Občasné zamrznutí PC po startu

[franta05]

Po zapnutí mi PC občas zamrzne - nejde na nic kliknout a v dolní liště se ukazují přesípací hodiny - musím natvrdo restartovat a pak jede normálně, přikládám log z RSIT pro kontrolu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Uživatel at 2010-10-12 22:40:47
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 742 GB (78%) free of 954 GB
Total RAM: 3326 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:54, on 12.10.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uživatel\Dokumenty\Stáhnuto\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 6062 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1249561313.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-02-22 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-02-22 110696]
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-04-19 9125888]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-09-10 2771784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-04-19 9125888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-02-22 13670504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-02-22 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-06 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\TrackMania United\TmUnited.exe"="C:\Program Files\TrackMania United\TmUnited.exe:*:Enabled:TmUnited"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe"="C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe"="C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-12 22:40:47 ----D---- C:\rsit
2010-10-09 13:43:27 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\codeblocks
2010-10-09 13:42:59 ----D---- C:\Program Files\CodeBlocks
2010-10-06 23:11:17 ----A---- C:\WINDOWS\system32\pbsvc_moh.exe
2010-09-25 17:44:10 ----D---- C:\Program Files\OO Software
2010-09-25 17:39:42 ----D---- C:\Program Files\CCleaner
2010-09-15 17:38:54 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Adobe
2010-09-13 22:14:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe

======List of files/folders modified in the last 1 months======

2010-10-12 22:40:51 ----D---- C:\Program Files\trend micro
2010-10-12 22:40:37 ----D---- C:\WINDOWS\Prefetch
2010-10-12 22:37:38 ----D---- C:\WINDOWS\Temp
2010-10-12 22:29:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-12 17:52:55 ----SD---- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft
2010-10-12 09:08:09 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skype
2010-10-11 14:15:20 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2010-10-11 11:24:41 ----D---- C:\WINDOWS\system32
2010-10-09 13:42:59 ----RD---- C:\Program Files
2010-10-09 12:18:23 ----D---- C:\WINDOWS
2010-10-08 19:10:40 ----D---- C:\WINDOWS\system32\LogFiles
2010-10-08 19:01:22 ----SHD---- C:\WINDOWS\Installer
2010-10-08 19:01:20 ----D---- C:\Program Files\Electronic Arts
2010-10-08 18:58:28 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-10-06 23:11:19 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-10-06 23:01:00 ----D---- C:\Config.Msi
2010-10-06 22:58:38 ----HD---- C:\WINDOWS\inf
2010-10-06 22:55:26 ----D---- C:\WINDOWS\system32\DirectX
2010-10-06 18:40:04 ----D---- C:\Program Files\Steam
2010-10-06 18:25:25 ----D---- C:\WINDOWS\WinSxS
2010-10-06 18:21:22 ----RSD---- C:\WINDOWS\assembly
2010-10-06 16:23:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-03 16:23:52 ----D---- C:\Program Files\Common Files\Adobe
2010-09-26 00:31:32 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\HLSW
2010-09-25 17:40:26 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Media Player Classic
2010-09-25 17:38:00 ----D---- C:\WINDOWS\system32\drivers
2010-09-25 15:41:04 ----D---- C:\Program Files\World of Warcraft
2010-09-19 21:28:30 ----D---- C:\Program Files\Mozilla Firefox
2010-09-18 14:08:09 ----D---- C:\TempEI4

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-07-29 717296]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-08-06 82380]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-08-23 279712]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-08-23 25888]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-02-22 10231936]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-06-03 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-06-03 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-06-03 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-06-03 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-06-03 79488]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-02-22 154216]
R2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2010-09-10 2320712]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-10-06 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-10-08 218496]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-17 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-23 133104]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-21 152984]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[earl]

Zdravim,

Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

Stahnete catchme.exe a spustte.

Vysledny log vlozte sem.

Stahnete GMER (gmer.zip),

rozbalte a spustte probehne sken, po jehoz ukonceni na vas vyskoci vysledky,

pote kliknete na Save a ulozite tak oba logy, jejichz obsah sem vlozte

V pripade potizi je k dispozici navod v mem podpisu-GMER.

[franta05]

vyčištěno CCleanerem a projeto Catchme ale GMERem mi to nejde - kednou se sekl - musel sem restart PC a podruhé se PC restartovalo samo a log nikde

vkládám log z catchme:

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-13 08:55:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,8b,9b,c7,3c,fc,50,d3,dd,af,92,cc,98,45,9f,7b,25,32,bb,bf,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,8b,9b,c7,3c,fc,50,d3,dd,af,92,cc,98,45,9f,7b,25,32,bb,bf,55,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG11.00.00.01WORKSTATION"="8447941B6B7E587F710CBD71492D37DF9B5EB7F41D194F4D4BAE67598CF9F7CEB7E25B2E4253B144A129DDA09FCAA0F3A6D357CCC614D89FFACA059D7661FAB4EA8681C72F6DA20221200F43AC122108547146612FE9894B2D410571120F0D478B02B570375BA9E218A1DFC93CBE257EA0E7112F0729590CCEE21178968251BA20E7601337A8B532BC21940A7090095C9AAB79935263B33E63C605380FBCE0E5BE909B025D6C2DE05FD6253D3B4D204CE1767351EBADF6E602C5F39E5546C7C59495B56F2C3C69065EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B5558EDD5E5BE2F6E6676CDCBD24B6C912CBDD5D2196A07B1D86FC6BB1D1D336EFFE2BBE1FBC3867CCF4B075BAE60C956A4A3715EAB4DFD136D8D7612ED237731A8E3D00A9062526DA614F6D51BA8C3FFD0AEF4196F55E75C71B4E44A907F454C55F4351D094F80BE408BB8CC675D88CA12E3E6730534BF74027F477992B6E54171F4E13110E64A3E70B2AD0C04090B54D709643289EDADC30E92391D8D407E7DA8E3B5BCE6A1E6C09A495EBCB1B5DE41B1C3542D3F7441F4C63F45F24EBA973FC062471CD77DDD90E9D3DC356D4E63CCD911A076AD7432A6D2AC9DF9BAABFD28FEE6CD1BA5563D2E1D52171B595DE4E47C58667880817DF10E8C64646233CD249C7382EA3F7EE3394400A439ED57524104004EF2F280494D559D4FA0DB693350423706A7929474757E400B9ADE362B9549CDA5DC3AAD11204CF9E983C1FBD313D26C21E1485B45481DD518AE1E061FDE28D1DA20C554B95023115EE07E6B7EE170CA0972E7E86128E5C111FA043AE55B0551C67B5C341CE5DF46B0102EE820FD724BED4E4D78D299DA195162ED48E98554CEE84526586E448A99B0826692221684D160E3BA91F3A7086F7BFB833C7930D5FF189D3FBF2ED15F060EDD15F9EACD681E328976316D8EE7517A1CE502586B70EC3B8951FE2F9BF7F3A53C52C87AA55C9A9C144C24E8923ED14F6E1F1F3A3586EC609D1B8B487E21FEC0A2800690ABA432DAA6F5DAAC93D82D62A4CB0871597A6A3A3A8094D0EBFAB019C015E5CACFEA1F5672D1E11888F5C0860C7FBB676C174C369A0A013F43C984343BE9F7668422A513171BFE9A69035966C74155CD64527D76AA0E7F2196069C26F33EDD607443852731753237D5A5C35D85491D63B3824516E7598DACC5938D444914A9C47ECB9CB4FDEBDAF562EB55863505A091CD0E1696F4F43C0D3783110987688EB5AC430591AE7B70472ECB7BBFDB3AFD8636AEE9A1D42481AE7B197D1795C50EEE67932D45BBBCE1A829EEE5CCCAE21B1F287E923D8C761E3359EBEBA25A69DD1065EEAE2CEC262EF2EED79FC2AD115811EC9"
"OODEFRAG14.00.00.01PROFESSIONAL"="C3EAA2E7449BB131F40EC4396137FB052CE21B7B29ACBDB707DFCC710D7EEAF8537A6450F261B2579B8029A78842E507C0CD8C1124237080A4CA2C39B9BFDB7266BADDB25D85E77328E2CD1951DEB21970F12D082E4C6CCE8D4875DB91C71D8195032FCCE3037EA0ED60D3CA27ED6066E66E3FB9DA0CA076658DAA70F1A2AE499E3A3B124DABA5EBE13721AC58A3F006F277C8B4239D80BDF3E19242982D15DDE1DEAAABC1A193571E3A5EE416096789865492BADF8D826225A3B94EAB9C58486501FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DBA7FD869164D6794D926C61030215B3810D23628D0B2B5BABD826FCAAE4D52A1BC8FB229507C11555EF43D172AA11FD5EF4DB6B1A0DEB5944728B6D91B54E80D6232547DAEABF5BB13224D2E5577BB59418635882F5BAA6E3853B572DD0DD5B581C7E59A6C1D0945D927ACDA3D167616A9362DD89AE66FD39595D102C7A33079A264D6D4A80A394459B1F0F675E538F58C46819F09B88660A937544EAC3B33CA8CC8F65509A197217A2295B194428AF31956F4B09F781445FC356C6E65693AB0CD707E19B8885DD7EC107B8A367C20A03B3830320C436148E23D29CD4FB7C9C5360688EF6554E4762243E4D77757C99FA7F13F9FFB2B5AC26C3380ACC92506375B6A91FE3F102C1F503979C47C0B822BD43F93C625B38FA1752ECC9E39A2B8C618B2FD3F7C3BD60CF024C4CD6A44648DFE8C804CBD5638E517FA4A8B0818514C87A791FD58492B06446AB546EC23AE28247FBEA40280ACA532971CAF22DC60310B4479DA0D20946E49A320D1B1BBC76F876BEA9B3293E78AEBB9C599F7C19C74C83B424C609C2236499F3C6AEC9435EAB15D855090630C4F2C46B0AD7E86DEA7A86E5F19150B0666CCDC2360D42B24B66B1272B4663BDDC81EDA2C242D632670D9F9275F753118192193D553236F6484C6FC7B117D54465A334668888280148ACAA6D310CF4453FE5A2DB8B89745E81794C4CA7E2763D27C1E0C7ABA7D7CEDC4B27703ED7570D4D94EC490DB7383CA47EBC3F2ECB58C333E58E35C6D24E81EFD0A9F3815BBD3E10216AE8B59FEF74681A987669E02E63EBF9DB8EAAAFE4DB2308E8959EEFC815FE2906FB6A2836239456CD400A96781E9B6ED2AE7CB99225E643F4FB0BE9581D9FA5F3F07005075A8A89620F97AC4DDD5EC8C0DF80206D5743864C2EC18E8CD7EDC698DD308B85BBDD1CF9474CEFD6EC13E836728D0D64BF05E05E72164DAD522B2D7FA57AA12ADC17E0391F5397B1E129D1EF5600F27D7721D6FF7C1DE56FBBAB4995D31A8377EA77EDF27E521A8C9D00FEB26756991C4394FB3DEAA1A499863B3613E669887CF0036D89F90C174C2"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


edit1: podařilo se mi udělat 1 log v GMERU:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-10-13 11:21:34
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT spwu.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spwu.sys ZwEnumerateValueKey [0xB7EC7030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A4AE1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----

[franta05]

GMER jsem znova spustil a asi po hodině skenování se PC restartovalo...

[earl]

A ten druhy log z GMERu?

Stahnete HDTune,nainstalujte,a na karte Error scan klepnete na start

(ne rychly),vysledek nahlaste.

Taktez stav resume zalozky Status.

Stahnete a nainstalujte Speedfan.

Napiste sem teploty procesoru,harddisku a ostatnich komponent,ktere Speedfan po spusteni zobrazi.

[franta05]

HD tune zatím jede, 2. log z GMERu nemám - 1x se to seklo a 2x mi restartovalo PC, teploty ze SpeedFanu:
GPU: 42C
CPU: 58C
Local 49C
Remote2:41C
HD0:28C
Core:42C
Ambient:0C

[earl]

Pockam na ten HDTune.

Ta teplota CPU 58 je v IDLE (necinnost)?

Mezitim udelejte toto:

Stahnete na plochu Avira AntiRootkitTool

rozbalte a spustte Start scan ,po skenu kliknete na View report a log vlozte sem.

[franta05]

no, před as 5 minutama jsem spustil PC, prohlídl si toto téma, stáhl ten AntoRootkit, spustil HD Tune, znovu nainstaloval Speed Fan a teplota CPU byla 48 a než jsem článek napsal je 52

edit1: Aviru jsem extrahoval na plochu, ale píše mi: One of the Avora AntiVir Desktop products must be instaled first. The application will exit.

[earl]

Ok,takze ta teplota na CPU je dost vysoka.

Vyfoukejte vnitrek skrine od pc,at tam je cisto.

Z HDTune pak napiste ten vysledek a status disku.

Je mozne,ze bude treba prepastovat procesor,teplovodiva pasta na chladici uz muze byt spatna a proto to mrzne.

Stahnete Rootkit Revealer

Rozbalte ZIP archiv a spustte aplikaci.

Kliknete na tlacitko Scan a po dokonceni scanu kliknete na File - Save a ulozeny log vlozte sem.

[franta05]

Nádhera - spustil jsem Rootkit Revealer (HD Tune byl asi v půlce - zatim vše ok) a sek - restart a mosim to pustat od znova

Edit1: spustil jsem samotný Rootkit Revealer a po 3 vteřinách sek - máte v nabídce víc takových prográmků - je to radost pouštět... xD

Edit2: skříň vyčištěna - jetě budu asi muset vypnout PC a odmontovat větrák u procesoru abych ho profoukl - je tam videt usazený prach a za chodu s tím nic neudělám

[earl]

Ano,mame jich v nabidce vic,kdyz se pc cisti a odvirovava,tak dostava zabrat...

Konkretne programy na detekci rootkitu (nejhorsi z infekci) obcas zpusobi zamrz nebo restart systemu.

Stahnete si na plochu a rozbalte RootRepeal

spustte RootRepeal.exe jako spravce - klepnete na File a potom na Scan - po skenu kliknete na Save Report a log vlozte sem.

V pripade nejasnosti navod v mem podpisu.

Pouzijte MBAM

instalace,uplny sken,vlozit sem log-NIC NEMAZAT!

[franta05]

mám nechat HD Tune ať dojede (je asi ve 20% za 30min) nebo spustit RootRepeal a riskovat že se to sekne?

[earl]

V klidu otestujte povrch disku HDTunem a pak spustte RR.

[franta05]

právě skončil HD tune - damaged bloks - 0.0%

Edit1: log z RR:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/10/14 15:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-06304AB4.pf
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\uživatel\data aplikací\mozilla\firefox\profiles\2opk9ugp.default\sessionstore.js
Status: Size mismatch (API: 17110, Raw: 16934)

Edit2: dalsí log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

14.10.2010 16:07:51
mbam-log-2010-10-14 (16-07-51).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 301930
Uplynulý čas: 31 minuta(y), 41 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[earl]

Dopoledne napisu,cim budeme pokracovat.