Prosím o kontrolu, file explorer mrzne

[kuntakinte]

Jo, v nouzovém režimu to šlo. Jenom mi hned na začátku vyhodil ať vypnu Aviru, která byla vypnutá (a v nouzovém režimu mi zapnout ani nešla). Tak jsem pokračoval, tentokrát to proběhlo úspěšně.

ComboFix 12-12-02.01 - Administrator . 12. 2012 17:42:01.4.4 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1648 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivan\Application Data\inst.exe
c:\documents and settings\Ivan\Application Data\vso_ts_preview.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2006-02-28 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 16:47 . 2012-04-03 09:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 16:47 . 2012-02-13 13:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 15:11 . 2012-02-13 14:43 31920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-10-03 15:09 . 2012-02-13 14:43 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2012-10-03 15:09 . 2012-02-13 14:43 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2012-10-03 15:09 . 2012-02-13 14:43 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2012-10-02 18:04 . 2006-02-28 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 21:22 . 2012-09-29 21:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-09-29 21:22 . 2012-09-29 21:22 47360 ----a-w- c:\documents and settings\Ivan\Application Data\pcouffin.sys
2012-10-27 10:16 . 2012-10-27 10:16 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-06 4763008]
"Boxoft Tools"="c:\documents and settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-04-07 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-16 452016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-10-03 2415104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\documents and settings\Ivan\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EasySetPackage.lnk - c:\program files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe [2012-2-13 159744]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-2-13 258048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-10-03 366440]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips SA52XX Device Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Philips SA52XX Device Manager.lnk
backup=c:\windows\pss\Philips SA52XX Device Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-03-01 03:40 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-14 04:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 17:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 23:14 17147528 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.2.2012 17:18 685816]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [13.2.2012 14:51 127744]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13.2.2012 15:32 36000]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [13.2.2012 15:43 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [13.2.2012 15:43 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [13.2.2012 15:43 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [13.2.2012 15:43 31920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12.8.2011 0:38 116608]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/02/13 08:14];c:\program files\CyberLink\PowerDVD9\000.fcl [1.3.2009 4:40 87536]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13.2.2012 15:32 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2.12.2012 22:05 676936]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [13.2.2012 15:43 216072]
R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [26.5.2010 4:53 2139400]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1.2.2012 0:09 158856]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\OAsrv.exe [13.2.2012 15:43 4463864]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.sys [13.2.2012 14:47 855808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2.12.2012 22:05 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29.9.2012 22:22 47360]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.2.2012 14:42 1691480]
S3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [13.2.2012 21:29 16384]
S3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [13.2.2012 21:29 19456]
S3 vtcdrv;Philips SA52xx Recovery Device;c:\windows\system32\drivers\vtcdrv.sys [29.5.2012 21:39 18560]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.12.50.2 217.12.48.2
TCP: Interfaces\{A1273EFA-CCED-4589-BD26-4A982EE730C2}: NameServer = 195.168.1.2,195.168.1.4
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ydwysbl0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\LG Soft India\EasySetPackage\bin\HOOK.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
c:\documents and settings\All Users\Application Data\Boxtools\Toolbox.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Online Armor\OAhlp.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
.
**************************************************************************
.
Completion time: 2012-12-04 17:51:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-04 16:50
ComboFix2.txt 2012-12-03 21:15
.
Pre-Run: 86 101 196 800 bytes free
Post-Run: 14 adresárov, 86 037 385 216 voľných bajtov
.
- - End Of File - - A3C993C9ECF889A022914512E64D527B

[Rudy]

Log již vypadá čistý. Nastala nějaká změna?

[kuntakinte]

Neviem či je to teraz len náhoda, ale keď tak skúšam preklikávať priečinky, ide to ok. Teda skoro ok, nechápem prečo, ale je tu jeden priečinok, ktorý stále padá. Je možné že by bol takto poškodený fakt len jeden?

[Rudy]

Možné to je.

[kuntakinte]

A neviete čím by to mohlo byť, resp. ako sa toho problému prosím zbaviť? Lebo Total Commander sa tam napríklad dostane úplne bez problému..

[Rudy]

Zkuste vytvořit nový adresář, obsah toho chybného do něj přesuňte a ten chybný smažte.

[kuntakinte]

Jste génius! Ne vážně, děkuju moc, teď už se dostanu i k filmům bez problémů Skutečně jste mi pomohl, děkuju za pomoc a ochotu.

[Rudy]

Rádo se stalo!