Kontrola logu - pomalé pc, často větrá

[Madlis]

Dobrý večer! Prosím, o kontrolu logu. Mám notebook poslední dobou nějak extrémně pomalý a často větrá. Dřív mi to, při stejném vytížení, nedělal.

Logfile of HijackThis v1.99.1
Scan saved at 19:56:02, on 10.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
D:\Dokumenty - disk D\Viry\Prográmky\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.ujep.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {141D2E4F-F313-4991-B61A-EE5D6D849361} - (no file)
O9 - Extra button: (no name) - {2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - (no file)
O9 - Extra button: (no name) - {2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - (no file)
O9 - Extra button: (no name) - {2E01031B-AB09-4455-823D-25F1A1C11F48} - (no file)
O9 - Extra button: (no name) - {2F741D0A-150E-40F9-A602-1B2421475F1D} - (no file)
O9 - Extra button: (no name) - {309176E6-E204-40A0-8D13-7F19C0498C40} - (no file)
O9 - Extra button: (no name) - {49681216-5BF4-41A2-AAFA-129A6BD625DA} - (no file)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {8B6E8E01-D262-4980-8C27-B8B2802285C1} - (no file)
O9 - Extra button: (no name) - {8FD64249-590C-4FBC-B181-12A6BAF516AF} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A5050656-2286-454F-A489-C605ED1B461C} - (no file)
O9 - Extra button: (no name) - {BC78516C-9DC9-40C5-A91E-74593222EF89} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DAE865E8-970E-4931-A172-119CB56BBAF5} - (no file)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - (no file)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3588886656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7847477296
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

[stell]

Zdravim:
Fixnite
O9 - Extra button: (no name) - {141D2E4F-F313-4991-B61A-EE5D6D849361} - (no file)
O9 - Extra button: (no name) - {2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - (no file)
O9 - Extra button: (no name) - {2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - (no file)
O9 - Extra button: (no name) - {2E01031B-AB09-4455-823D-25F1A1C11F48} - (no file)
O9 - Extra button: (no name) - {2F741D0A-150E-40F9-A602-1B2421475F1D} - (no file)
O9 - Extra button: (no name) - {309176E6-E204-40A0-8D13-7F19C0498C40} - (no file)
O9 - Extra button: (no name) - {49681216-5BF4-41A2-AAFA-129A6BD625DA} - (no file)
O9 - Extra button: (no name) - {8B6E8E01-D262-4980-8C27-B8B2802285C1} - (no file)
O9 - Extra button: (no name) - {8FD64249-590C-4FBC-B181-12A6BAF516AF} - (no file
O9 - Extra button: (no name) - {A5050656-2286-454F-A489-C605ED1B461C} - (no file
O9 - Extra button: (no name) - {BC78516C-9DC9-40C5-A91E-74593222EF89} - (no file)
O9 - Extra button: (no name) - {DAE865E8-970E-4931-A172-119CB56BBAF5} - (no file)
O9 - Extra button: (no name) - {FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - (no file
Inak to mate v poriadku.

[Madlis]

Děkuji, už je to pryč Myslela jsem si, že to budou zrovna tyhle položky, ale jistota je jistota Ještě jednou dík a hezký den!

[Madlis]

Bohužel to ale stále nevyřešilo fakt, že mi pc neustále větrá...Stačí spustit např. winamp, qip a internet a může se uvětrat. Dřív mi to nedělal a vydržel i silnější nápor.

[stell]

Stiahnite, uložte na plochu a aplikujte ComboFix

Spusťte aplikaciu ako administrátor v normalnom tj NIE v nudzovom rezime, postupujte podla pokynov na obrazovke.
Behom scanu nemajte spustene žiadne aplikacie-vypnite rezidentne stity , a neklikajte do otvoreneho okna programu.


pri skene môže dojisť k reštartovaniu PC.Porestarte vlozte log.Combofix.txt a novy log HiJackThis.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Madlis]

ComboFix 08-01-10.2 - Marushka 2008-01-11 9:43:38.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.226 [GMT 1:00]
Running from: C:\Documents and Settings\Marushka\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-10 21:06 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-10 21:06 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-10 21:06 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-10 21:06 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-10 21:06 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-10 21:06 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-10 21:06 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-10 21:06 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-10 20:19 . 2008-01-10 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-01-10 20:18 . 2008-01-10 20:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-10 20:18 . 2008-01-10 20:18 <DIR> d-------- C:\Documents and Settings\Marushka\Data aplikací\SUPERAntiSpyware.com
2008-01-10 14:54 . 2008-01-10 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avira
2008-01-09 09:11 . 2008-01-09 09:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-08 18:17 . 2008-01-08 18:17 <DIR> d-------- C:\Documents and Settings\Marushka\Data aplikací\Symantec
2008-01-08 17:12 . 2008-01-08 17:12 <DIR> d-------- C:\N360_BACKUP
2008-01-08 16:49 . 2008-01-10 14:50 <DIR> d-------- C:\Program Files\Norton 360
2008-01-08 16:47 . 2008-01-10 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Symantec
2008-01-08 16:44 . 2008-01-10 14:52 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-07 22:50 . 2008-01-07 22:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-07 22:50 . 2008-01-07 22:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-06 10:39 . 2008-01-06 10:39 <DIR> d-------- C:\Documents and Settings\Hanka\Data aplikací\ESET
2008-01-05 17:49 . 2008-01-05 18:25 <DIR> d-------- C:\Program Files\URUSoft
2008-01-03 12:26 . 2008-01-10 20:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 15:31 . 2008-01-02 15:31 <DIR> d-------- C:\Documents and Settings\Marushka\Data aplikací\ESET
2008-01-01 19:08 . 2008-01-02 00:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2007-12-29 14:54 . 2007-12-29 14:55 <DIR> d-------- C:\Program Files\QuickTime
2007-12-29 14:53 . 2007-12-29 14:53 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-29 14:53 . 2007-12-29 14:53 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-29 14:53 . 2007-12-29 14:53 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-29 14:53 . 2007-12-29 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2007-12-11 21:51 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 19:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-10 15:06 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-08 18:39 --------- d-----w C:\Documents and Settings\Marushka\Data aplikací\Skype
2008-01-08 18:34 --------- d-----w C:\Program Files\Opera
2008-01-06 11:54 --------- d-----w C:\Documents and Settings\Hanka\Data aplikací\OpenOffice.org2
2008-01-02 14:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ESET
2008-01-01 23:37 --------- d-----w C:\Program Files\Winamp Remote
2008-01-01 18:09 --------- d-----w C:\Program Files\Winamp
2007-12-29 13:57 --------- d-----w C:\Documents and Settings\Marushka\Data aplikací\Apple Computer
2007-12-29 13:56 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-12-17 11:50 --------- d-----w C:\Documents and Settings\Marushka\Data aplikací\OpenOffice.org2
2007-12-08 14:48 --------- d-----w C:\Program Files\SLOVNIK
2007-12-08 13:21 --------- d-----w C:\Program Files\BSPlayer
2007-12-06 19:07 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Avg7
2007-12-06 18:37 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2007-11-29 11:18 --------- d-----w C:\Documents and Settings\Marushka\Data aplikací\Absolutist.com
2007-11-19 07:50 --------- d-----w C:\Program Files\CCleaner
2007-11-18 18:05 --------- d-----w C:\Program Files\QIP správný
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-03-22 13:57 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-03-22 13:53 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 16:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 16:24 688218]
"SMail"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 14:36 450560]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Nero DriveSpeed"="C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE" [2005-10-31 00:58 602112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]

C:\Documents and Settings\Marushka\Nabídka Start\Programy\Po spuštění\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 13:31:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SMSERIAL"=sm56hlpr.exe
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -minimize

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 13:00]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys []
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 15:44:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 09:48:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 9:50:29
ComboFix-quarantined-files.txt 2008-01-11 08:50:22
ComboFix2.txt 2007-11-02 13:43:43
ComboFix3.txt 2007-11-02 12:08:35
.
2008-01-09 08:17:18 --- E O F ---

[Madlis]

Logfile of HijackThis v1.99.1
Scan saved at 9:53:35, on 11.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Dokumenty - disk D\Viry\Prográmky\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.ujep.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3588886656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7847477296
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

[stell]

Kludne robte svoju pracu,musim to vyhodnotit.

[stell]

Mozme este Fixnut zbytocnosti,ale ine nevidim,Combo daco odstaranil,skuste vypnut Kerio FiREWAll a vyskusajte.
FIX.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Inac Je v poriadku ,

[Madlis]

Děkuji, fixnuto. A proč mám vypínat Kerio?

Včera jsem si taky přeinstalovala antivir - měla jsem trial NODa a po vypršení licence jsem si nainstalovala avast, ačkoliv s ním nemám nejlepší zkušenosti. Je ale jako jeden z mála free a celkem jde. A hned mi našel dva trojany. Tak to mohla být taky příčina, že byl pc pomalý. Nejlepší zkušenosti mám s NODem (byť jen s trial verzemi), škoda že není pro domácí použití free.

A ještě jeden drobný problém. Mám Spybot - Search & Destroy. Je super, ale poslední dobou, když spustím kontrolu, nekontroluje vše, ale jen malý kousek na konci. Do půl minuty je kontrola hotová a většinou nic nenajde. Jen stále jeden malý problém, který se mi nedaří odstanit, ale prý není vůbec nebezpečný, spíš jen zbytečný.

[stell]

proč mám vypínat Kerio?

Na skusku samozrejme ak sa nezlepsi zapnete znova.Potom to iste AVAST-a takto zistite ze co vas brzdi.
Spybot-zrejme ste sa vrtali v nastaveniach pre pokrocilich,a tu sa to da pekne rozladit.Odinstalovat-preinstalovat aktualizovat a nebabrat.

[Madlis]

Spybota jsem přeinstalovala a zatím je ok. Jsem si ale docela jistá, že jsem v pokročilých nic neudělala, jen jsem se mrkla, co všechno tam je. Tak uvidím, co bude dělat dál.
Kerio je vypnuté. Monitoruju, co se změnilo. Zatím ale žádná závratná změna.

Děkuju za rady a hezký večer

PS: Přes víkend jsem byla bez internetu, proto se ozývám až teď.

[Madlis]

Dobrý večer!
Prosím o kontrolu logu Hjt. Notebook prakticky nonstop větrá a přitom mám puštěné jen icq, word a mozillu. Zpomalený se mi nezdá. Taky je teplý, tak si myslím, že se přehřívá (i názor jednoho z moderátorů), ale než ho ponesu na reklamaci, chci vyloučit nějaký bordel. Pravidelně ho čistím CCleanerem, Ad-Aware mi nachází stále zřejmě jeden a ten samý malware (v počtu 3 při kontrolách s časovým odstupem den a víc; vždy dávám karanténu, ani smazání nepomohlo), a Spybot nenašel nic, stejně jako mwav. Kerio mám nainstalované asi půl hodiny.

Logfile of HijackThis v1.99.1
Scan saved at 21:54:22, on 12.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Dokumenty - disk D\Viry\Prográmky\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4746125468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4912436937
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

[stell]

Zdravim:
Log je v poriadku.Tak potom prevetrame uplne Notbook.Stiahnite z mojho podpisuAVPTOOL a pouzijte podla navodu sken bude trvat niekolko hodin.Log vlozte sem.

[Madlis]

Určitě provedu, ale až zítra. Děkuju