Seknutí PC po startu

[kviki]

Po naběhnutí windows se PC zasekne. Nejde klikat nikde dolo na lištu start. Nefunguji některe programy.

Někdy se to pak na chvíli rozběhne.

Log s RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by StocekR at 2010-09-22 17:34:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (10%) free of 20 GB
Total RAM: 503 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:36, on 22.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe
E:\80 Programy\05 Ochrana PC\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\StocekR.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe

--
End of file - 4805 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2005-11-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-11-18 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
C:\Genius\ioCentre\gTaskBar.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
C:\PROGRA~1\SCROLL~1\MouseElf.EXE [2005-12-16 438364]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwc]
C:\Program Files\Mouse Wheel Control\mwc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [2008-05-07 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2005-11-18 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-04 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-12-15 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe [2004-01-12 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0CE\Distillr\acrotray.exe [2003-07-17 217180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-18 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7e2708-6547-11dc-8336-101111111111}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d181db0-028a-11df-85b5-001617808230}]
shell\AutoRun\command - E:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4b317aa-0ce4-11de-84f6-101111111111}]
shell\AutoRun\command - E:\NokiaPCIA_Autorun.exe


======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-09-22 17:29:32 ----D---- C:\Program Files\trend micro
2010-09-22 17:29:31 ----D---- C:\rsit
2010-09-20 21:09:32 ----D---- C:\WINDOWS\pss
2010-09-17 22:33:58 ----D---- C:\Program Files\CCleaner
2010-09-16 23:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-16 23:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-16 23:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-16 23:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-16 23:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-16 23:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-16 22:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-02 22:32:36 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 months======

2010-09-22 17:34:32 ----D---- C:\WINDOWS\Temp
2010-09-22 17:34:21 ----D---- C:\WINDOWS
2010-09-22 17:34:16 ----D---- C:\Program Files\Mozilla Firefox
2010-09-22 17:34:03 ----A---- C:\WINDOWS\wincmd.ini
2010-09-22 17:31:47 ----D---- C:\WINDOWS\Prefetch
2010-09-22 17:29:32 ----RD---- C:\Program Files
2010-09-22 17:07:39 ----SH---- C:\boot.ini
2010-09-22 17:07:38 ----A---- C:\WINDOWS\win.ini
2010-09-22 17:07:38 ----A---- C:\WINDOWS\system.ini
2010-09-22 17:01:54 ----D---- C:\Documents and Settings
2010-09-21 22:33:58 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-09-20 21:50:20 ----SHD---- C:\WINDOWS\Installer
2010-09-20 21:41:51 ----HD---- C:\WINDOWS\inf
2010-09-20 21:41:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-20 21:38:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-09-20 21:38:49 ----D---- C:\Program Files\Zoner
2010-09-20 21:37:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-20 21:37:57 ----D---- C:\WINDOWS\system32\RTCOM
2010-09-20 21:37:57 ----D---- C:\WINDOWS\system32
2010-09-20 21:36:34 ----D---- C:\WINDOWS\system32\drivers
2010-09-20 21:36:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-09-20 21:36:01 ----D---- C:\Program Files\Fotostar
2010-09-20 21:35:41 ----D---- C:\Program Files\Astonsoft
2010-09-19 12:33:20 ----D---- C:\WINDOWS\system32\Lang
2010-09-19 12:14:26 ----D---- C:\Program Files\PDF
2010-09-17 22:34:42 ----D---- C:\WINDOWS\Debug
2010-09-16 23:00:55 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-16 23:00:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-16 22:57:47 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-16 20:41:29 ----SD---- C:\WINDOWS\Tasks
2010-09-11 17:19:48 ----D---- C:\Program Files\FastStone Capture
2010-09-07 17:11:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-09-02 22:32:36 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2004-05-17 41984]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\HARDLOCK.SYS []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2005-06-29 163840]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-12-23 15664]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2005-11-18 1354272]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-01-28 171008]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-06 47360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 GT680x;GrandTechICNameNT; C:\WINDOWS\System32\Drivers\gt680x.sys [2003-02-21 17504]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-13 611664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
R2 UserAccess;Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC; C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe [2001-12-21 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-16 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2006-10-22 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-01 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[JaRon]

1. odinstaluj SpyBot + Ad-aware
2. prescanuj PC s MBAM
3. vycisti PC s CCleanerom
4. restart a napis ako sa sprava PC

[kviki]

Pořad stejne. Nejde nic dělat, crtl+alt+delete nejde, atd.

Po skenu tento log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4675

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23.9.2010 12:19:27
mbam-log-2010-09-23 (12-19-27).txt

Typ skenu: Rychlý sken
Skenované objekty: 147804
Uplynulý čas: 8 minuta(y), 28 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\config\systemprofile\Data aplikací\apiqfw.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\StocekR\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

Věci jsem odstranil, pak tento log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4675

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23.9.2010 12:21:35
mbam-log-2010-09-23 (12-21-35).txt

Typ skenu: Rychlý sken
Skenované objekty: 147804
Uplynulý čas: 8 minuta(y), 28 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\config\systemprofile\Data aplikací\apiqfw.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\StocekR\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

[JaRon]

ak by bol problem v normal, vloz z nudzoveho rezimu:
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

[kviki]

ComboFix 10-09-22.06 - StocekR 23.09.2010 14:01:39.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.503.82 [GMT 2:00]
Spuštěný z: c:\documents and settings\StocekR\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\StocekR\Data aplikací\Desktopicon
c:\documents and settings\StocekR\Data aplikací\Desktopicon\eBayShortcuts.exe
c:\documents and settings\StocekR\Dokumenty\cc_20100920_212736.reg
Z:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-23 do 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-23 10:09 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 10:09 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-23 10:09 . 2010-09-23 10:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 18:15 . 2010-09-22 18:15 -------- d-----w- c:\program files\Crawler
2010-09-22 15:38 . 2010-09-22 15:38 -------- d-----w- c:\documents and settings\StocekR\DoctorWeb
2010-09-22 15:29 . 2010-09-22 15:37 -------- d-----w- c:\program files\trend micro
2010-09-22 15:29 . 2010-09-22 15:29 -------- d-----w- C:\rsit
2010-09-17 20:33 . 2010-09-19 10:13 -------- d-----w- c:\program files\CCleaner
2010-09-09 20:15 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-09-09 20:15 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-09-09 20:15 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-09-02 20:32 . 2010-09-02 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 10:23 . 2006-10-22 16:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-23 10:00 . 2006-11-01 17:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-20 19:38 . 2006-11-01 17:44 -------- d-----w- c:\program files\Zoner
2010-09-20 19:37 . 2006-10-20 00:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-20 19:36 . 2009-04-20 18:12 -------- d-----w- c:\program files\Fotostar
2010-09-20 19:35 . 2007-11-12 18:39 -------- d-----w- c:\program files\Astonsoft
2010-09-19 10:14 . 2007-02-26 19:52 -------- d-----w- c:\program files\PDF
2010-09-11 15:19 . 2008-03-28 19:49 -------- d-----w- c:\program files\FastStone Capture
2010-09-07 15:12 . 2010-07-05 06:45 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-03-18 20:35 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-03-18 20:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-03-18 20:36 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-03-18 20:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-03-18 20:36 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-03-18 20:36 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-03-18 20:36 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-03-18 20:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-17 13:17 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 19:31 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 19:31 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-07-22 15:46 . 2004-08-18 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:33 . 2004-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2003-11-21 12:47 . 2003-11-21 12:47 4224 -c--a-w- c:\program files\OEMSETUP.INF
2003-11-21 12:47 . 2003-11-21 12:47 74377 -c--a-w- c:\program files\hpltcol1.ex_
2003-11-21 12:47 . 2003-11-21 12:47 136439 -c--a-w- c:\program files\hpltui.dl_
2003-11-21 12:46 . 2003-11-21 12:46 165673 -c--a-w- c:\program files\hpltdrv1.dl_
2003-11-21 12:46 . 2003-11-21 12:46 32842 -c--a-w- c:\program files\hpltcal4.dl_
2003-11-21 12:46 . 2003-11-21 12:46 84061 -c--a-w- c:\program files\hpltuint.dl_
2003-11-21 12:46 . 2003-11-21 12:46 57549 -c--a-w- c:\program files\hpltumpd.dl_
2003-11-21 09:20 . 2003-11-21 09:20 8600 -c--a-w- c:\program files\README.TXT
2003-11-21 09:20 . 2003-11-21 09:20 5277 -c--a-w- c:\program files\hpglrtl3.hl_
2003-11-21 09:20 . 2003-11-21 09:20 164884 -c--a-w- c:\program files\hpglrtl2.hl_
2003-11-21 09:20 . 2003-11-21 09:20 99630 -c--a-w- c:\program files\hpltsam1.sp_
2003-11-21 09:20 . 2003-11-21 09:20 95986 -c--a-w- c:\program files\hpltsam2.sp_
2003-11-21 09:20 . 2003-11-21 09:20 46825 -c--a-w- c:\program files\hpglrtl2.hp_
2003-11-21 09:20 . 2003-11-21 09:20 222311 -c--a-w- c:\program files\hpglrtl4.hp_
2003-11-21 09:20 . 2003-11-21 09:20 19537 -c--a-w- c:\program files\hpltlnk.ex_
2003-11-21 09:20 . 2003-11-21 09:20 128675 -c--a-w- c:\program files\hpglrtl8.hp_
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 15:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-11-18 10:55 77824 ----a-r- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-11-18 10:59 98304 ----a-r- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
2005-12-16 09:00 438364 ----a-w- c:\progra~1\SCROLL~1\MouseElf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2008-05-07 13:16 536576 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-11-18 11:00 118784 ----a-r- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 13:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-04 16:25 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-12-15 20:48 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-11-26 10:43 90112 ------w- c:\program files\Common Files\Ulead Systems\Autodetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
2004-01-12 19:40 69632 ----a-w- c:\program files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Alcmtr"=ALCMTR.EXE
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" /autorun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.3.2010 22:36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.3.2010 22:36 17744]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.5.2010 21:42 136176]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 19:42]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 19:42]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\StocekR\Data aplikací\Mozilla\Firefox\Profiles\78eq7zj6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60076&qkw=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKU-Default-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-Wdf01000.sys
MSConfigStartUp-ioCentre - c:\genius\ioCentre\gTaskBar.exe
MSConfigStartUp-mwc - c:\program files\Mouse Wheel Control\mwc.exe
MSConfigStartUp-RTHDCPL - RTHDCPL.EXE
AddRemove-Nokia PC Internet Access - c:\documents and settings\All Users\Data aplikací\Installations\{A809B447-82F4-4B95-9FCF-541EBF7BB863}\Installer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 14:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-09-23 14:10:37
ComboFix-quarantined-files.txt 2010-09-23 12:10

Před spuštěním: 1 715 851 264
Po spuštění: 1 778 634 752

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 38A4AC034D459088A05B825594825B32

[JaRon]

pokial to nie je lepsie, prescanuj PC s AVPTool

[kviki]

Pořad to není ono. Po stratu to hned nejede, pak tak cca za pul hodky se to rozjede.

Log z AVT Tool:
Autoscan: completed 10 minutes ago (events: 2, objects: 259548, time: 01:37:21)
26.9.2010 22:28:29 Task started
27.9.2010 0:05:52 Task completed

[JaRon]

otestuj disk programom www.hdtune.com
pozri health, error + cast benchmark vloz vysledky = 6 cisel

[kviki]

Snad jsem provedl vse. testy v priloze (obrazky)

[JaRon]

nuz disk je zdravy ako repa
precitaj este clanok kolegu sudanca http://www.viry.cz/forum/viewtopic.php?f=46&t=79325

[kviki]

Disk je zdravý, ale počítač pořad pomalý

Snažil jsem se to zkontrolovat i podle příspěvku kolegy.

Chová se to tak, že počítač najede až na plochu. A po cca 1-2minutách, kdy plocha najíždí (spoušti se), se pak objeví přesípací hodiny a nejde pořádně nic dělat.

Pokud nechám počítač spuštěný a dojdu po nějaké době (cca půl hodiny) tak už to funguje normálně.

Pořád si nevím rady

[JaRon]

vidim 3 dalsie mozne kroky - poradie vykonania necham na Tebe:
1. vytvorenie noveho uctu - profilu s adm. pravami
2. skontroluj velkost "plochy" t.j. adresara kde su umiestnene subory na ploche
3. odinstaluj AVAST

[kviki]

1. Profil - Plocha ma velikost 62kB - tam chyba nebude
2. Odinstalace Avastu - nepomohlo
3. Vytvořen novy učet =>
3.1 Dlouho trvalo než se vytvořil (vypadalo to, jak by se u toho seklo - psalot o jen Themes setup)
3.2 Po restartu opět stejně i na novem uctu, jdou otvirat programy, ktere se pak nekdy seknou, jinak jsou přesypaci hodiny, v liste start nejde nic dělat

[JaRon]

zial nejak mi uz dosli napady - oslovim kolegov

[JaRon]

od kolegu:
moznost SW konfliktu - co je dost tazko zistitelne ,,,
posahany system - tam vidim schodnejsiu cestu >> opravna instalacia Win -R (ak sa nepolepsi, tak nova cista instalacia)
z hladiska AV nebolo najdene nic take, co by mohlo sposobovat taketo stavy