06

Patrně jde o nějaký problém se softwarem. Samsung PC studio na zkoušku odinstalujte. Jinak zkuste opravu systému Vistamanagerem: http://www.studna.cz/6753/systemove-nas ... a-manager/ .

VIRY.CZ

Pomalý NB

Pomalý NB

Re: Pomalý NB

Re: Pomalý NB

Re: Pomalý NB

Re: Pomalý NB

Re: Pomalý NB

Re: Pomalý NB

Re: Pomalý NB

Re: Pomalý NB

Re: Pomalý NB