PC se zpomaluje až do následného restartu

Zpráva

Saman321 · #1 Příspěvek od **Saman321** » 11 led 2010 09:33

Dobrý den, prosím o pomoc. Začal se mi zpomalovat počítač, nejdříve je to poznat na pohybu myši, později přestane fungovat internet, počítač je čím dál pomalejší až následuje restart. O využití procesoru se perou Nečinné procesy systému a antivir NOD32.
Pro napravení jsem harddisk v jiném PC zkontroloval antiviry NOD32, AVPTool, Kaspersky a Avirou. Vše detekováno jsem zlikvidoval. Potom jsem v PC ještě použil Combofix, nic nepomohlo. Nastavil jsem úplnou kontrolu disku při bootování, bohužel to napíše "Svazek nelze otevřít pro přímý vstup". Nefunguje ani volba "chkdsk" v naběhnutém systému. Prosím poraďte.

Logfile of random's system information tool 1.06 (written by random/random)
Run by hubsch at 2010-01-11 08:32:08
WIN_XP Service Pack 3
System drive C: has 7 GB (3%) free of 238 GB
Total RAM: 1791 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:29, on 11.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Elektro\Plocha\RSIT.exe
C:\hubsch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warforum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3086271954-1183994661-564440380-1125\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3086271954-1183994661-564440380-1125\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VistaAccess.lnk = C:\VstaScan\VsAccess.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = elektro.local
O17 - HKLM\Software\..\Telephony: DomainName = elektro.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = elektro.local
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 4741 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
StartCCC=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]
iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
egui=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
MSMSGS=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
VistaAccess.lnk - C:\VstaScan\VsAccess.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-03-16 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername=0
legalnoticecaption=
legalnoticetext=
shutdownwithoutlogon=1
undockwithoutlogon=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun=323
NoResolveTrack=1
NoDriveAutoRun=67108863
NoDrives=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoResolveTrack=
NoResolveSearch=
NoPopUpsOnBoot=
HonorAutoRunSetting=
NoDriveAutoRun=
NoDriveTypeAutoRun=
NoDrives=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
C:\Program Files\ICQLite\ICQLite.exe="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
C:\Program Files\uTorrent\utorrent.exe="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
C:\Program Files\Canon\Color Network ScanGear\SgTool.exe="C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:SGTOOL"
%windir%\Network Diagnostic\xpnetdiag.exe="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
C:\Program Files\Bonjour\mDNSResponder.exe="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
C:\Program Files\iTunes\iTunes.exe="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
%windir%\Network Diagnostic\xpnetdiag.exe="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
C:\Program Files\ICQLite\ICQLite.exe="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
C:\Program Files\uTorrent\utorrent.exe="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
C:\Program Files\Java\jre6\bin\javaw.exe="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
C:\Program Files\Java\jre6\bin\java.exe="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary"
C:\games\Buccaneer\T3D.exe="C:\games\Buccaneer\T3D.exe:*:Enabled:Buccaneer: The Pursuit of Infamy"
C:\Program Files\Common Files\XpressUpdate\XPressUpdate.exe="C:\Program Files\Common Files\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate"
C:\Program Files\Brother\Brmfl08h\FAXRX.exe="C:\Program Files\Brother\Brmfl08h\FAXRX.exe:*:Enabled:FAXRX.EXE"
C:\Program Files\iTunes\iTunes.exe="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

======List of files/folders created in the last 1 months======

2010-01-11 08:32:08 ----A---- C:\hubsch.exe
2010-01-08 15:30:45 ----D---- C:\backups
2010-01-08 15:03:59 ----D---- C:\Program Files\SubtitleCreator
2010-01-06 14:37:54 ----SHD---- C:\RECYCLER
2010-01-06 12:54:16 ----D---- C:\WINDOWS\temp
2010-01-06 12:44:53 ----D---- C:\ComboFix
2010-01-05 09:29:37 ----A---- C:\Pokus.bat
2010-01-05 09:03:22 ----A---- C:\Zpráva o Analýze Hijack.txt
2010-01-05 08:04:33 ----A---- C:\ComboFix log.txt
2010-01-05 07:49:19 ----A---- C:\Boot.bak
2010-01-05 07:49:11 ----RASHD---- C:\cmdcons
2010-01-05 07:47:30 ----A---- C:\WINDOWS\MBR.exe
2010-01-05 07:47:29 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-05 07:47:27 ----A---- C:\WINDOWS\PEV.exe
2010-01-05 07:47:26 ----A---- C:\WINDOWS\zip.exe
2010-01-05 07:47:26 ----A---- C:\WINDOWS\SWSC.exe
2010-01-05 07:47:26 ----A---- C:\WINDOWS\SWREG.exe
2010-01-05 07:47:26 ----A---- C:\WINDOWS\sed.exe
2010-01-05 07:47:26 ----A---- C:\WINDOWS\grep.exe
2010-01-05 07:47:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-05 07:37:33 ----A---- C:\hijackthis.exe
2010-01-04 07:14:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Avira
2009-12-18 14:24:27 ----D---- C:\Documents and Settings\Elektro\Data aplikací\Virtual City
2009-12-17 09:04:07 ----D---- C:\divx
2009-12-17 08:43:29 ----D---- C:\Program Files\Common Files\DivX Shared
2009-12-17 08:35:44 ----A---- C:\DivXInstaller.exe
2009-12-15 13:13:38 ----A---- C:\se-setup.exe
2009-12-15 12:48:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-15 12:47:39 ----A---- C:\mbam-setup.exe
2009-12-15 11:59:50 ----AD---- C:\WINDOWS\rundll16.exe
2009-12-15 11:59:50 ----AD---- C:\WINDOWS\logo1_.exe
2009-12-15 10:26:43 ----D---- C:\Documents and Settings\Elektro\Data aplikací\DAEMON Tools Lite
2009-12-15 10:26:41 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DAEMON Tools Lite
2009-12-15 09:05:59 ----D---- C:\Documents and Settings\Elektro\Data aplikací\EurekaLog
2009-12-15 07:46:59 ----D---- C:\Program Files\CCleaner
2009-12-15 07:43:09 ----AD---- C:\WINDOWS\VDLL.DLL
2009-12-15 07:43:09 ----AD---- C:\WINDOWS\system32\runouce.exe
2009-12-15 07:43:09 ----AD---- C:\WINDOWS\RUNDL132.EXE
2009-12-15 07:43:09 ----AD---- C:\WINDOWS\logo_1.exe
2009-12-15 07:42:05 ----A---- C:\WINDOWS\system32\eEmpty.exe
2009-12-15 07:42:02 ----A---- C:\WINDOWS\system32\T.COM
2009-12-15 07:42:01 ----A---- C:\WINDOWS\R.COM
2009-12-15 07:41:58 ----D---- C:\Program Files\Common Files\MicroWorld
2009-12-15 07:41:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MicroWorld
2009-12-15 07:30:03 ----D---- C:\rsit
2009-12-15 07:30:03 ----D---- C:\Program Files\trend micro
2009-12-14 08:35:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-14 08:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-14 08:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-14 08:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-14 08:33:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-14 08:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-14 08:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-14 08:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-14 08:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-14 08:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-14 08:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-14 08:28:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-14 08:28:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-14 08:27:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-14 08:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-14 08:22:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-14 08:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-14 07:55:43 ----A---- C:\SeaToolsforWindowsSetup-1201.exe
2009-12-14 07:48:27 ----D---- C:\Documents and Settings\Elektro\Data aplikací\ESET
2009-12-14 07:47:52 ----D---- C:\Program Files\ESET
2009-12-14 07:47:52 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET

======List of files/folders modified in the last 1 months======

2010-01-11 08:31:15 ----A---- C:\WINDOWS\VISTA32.INI
2010-01-11 08:28:36 ----D---- C:\W
2010-01-11 08:16:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-11 07:43:58 ----D---- C:\WINDOWS\Prefetch
2010-01-08 15:21:59 ----SHD---- C:\WINDOWS\CSC
2010-01-08 15:03:59 ----RD---- C:\Program Files
2010-01-08 13:52:45 ----A---- C:\WINDOWS\win.ini
2010-01-08 13:37:41 ----SHD---- C:\WINDOWS\Installer
2010-01-08 13:37:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-08 13:37:40 ----D---- C:\Config.Msi
2010-01-08 11:03:54 ----D---- C:\Program Files\Sony
2010-01-08 10:58:57 ----D---- C:\Documents and Settings\Elektro\Data aplikací\Sony
2010-01-08 10:57:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Sony
2010-01-08 10:57:43 ----D---- C:\WINDOWS\system32
2010-01-08 10:57:08 ----D---- C:\WINDOWS\WinSxS
2010-01-08 10:39:34 ----D---- C:\WINDOWS\system32\drivers
2010-01-08 10:36:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-08 07:21:29 ----D---- C:\WINDOWS
2010-01-08 07:12:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Kaspersky Lab
2010-01-08 07:10:24 ----HD---- C:\WINDOWS\inf
2010-01-07 14:56:27 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-07 14:36:10 ----D---- C:\WINDOWS\system32\config
2010-01-07 12:58:54 ----D---- C:\WINDOWS\system32\Restore
2010-01-07 12:53:08 ----SHD---- C:\System Volume Information
2010-01-07 11:52:14 ----D---- C:\DVD
2010-01-07 11:01:34 ----A---- C:\WINDOWS\umaxuapi.ini
2010-01-06 12:54:28 ----A---- C:\WINDOWS\system.ini
2010-01-06 12:51:41 ----D---- C:\WINDOWS\AppPatch
2010-01-06 12:51:37 ----D---- C:\Program Files\Common Files
2010-01-06 12:45:16 ----D---- C:\Qoobox
2010-01-06 09:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-01-06 09:34:36 ----D---- C:\Program Files\Ranch Rush
2010-01-06 09:34:36 ----D---- C:\Program Files\Farm Frenzy 2
2010-01-06 09:34:36 ----D---- C:\Program Files\Ancient Quest of Saqqarah
2010-01-05 09:30:35 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-05 08:02:49 ----SD---- C:\WINDOWS\Tasks
2010-01-05 08:02:27 ----D---- C:\WINDOWS\ERDNT
2010-01-05 08:00:13 ----D---- C:\WINDOWS\system
2010-01-05 07:49:20 ----RASH---- C:\boot.ini
2010-01-04 18:50:11 ----D---- C:\Program Files\DVD-RB PRO
2010-01-04 14:15:23 ----D---- C:\Documents and Settings\Elektro\Data aplikací\vlc
2010-01-04 13:11:50 ----D---- C:\CENÍKY
2010-01-04 09:40:30 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft
2010-01-04 07:40:00 ----D---- C:\Program Files\Easy CD-DA Extractor 12
2009-12-18 14:48:34 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP
2009-12-18 08:46:50 ----D---- C:\Program Files\DivX
2009-12-17 09:34:22 ----D---- C:\Documents and Settings\Elektro\Data aplikací\dvdcss
2009-12-17 09:33:57 ----D---- C:\Documents and Settings\Elektro\Data aplikací\DivX
2009-12-15 08:35:59 ----RSD---- C:\WINDOWS\assembly
2009-12-15 08:31:54 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-15 07:50:54 ----D---- C:\WINDOWS\Debug
2009-12-15 07:50:53 ----D---- C:\WINDOWS\Minidump
2009-12-15 07:42:07 ----A---- C:\WINDOWS\system32\msvcr80.dll
2009-12-15 07:42:05 ----A---- C:\WINDOWS\system32\msvcp80.dll
2009-12-14 15:20:27 ----D---- C:\Program Files\Canon
2009-12-14 08:38:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-14 08:35:28 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-14 08:34:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-14 08:30:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-14 08:29:23 ----D---- C:\WINDOWS\system32\cs-cz
2009-12-14 08:29:22 ----D---- C:\Program Files\Internet Explorer
2009-12-14 08:28:59 ----D---- C:\WINDOWS\ie7updates
2009-12-14 07:58:46 ----D---- C:\Program Files\Seagate

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2008-11-04 33408]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95; \??\C:\WINDOWS\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-03 278984]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-03 25416]
R2 PARCLASS1;PARCLASS1; \??\C:\WINDOWS\system32\drivers\PARCLASS1.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-03-16 3597312]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-15 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-12-05 104064]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 DeviceScanner;UMAX Astra 4400 Scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S2 Parclass;Parclass; C:\WINDOWS\System32\Drivers\Parclass.sys [2006-12-08 20272]
S3 afepmrjq;afepmrjq; C:\WINDOWS\system32\drivers\afepmrjq.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Elektro\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
S3 CXFALCON;AVerMedia AVerTV Video Capture (Falcon); C:\WINDOWS\system32\drivers\AF2VCap.sys [2006-06-23 345344]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-09 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-03-16 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-04-08 241734]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-11-21 79360]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-03-17 593920]
S4 Canon Driver Information Assist Service;Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 11 led 2010 18:44

5.1. jste dělal sken ComboFix. Dejte z něj log.

Saman321 · #3 Příspěvek od **Saman321** » 12 led 2010 07:42

Moc děkuji za Vaši snahu mi pomoct. Tady je log z ComboFixu :

ComboFix 10-01-04.01 - 05.01.2010 7:54.1.2 - x86
Spuštěný z: c:\documents and settings\Elektro\Plocha\ComboFix.exe
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1409082233-764733703-839522115-1104
c:\recycler\S-1-5-21-1614895754-2077806209-839522115-500
c:\recycler\S-1-5-21-1960408961-492894223-839522115-1003
c:\recycler\S-1-5-21-1960408961-492894223-839522115-1004
c:\recycler\S-1-5-21-602162358-1606980848-725345543-1003
c:\recycler\S-1-5-21-602162358-1606980848-725345543-500
c:\recycler\S-1-5-21-789336058-1500820517-1801674531-1003
c:\recycler\S-1-5-21-854245398-838170752-682003330-1003
C:\Thumbs.db
C:\unlocker1.8.8.exe
c:\windows\regedit.com
c:\windows\system\msvbvm60.dll
c:\windows\system32\3775690181.dat
c:\windows\system32\taskmgr.com
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 06:37 . 2010-01-05 06:37 396288 ----a-w- C:\hijackthis.exe
2010-01-04 06:14 . 2010-01-04 06:44 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-04 06:14 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-04 06:14 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-04 06:14 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-04 06:14 . 2010-01-04 06:14 -------- d-----w- c:\program files\Avira
2010-01-04 06:03 . 2010-01-04 06:06 190407 ----a-w- C:\el_killer.zip
2009-12-17 10:26 . 2009-12-17 10:26 1511113 ----a-w- C:\VobBlanker_2130_exe.zip
2009-12-17 08:04 . 2009-12-17 08:53 -------- d-----w- C:\divx
2009-12-17 07:43 . 2009-12-17 07:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-17 07:35 . 2009-12-17 07:39 23804080 ----a-w- C:\DivXInstaller.exe
2009-12-15 12:13 . 2009-12-15 12:15 50104568 ----a-w- C:\se-setup.exe
2009-12-15 12:04 . 2009-12-15 12:11 85337 ----a-w- C:\Qoofix.zip
2009-12-15 11:48 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 11:48 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 11:48 . 2009-12-15 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 11:47 . 2009-12-15 11:47 4844264 ----a-w- C:\mbam-setup.exe
2009-12-15 10:59 . 2009-12-15 10:59 -------- d---a-w- c:\windows\rundll16.exe
2009-12-15 10:59 . 2009-12-15 10:59 -------- d---a-w- c:\windows\logo1_.exe
2009-12-15 09:27 . 2009-12-15 09:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-15 06:46 . 2009-12-15 06:47 -------- d-----w- c:\program files\CCleaner
2009-12-15 06:43 . 2009-12-15 06:43 -------- d---a-w- c:\windows\VDLL.DLL
2009-12-15 06:43 . 2009-12-15 06:43 -------- d---a-w- c:\windows\system32\runouce.exe
2009-12-15 06:43 . 2009-12-15 06:43 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-12-15 06:43 . 2009-12-15 06:43 -------- d---a-w- c:\windows\logo_1.exe
2009-12-15 06:42 . 2009-12-15 06:42 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-12-15 06:42 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2009-12-15 06:42 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2009-12-15 06:41 . 2009-12-15 06:41 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-12-15 06:30 . 2009-12-15 06:30 -------- d-----w- C:\rsit
2009-12-15 06:30 . 2009-12-15 06:30 -------- d-----w- c:\program files\trend micro
2009-12-14 06:55 . 2009-12-14 06:55 10270208 ----a-w- C:\SeaToolsforWindowsSetup-1201.exe
2009-12-14 06:47 . 2009-12-14 06:47 -------- d-----w- c:\program files\ESET
2009-12-14 06:45 . 2009-12-14 06:46 36971520 ----a-w- C:\ess_nt32_csy.msi
2009-12-11 12:58 . 2009-12-11 12:58 6623705 ----a-w- C:\aimp_2.60.525.zip
2009-12-08 12:55 . 2009-12-08 12:55 -------- d-----w- c:\program files\iPod
2009-12-08 12:55 . 2009-12-08 12:56 -------- d-----w- c:\program files\iTunes
2009-12-08 12:52 . 2009-12-08 12:53 -------- d-----w- c:\program files\QuickTime
2009-12-08 12:43 . 2009-12-08 12:46 93234472 ----a-w- C:\iTunesSetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 17:50 . 2008-02-20 07:42 -------- d-----w- c:\program files\DVD-RB PRO
2010-01-04 06:40 . 2009-10-12 11:10 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
2009-12-18 07:46 . 2008-01-18 08:43 -------- d-----w- c:\program files\DivX
2009-12-15 06:42 . 2004-07-03 00:48 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-15 06:42 . 2004-07-03 00:48 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-12-14 14:20 . 2008-11-06 11:13 -------- d-----w- c:\program files\Canon
2009-12-14 07:38 . 2003-04-16 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2009-12-14 07:38 . 2003-04-16 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2009-12-14 06:58 . 2008-04-24 09:17 -------- d-----w- c:\program files\Seagate
2009-12-14 06:56 . 2008-04-17 07:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-08 12:55 . 2009-03-19 06:00 -------- d-----w- c:\program files\Common Files\Apple
2009-12-03 09:57 . 2009-12-03 09:57 977000 ----a-w- C:\VirtualDub-MPEG2.zip
2009-12-01 12:04 . 2009-12-01 12:04 8897336 ----a-w- C:\asc-setup-pro.exe
2009-11-26 10:45 . 2009-11-26 10:45 -------- d-----w- c:\program files\Haali
2009-11-20 13:34 . 2008-12-04 10:44 -------- d-----w- c:\program files\ffdshow
2009-11-20 13:00 . 2008-10-16 09:48 -------- d-----w- c:\program files\ATI Technologies
2009-11-20 08:50 . 2009-11-20 08:50 67863 ----a-w- c:\windows\system32\x264vfw-uninstall.exe
2009-11-20 07:37 . 2009-02-20 07:11 -------- d-----w- c:\program files\Avidemux 2.4
2009-11-20 07:20 . 2008-05-19 07:24 -------- d-----w- c:\program files\Sony
2009-11-20 06:59 . 2007-11-22 06:57 -------- d-----w- c:\program files\Pegasys Inc
2009-11-16 08:06 . 2009-11-16 08:06 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-11-16 08:06 . 2009-11-16 08:06 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-14 00:49 . 2009-01-08 14:19 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 14:32 . 2009-01-14 07:18 -------- d-----w- c:\program files\Games
2009-11-13 14:30 . 2009-11-13 10:46 -------- d-----w- c:\program files\Kalypso
2009-11-13 14:28 . 2009-11-13 13:26 -------- d-----w- c:\program files\LeeGTs Games
2009-11-11 10:06 . 2009-07-15 11:40 -------- d-----w- c:\program files\Sony Setup
2009-11-11 07:49 . 2009-11-11 07:49 14308680 ----a-w- C:\winzip140.exe
2009-11-10 13:13 . 2009-11-10 13:13 3626808 ----a-w- C:\playchapter.zip
2009-11-10 12:39 . 2009-11-10 12:39 4345080 ----a-w- C:\SetupDVDTrayPlayerPro250.exe
2009-11-10 10:37 . 2009-11-10 10:37 50 ----a-w- c:\windows\system32\bridf09a.dat
2009-11-10 10:37 . 2009-11-10 10:37 -------- d-----w- c:\program files\Brother
2009-11-10 10:37 . 2007-09-18 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-10 10:34 . 2009-11-10 10:34 -------- d-----w- c:\program files\Nuance
2009-11-10 10:33 . 2009-11-10 10:33 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-11-10 10:33 . 2007-09-18 12:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-10 10:33 . 2009-11-10 10:33 -------- d-----w- c:\program files\ScanSoft
2009-11-10 09:36 . 2009-11-10 09:36 4769444 ----a-w- C:\dvdarchitectpro50_manual.exe
2009-11-05 06:49 . 2009-11-05 06:49 1087682 ----a-w- C:\subtitleworkshop251.zip
2009-11-04 12:44 . 2009-11-04 12:41 6191895 ----a-w- C:\aimp_2.60.510_rc3.zip
2009-10-29 07:45 . 2003-04-16 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2008-09-08 13:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2003-04-16 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-27 10:32 . 2009-10-27 10:32 446372 ----a-w- C:\Titulky07b.zip
2009-10-13 10:34 . 2003-04-16 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2003-04-16 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2003-04-16 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-09-22 13:01 . 2008-09-08 15:19 21174304 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-22 13:01 . 2008-09-08 15:19 1753120 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-29 113664]
VistaAccess.lnk - c:\vstascan\VsAccess.exe [2007-10-10 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoPopUpsOnBoot"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0sremcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3086271954-1183994661-564440380-1125\Scripts\Logon\0\0]
"Script"=Default.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1930:UDP"= 1930:UDP:Windows Media Format SDK (screamer.exe)
"1931:UDP"= 1931:UDP:Windows Media Format SDK (screamer.exe)
"1932:UDP"= 1932:UDP:Windows Media Format SDK (screamer.exe)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-15 691696]
R2 Parclass;Parclass;c:\windows\System32\Drivers\Parclass.sys [2006-12-08 20272]
R3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-03-26 12672]
R3 CXFALCON;AVerMedia AVerTV Video Capture (Falcon);c:\windows\system32\drivers\AF2VCap.sys [2006-06-23 345344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95;c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys [2009-03-26 18816]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 61424]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 PARCLASS1;PARCLASS1;c:\windows\system32\drivers\PARCLASS1.sys [2009-07-09 2368]

.
Obsah adresáře 'Naplánované úlohy'

2010-01-04 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-04-28 06:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.warforum.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
SafeBoot-Wdf01000.sys
AddRemove-ASTRA 92 - CommonLibs_is1 - c:\windows\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 08:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\docume~1\Elektro\LOCALS~1\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\16?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\drivers\\vga\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'lsass.exe'(1060)
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Celkový čas: 2010-01-05 08:04:07
ComboFix-quarantined-files.txt 2010-01-05 07:03

Před spuštěním: 8 100 237 312
Po spuštění: 9 624 436 736

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=2 LastKnownGood=6 Sets=1,2,4,6
- - End Of File - - 9C60A55EFCDBF55D77377612D2C49507

#4 Příspěvek od **Rudy** » 12 led 2010 18:23

Pod "Ostatní výmazy" najdete smazané infikované položky. Zbytek logu vypadá čistý. Ještě poprosím o sken MBAM: http://www.malwarebytes.org/mbam.php a log z něj. Předem nic nemažte.

Saman321 · #5 Příspěvek od **Saman321** » 13 led 2010 18:38

Tak jsem ani netušil co tam mám havěti, divím se že to pustil NOD32. Tady je log :

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3554
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

13.1.2010 18:32:40
mbam-log-2010-01-13 (18-32-36).txt

Typ kontroly: Kompletní kontrola (E:\|)
Zkontrolované objekty: 340040
Uplynulý čas: 2 hour(s), 9 minute(s), 44 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 19

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
E:\CENÍKY\ELTRAM\CenEl404.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\CECKO\CESTINY\empire_earthczdregn.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\CECKO\CESTINY\STCZ.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\CECKO\CESTINY\mc2_sk.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\CECKO\CESTINY\TACZ.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\CECKO\CESTINY\Tropico10cz.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\CECKO\CESTINY\tropico_cz_final.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\CECKO\CESTINY\ZeusCz.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\CECKO\CESTINY\Zeus_sk_beta1.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\CECKO\CESTINY\Zeus_sk_beta2.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\Pracovní disk\simutrans_sk.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\Pracovní disk\Tetris4000.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\Pracovní disk\vyrox.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\Pracovní disk\Downloads\asniper.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\Záloha déčka\Záloha CECKO\Hry - návody\hidad10a11.exe (Trojan.Downloader) -> No action taken.
E:\DVD\ZÁLOHA\CÉČKO\tropico_cz_final.exe (Trojan.Downloader) -> No action taken.
E:\ComboFix\Combo-Fix.sys (Malware.Trace) -> No action taken.
E:\System Volume Information\_restore{A1E298EC-8D2A-4E3D-8559-176DD0AC7674}\RP112\A0010930.exe (Trojan.Downloader) -> No action taken.
E:\System Volume Information\_restore{A1E298EC-8D2A-4E3D-8559-176DD0AC7674}\RP112\A0010946.exe (Malware.Packer.Krunchy) -> No action taken.

#6 Příspěvek od **Rudy** » 13 led 2010 20:27

Vše smažte.

Saman321 · #7 Příspěvek od **Saman321** » 14 led 2010 17:03

Tak jsem zlikvidoval všechny infikace, ale problém pořád trvá. Po nějaké době se začne PC zpomalovat, je to poznat na pohybu myši a musím restartovat, neudělám-li to, PC se později restartuje sám. Nenapadá Vás ještě nějaké řešení jak toho hajzlíka odhalit?

#8 Příspěvek od **Rudy** » 14 led 2010 19:15

On to nemusí být hajzlík. problém může způsobovat přehřívání. Nainstalujte SpeedFan: http://www.stahuj.centrum.cz/utility_a_ ... /speedfan/ , nechte ho běžet při práci PC a kontrolujte teplotu. Teplota CPU by trvale něměla přesahovat 65°C.

Saman321 · #9 Příspěvek od **Saman321** » 15 led 2010 16:08

Přehřívání to nebylo, dělal to NOD, kupodivu.

#10 Příspěvek od **Rudy** » 15 led 2010 19:46

I ten to dělat může. Občas to spraví jeho reinstal.

VIRY.CZ

PC se zpomaluje až do následného restartu

PC se zpomaluje až do následného restartu

Re: PC se zpomaluje až do následného restartu

Re: PC se zpomaluje až do následného restartu

Re: PC se zpomaluje až do následného restartu

Re: PC se zpomaluje až do následného restartu

Re: PC se zpomaluje až do následného restartu

Re: PC se zpomaluje až do následného restartu

Re: PC se zpomaluje až do následného restartu

Re: PC se zpomaluje až do následného restartu

Re: PC se zpomaluje až do následného restartu