VIRY.CZ

Prosím o kontrolu logu, PC bylo před časem napadeno viry a teď trochu zlobí.
Děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by A a A at 2011-09-28 16:59:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive F: has 51 GB (67%) free of 76 GB
Total RAM: 1021 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:00:11, on 28.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\AVAST Software\Avast\AvastSvc.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\AVAST Software\Avast\avastUI.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
F:\WINDOWS\system32\RunDLL32.exe
F:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
F:\Program Files\IObit\IObit Security 360\IS360tray.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\IObit\Game Booster\gbtray.exe
F:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
F:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
F:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
F:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
F:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\IObit\IObit Security 360\IS360srv.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\igfxsrvc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\A a A\Plocha\RSIT.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\Program Files\trend micro\A a A.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "F:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] F:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [IObit Security 360] F:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] "F:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] F:\WINDOWS\system32\Macromed\Flash\FlashUtil10v_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1715567821-1177238915-1417001333-1007\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - F:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - F:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - F:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - F:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: IS360service - IObit - F:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 6141 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
F:\WINDOWS\tasks\Game_Booster_Startup.job
F:\WINDOWS\tasks\SmartDefrag_Startup.job

=========Mozilla firefox=========

ProfilePath - F:\Documents and Settings\A a A\Data aplikací\Mozilla\Firefox\Profiles\j6ut8es1.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=F:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

F:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

F:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

F:\Program Files\Mozilla Firefox\searchplugins\
google.xml
wikipedia-cz.xml

F:\Documents and Settings\A a A\Data aplikací\Mozilla\Firefox\Profiles\j6ut8es1.default\extensions\
centrumpomocnik@centrum.cz

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=F:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"IgfxTray"=F:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=F:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=F:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"NeroFilterCheck"=F:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2011-05-25 13895272]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=F:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-05-05 1632360]
"IObit Security 360"=F:\Program Files\IObit\IObit Security 360\IS360tray.exe [2010-06-11 1280344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=F:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Advanced SystemCare 4"=F:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-08-09 417112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=F:\WINDOWS\system32\Macromed\Flash\FlashUtil10v_Plugin.exe [2011-08-23 243360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
F:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
F:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=F:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=F:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-28 16:59:35 ----D---- F:\Program Files\trend micro
2011-09-28 16:59:31 ----D---- F:\rsit
2011-09-28 16:46:06 ----D---- F:\Documents and Settings\A a A\Data aplikací\Mozilla
2011-09-28 16:45:07 ----D---- F:\Program Files\Mozilla Firefox
2011-09-25 18:03:04 ----HDC---- F:\WINDOWS\$NtUninstallKB2616676-v2$
2011-09-25 17:56:39 ----D---- F:\WINDOWS\Internet Logs
2011-09-19 19:27:12 ----HDC---- F:\WINDOWS\$NtUninstallKB2570947$
2011-09-19 18:53:18 ----HDC---- F:\WINDOWS\$NtUninstallKB2492386$
2011-09-19 18:51:43 ----HDC---- F:\WINDOWS\$NtUninstallKB971513$
2011-09-19 18:50:45 ----HDC---- F:\WINDOWS\$NtUninstallbasecsp$
2011-09-19 18:29:10 ----A---- F:\WINDOWS\system32\SmartDefragBootTime.exe
2011-09-19 18:29:04 ----A---- F:\WINDOWS\system32\drivers\SmartDefragDriver.sys
2011-09-19 18:27:57 ----D---- F:\Documents and Settings\A a A\Data aplikací\IObit
2011-09-19 18:25:58 ----D---- F:\Documents and Settings\All Users\Data aplikací\IObit
2011-09-19 18:25:50 ----D---- F:\Program Files\IObit
2011-09-19 18:11:56 ----SHD---- F:\Config.Msi
2011-09-07 18:32:38 ----HDC---- F:\WINDOWS\$NtUninstallKB2607712$

======List of files/folders modified in the last 1 month======

2011-09-28 16:59:35 ----RD---- F:\Program Files
2011-09-28 16:57:23 ----D---- F:\WINDOWS\Temp
2011-09-28 16:39:49 ----HD---- F:\WINDOWS\inf
2011-09-28 16:39:49 ----D---- F:\WINDOWS
2011-09-28 16:25:50 ----D---- F:\WINDOWS\system32\inetsrv
2011-09-28 16:09:53 ----D---- F:\WINDOWS\system32\CatRoot2
2011-09-26 10:14:30 ----A---- F:\WINDOWS\SchedLgU.Txt
2011-09-25 18:22:41 ----D---- F:\WINDOWS\Debug
2011-09-25 18:16:17 ----D---- F:\WINDOWS\system32
2011-09-25 18:03:28 ----A---- F:\WINDOWS\system32\MRT.exe
2011-09-25 18:03:09 ----RSHDC---- F:\WINDOWS\system32\dllcache
2011-09-25 18:00:21 ----SHD---- F:\WINDOWS\Installer
2011-09-25 18:00:21 ----SD---- F:\Documents and Settings\A a A\Data aplikací\Microsoft
2011-09-25 17:58:22 ----D---- F:\WINDOWS\system32\drivers
2011-09-25 17:42:45 ----SD---- F:\WINDOWS\Tasks
2011-09-25 17:41:45 ----HD---- F:\WINDOWS\$hf_mig$
2011-09-25 12:14:00 ----D---- F:\Program Files\The KMPlayer
2011-09-20 12:28:50 ----D---- F:\WINDOWS\Prefetch
2011-09-20 12:26:08 ----D---- F:\WINDOWS\AppPatch
2011-09-19 19:36:32 ----D---- F:\WINDOWS\Microsoft.NET
2011-09-19 19:36:32 ----D---- F:\WINDOWS\assembly
2011-09-19 19:25:23 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2011-09-19 19:24:52 ----D---- F:\WINDOWS\WinSxS
2011-09-19 18:57:33 ----D---- F:\WINDOWS\security
2011-09-18 11:30:51 ----D---- F:\Program Files\Kájovy Vánoce - velké dobrodružství pračlověka Káji Hřibojeda
2011-09-14 17:56:39 ----D---- F:\Program Files\Zachraň Kamarády!
2011-09-09 11:12:04 ----A---- F:\WINDOWS\system32\crypt32.dll
2011-09-07 16:34:21 ----D---- F:\Program Files\Mořské dobrodružství
2011-09-06 22:45:29 ----A---- F:\WINDOWS\system32\aswBoot.exe
2011-09-02 08:36:05 ----D---- F:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SmartDefragDriver;SmartDefragDriver; F:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2010-11-26 14776]
R0 snapman;Acronis Snapshots Manager; F:\WINDOWS\system32\DRIVERS\snapman.sys [2011-06-04 158272]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); F:\WINDOWS\system32\DRIVERS\tdrpm258.sys [2011-06-04 911680]
R0 timounter;Acronis Backup Archive Explorer; F:\WINDOWS\system32\DRIVERS\timntr.sys [2011-06-04 581984]
R1 Aavmker4;avast! Asynchronous Virus Monitor; F:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 aswRdr;aswRdr; F:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; F:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; F:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; F:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 intelppm;Řadič procesoru Intel; F:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; F:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; F:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; F:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-01-24 176128]
R3 afcdp;afcdp; F:\WINDOWS\system32\DRIVERS\afcdp.sys [2011-06-04 160288]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; F:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-03-31 180736]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; F:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 nv;nv; F:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-05-25 12753664]
R3 TPM;Winbond Trusted Platform Module; F:\WINDOWS\system32\DRIVERS\tpm.sys [2007-05-01 17792]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; F:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ialm;ialm; F:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; F:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2000-01-01 25434]
S3 SWDUMon;SWDUMon; F:\WINDOWS\system32\DRIVERS\SWDUMon.sys [2011-09-25 12984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; F:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 661008]
R2 AdvancedSystemCareService;Advanced SystemCare Service; F:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 afcdpsrv;Acronis Nonstop Backup service; F:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-04 2480048]
R2 avast! Antivirus;avast! Antivirus; F:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 IISADMIN;Správa služby IIS; F:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 IS360service;IS360service; F:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R2 NVSvc;NVIDIA Driver Helper Service; F:\WINDOWS\system32\nvsvc32.exe [2011-05-25 154728]
R2 nvUpdatusService;NVIDIA Update Service Daemon; F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 W3SVC;Publikování na webu; F:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; F:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

V systému jsou 2 antiviry. Avast a IObitIS. Vyberte si jeden a druhý odinstalujte. Mohlo by docházet k sw kolizi. Nainstalujte Speedfan: http://www.stahuj.centrum.cz/utility_a_ ... /speedfan/ a vprůběhu chodu PC kontrolujte teploty komponent. Neměly by trvale překračovat 65°C.

Iobit jsem odinstaloval. Při restaru PC jsem překontroloval chladiče a pasiv na asi chipsetu byl docla dost rožhavený tak jsem na něj prozatím provizorně přidělal chladič. Jinak podle SpeedFan nikde 65 st. C nepřekračuju.

OK. Stále se PC restartuje?

ano, opětovně

Nastartujte do nouz. režimu a tam udělejte sken ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

a dejte log.

Malinko s problémama ale nakonec to vyšlo.

ComboFix 11-09-28.01 - Administrator 28.09.2011 20:03:31.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1021.705 [GMT 2:00]
Spuštěný z: f:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\program files\Downloaded Installers
f:\program files\Downloaded Installers\{85734060-4F8B-477D-9FBD-44DEAC824BE2}\setup.msi
f:\windows\system32\Cache
f:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-28 do 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 17:55 . 2011-09-28 17:55 -------- d-----w- f:\documents and settings\Administrator
2011-09-28 16:17 . 2011-09-28 17:44 -------- d-----w- f:\program files\SpeedFan
2011-09-28 14:59 . 2011-09-28 15:00 -------- d-----w- f:\program files\trend micro
2011-09-28 14:59 . 2011-09-28 15:00 -------- d-----w- F:\rsit
2011-09-25 15:56 . 2011-09-25 15:56 -------- d-----w- f:\windows\Internet Logs
2011-09-19 16:29 . 2011-08-19 14:33 25944 ----a-w- f:\windows\system32\SmartDefragBootTime.exe
2011-09-19 16:29 . 2010-11-26 16:02 14776 ----a-w- f:\windows\system32\drivers\SmartDefragDriver.sys
2011-09-19 16:27 . 2011-09-28 16:26 -------- d-----w- f:\documents and settings\A a A\Data aplikací\IObit
2011-09-19 16:25 . 2011-09-19 16:28 -------- d-----w- f:\documents and settings\All Users\Data aplikací\IObit
2011-09-19 16:25 . 2011-09-19 16:28 -------- d-----w- f:\program files\IObit
2011-09-12 06:57 . 2011-09-12 06:57 -------- d-sh--w- f:\documents and settings\A a A\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-25 15:57 . 2011-06-10 15:54 12984 ----a-w- f:\windows\system32\drivers\SWDUMon.sys
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- f:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-06-03 20:36 41184 ----a-w- f:\windows\avastSS.scr
2011-09-06 20:45 . 2011-06-03 20:36 199304 ----a-w- f:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-03 20:36 442200 ----a-w- f:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-06-03 20:36 320856 ----a-w- f:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-06-03 20:36 34392 ----a-w- f:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-06-03 20:36 52568 ----a-w- f:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-06-03 20:36 110552 ----a-w- f:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-06-03 20:36 104536 ----a-w- f:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-06-03 20:36 20568 ----a-w- f:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-06-03 20:36 30808 ----a-w- f:\windows\system32\drivers\aavmker4.sys
2011-08-26 07:27 . 2011-06-10 15:54 12984 ------w- f:\windows\system32\drivers\SET9.tmp
2011-08-24 17:53 . 2011-06-10 15:54 12984 ------w- f:\windows\system32\drivers\SET8.tmp
2011-08-23 07:37 . 2011-06-03 21:57 404640 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- f:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- f:\windows\system32\drivers\ndistapi.sys
2011-09-23 04:41 . 2011-09-28 14:45 134104 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- f:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="f:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="f:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="f:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;f:\windows\system32\drivers\SmartDefragDriver.sys [19.9.2011 18:29 14776]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);f:\windows\system32\drivers\tdrpm258.sys [4.6.2011 21:14 911680]
S1 aswSnx;aswSnx;f:\windows\system32\drivers\aswSnx.sys [3.6.2011 22:36 442200]
S1 aswSP;aswSP;f:\windows\system32\drivers\aswSP.sys [3.6.2011 22:36 320856]
S2 AdvancedSystemCareService;Advanced SystemCare Service;f:\program files\IObit\Advanced SystemCare 4\ASCService.exe [19.9.2011 18:27 328536]
S2 afcdpsrv;Acronis Nonstop Backup service;f:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [4.6.2011 21:14 2480048]
S2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [3.6.2011 22:36 20568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;f:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4.6.2011 20:35 2214504]
S3 afcdp;afcdp;f:\windows\system32\drivers\afcdp.sys [4.6.2011 21:14 160288]
S3 SWDUMon;SWDUMon;f:\windows\system32\drivers\SWDUMon.sys [10.6.2011 17:54 12984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-28 f:\windows\Tasks\ASC4_PerformanceMonitor.job
- f:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-09-19 14:40]
.
2011-09-28 f:\windows\Tasks\Game_Booster_Startup.job
- f:\program files\IObit\Game Booster\gbtray.exe [2011-09-19 13:46]
.
2011-09-28 f:\windows\Tasks\SmartDefrag_Startup.job
- f:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-09-19 08:35]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 62.204.224.2 62.240.163.170
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-28 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-09-28 20:11:44
ComboFix-quarantined-files.txt 2011-09-28 18:11
.
Před spuštěním: Volných bajtů: 53 802 131 456
Po spuštění: Volných bajtů: 53 753 221 120
.
- - End Of File - - 67B7A2D8DB950088E1918D8A177D7DB5

Něco infikovaného CF smazal. PC se nadále restartuje?

Restartuje, ale např. při použití programu SmartDefrag. Při defragmentaci sice ne ale jakmile začne proces optimalizace tak po chvilce restaruje. Nyní jdu zkusit udělat zálohu programem Acronic a uvidíme.

Omlouvám se za zpoždění. Záloha proběhla bez problémů a chod PC mimo programu SmartDefrg se zdá být stabilní. Viděl bych to pro zatím jako vyřešený případ a děkuji.

Nemáte zač!

VIRY.CZ

Prosím o pomoc - PC se po cca 5 min. restartuje

Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje

Re: Prosím o pomoc - PC se po cca 5 min. restartuje