Pomaly NB

Zpráva

dominikvyt · #1 Příspěvek od **dominikvyt** » 16 úno 2013 16:18

Dobrý den mam starší NB a zda se mi nějaky hodně pomaly i když Windows XP tam je od koupí ale pomale i když vím že je to hodně pomale ale tak toto je NB za pář (šupu) =D jinak muj hl.PC je stymdlen sto asi o 30x lepší ,už to je celkem hodně dlouho ale nevěděl jsem jestly mam udělat větši log z RSIT tak sem dal 1 Months Tady je log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2013-02-16 16:07:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (58%) free of 12 GB
Total RAM: 255 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:03, on 16.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files\Seznam.cz\toolbar\toolbar.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7992625790
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

--
End of file - 4211 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-706699826-1060284298-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-706699826-1060284298-500UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-10-07 1961240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\toolbar\toolbar.dll [2010-10-07 187672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [1988-01-01 116648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-03-06 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMMyPictures"=1
"NoSMConfigurePrograms"=1
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2013-02-16 16:07:35 ----D---- C:\Program Files\trend micro
2013-02-16 16:07:33 ----D---- C:\rsit
2013-02-16 14:37:07 ----D---- C:\WINDOWS\LastGood
2013-02-16 12:22:52 ----D---- C:\Program Files\ESET
2013-02-13 18:26:42 ----A---- C:\WINDOWS\ntbtlog.txt
2013-02-13 17:44:26 ----A---- C:\WINDOWS\ModemLog_U.S. Robotics 56K MiniPCI Fax Win 1807.txt
2013-02-13 14:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2013-02-13 14:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2013-02-13 14:17:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2013-02-13 14:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2013-02-13 14:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2013-02-13 14:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2013-02-13 14:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2013-02-13 14:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2013-02-13 14:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2013-02-13 14:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2013-02-13 14:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2013-02-13 14:02:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ERS G-Studio
2013-02-13 13:59:26 ----D---- C:\Program Files\U nas v praveku
2013-02-13 13:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2013-02-13 13:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2013-02-13 13:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2013-02-13 13:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2013-02-13 13:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2013-02-13 13:57:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2013-02-13 13:56:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
2013-02-13 13:56:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Špidla Data Processing, s.r.o
2013-02-13 13:54:32 ----D---- C:\Program Files\Psi butik
2013-02-13 13:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2013-02-13 13:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2013-02-13 13:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2013-02-13 13:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2013-02-13 13:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2013-02-13 13:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2013-02-13 13:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2013-02-13 13:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2013-02-13 13:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2013-02-12 21:02:57 ----HDC---- C:\WINDOWS\ie8
2013-02-12 16:19:23 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-02-01 22:00:28 ----D---- C:\Documents and Settings\Administrator\Data aplikací\spidla

======List of files/folders modified in the last 1 months======

2013-02-16 16:07:35 ----RD---- C:\Program Files
2013-02-16 16:05:50 ----D---- C:\WINDOWS\Prefetch
2013-02-16 14:58:16 ----HD---- C:\WINDOWS\inf
2013-02-16 14:41:41 ----D---- C:\WINDOWS
2013-02-16 14:39:08 ----D---- C:\WINDOWS\Temp
2013-02-16 14:37:03 ----D---- C:\WINDOWS\system32\CatRoot2
2013-02-13 14:15:34 ----D---- C:\WINDOWS\WinSxS
2013-02-12 21:28:21 ----D---- C:\WINDOWS\ie8updates
2013-02-12 21:28:20 ----D---- C:\WINDOWS\system32\cs-cz
2013-02-12 21:28:17 ----D---- C:\Program Files\Internet Explorer
2013-02-12 21:28:16 ----D---- C:\WINDOWS\Help
2013-02-12 21:12:37 ----D---- C:\WINDOWS\system32\CatRoot
2013-02-12 21:08:03 ----D---- C:\WINDOWS\WBEM
2013-02-12 21:07:42 ----D---- C:\WINDOWS\Media
2013-02-04 22:29:08 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2009-03-09 46592]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 allegro;ESS Allegro Audio Driver (WDM); C:\WINDOWS\system32\drivers\es198x.sys [2009-03-06 189568]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-14 701440]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2009-03-06 165496]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 USRWDXJS;USRWDXJSMiniPCI Winmodem; C:\WINDOWS\system32\DRIVERS\USRWDXJS.sys [2001-08-17 687999]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-03-06 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-03-06 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
DDS: http://scootering.g6.cz/dds.txt

#2 Příspěvek od **Rudy** » 16 úno 2013 18:07

Zdravím!
NB můžeme vyčistit, nicméně 256MB RAM je i pro WinXP na dolní mezi rozumné velikosti RAM. A v tom bude hlavní problém.

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files\Seznam.cz\toolbar\toolbar.dll
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-706699826-1060284298-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-706699826-1060284298-500UA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

dominikvyt · #3 Příspěvek od **dominikvyt** » 16 úno 2013 18:26

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2013-02-16 18:15:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (59%) free of 12 GB
Total RAM: 255 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:59, on 16.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7992625790
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

--
End of file - 4145 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-10-07 1961240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [1988-01-01 116648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-03-06 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMMyPictures"=1
"NoSMConfigurePrograms"=1
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2013-02-16 18:10:28 ----D---- C:\_OTM
2013-02-16 16:07:35 ----D---- C:\Program Files\trend micro
2013-02-16 16:07:33 ----D---- C:\rsit
2013-02-16 12:22:52 ----D---- C:\Program Files\ESET
2013-02-13 18:26:42 ----A---- C:\WINDOWS\ntbtlog.txt
2013-02-13 17:44:26 ----A---- C:\WINDOWS\ModemLog_U.S. Robotics 56K MiniPCI Fax Win 1807.txt
2013-02-13 14:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2013-02-13 14:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2013-02-13 14:17:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2013-02-13 14:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2013-02-13 14:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2013-02-13 14:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2013-02-13 14:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2013-02-13 14:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2013-02-13 14:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2013-02-13 14:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2013-02-13 14:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2013-02-13 14:02:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ERS G-Studio
2013-02-13 13:59:26 ----D---- C:\Program Files\U nas v praveku
2013-02-13 13:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2013-02-13 13:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2013-02-13 13:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2013-02-13 13:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2013-02-13 13:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2013-02-13 13:57:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2013-02-13 13:56:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
2013-02-13 13:56:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Špidla Data Processing, s.r.o
2013-02-13 13:54:32 ----D---- C:\Program Files\Psi butik
2013-02-13 13:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2013-02-13 13:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2013-02-13 13:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2013-02-13 13:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2013-02-13 13:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2013-02-13 13:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2013-02-13 13:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2013-02-13 13:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2013-02-13 13:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2013-02-12 21:02:57 ----HDC---- C:\WINDOWS\ie8
2013-02-12 16:19:23 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-02-01 22:00:28 ----D---- C:\Documents and Settings\Administrator\Data aplikací\spidla

======List of files/folders modified in the last 1 months======

2013-02-16 18:11:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-02-16 18:11:01 ----D---- C:\WINDOWS\Temp
2013-02-16 18:10:59 ----D---- C:\WINDOWS\system32
2013-02-16 18:10:59 ----D---- C:\WINDOWS
2013-02-16 18:10:29 ----SD---- C:\WINDOWS\Tasks
2013-02-16 18:00:29 ----SHD---- C:\WINDOWS\Installer
2013-02-16 18:00:15 ----SHD---- C:\Config.Msi
2013-02-16 16:07:35 ----RD---- C:\Program Files
2013-02-16 16:05:50 ----D---- C:\WINDOWS\Prefetch
2013-02-16 14:58:16 ----HD---- C:\WINDOWS\inf
2013-02-16 14:37:03 ----D---- C:\WINDOWS\system32\CatRoot2
2013-02-13 14:15:34 ----D---- C:\WINDOWS\WinSxS
2013-02-12 21:28:21 ----D---- C:\WINDOWS\ie8updates
2013-02-12 21:28:20 ----D---- C:\WINDOWS\system32\cs-cz
2013-02-12 21:28:17 ----D---- C:\Program Files\Internet Explorer
2013-02-12 21:28:16 ----D---- C:\WINDOWS\Help
2013-02-12 21:12:37 ----D---- C:\WINDOWS\system32\CatRoot
2013-02-12 21:08:03 ----D---- C:\WINDOWS\WBEM
2013-02-12 21:07:42 ----D---- C:\WINDOWS\Media
2013-02-04 22:29:08 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2009-03-09 46592]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 allegro;ESS Allegro Audio Driver (WDM); C:\WINDOWS\system32\drivers\es198x.sys [2009-03-06 189568]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-14 701440]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2009-03-06 165496]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 USRWDXJS;USRWDXJSMiniPCI Winmodem; C:\WINDOWS\system32\DRIVERS\USRWDXJS.sys [2001-08-17 687999]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-03-06 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-03-06 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 16 úno 2013 18:32

Dvouklikem na soubor C:\Program Files\trend micro\Administrator.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

V NB chybí antivir.

dominikvyt · #5 Příspěvek od **dominikvyt** » 16 úno 2013 18:44

Děkuji moc ještě bych se chtěl zeptat jestly nevite proč mi nejde spusit "Uživatelské učty" Vubec to nejde

#6 Příspěvek od **Rudy** » 16 úno 2013 20:15

Myslíte v ovl. panelech?

VIRY.CZ

Pomaly NB

Pomaly NB

Re: Pomaly NB

Re: Pomaly NB

Re: Pomaly NB

Re: Pomaly NB

Re: Pomaly NB