Nepodařilo se připojení ke službě systému Windows

Zpráva

krabac · #1 Příspěvek od **krabac** » 04 dub 2013 06:17

Dobrý den,

s největší pravděpodobností mám napadený počítač, systém se dlouho spouští a po prvním dnešním spuštění a zalogování na můj profil na mě vyskočily hlášky: "Nepodařilo se připojení ke službě systému Windows: Nelze se připojit ke službě Služba oznamování událostí systému. Tento problém brání limitovaným uživatelům v přihlášení do systému. Jako uživatel s oprávněními správy můžete v protokolu událostí systému zjistit, proč služba nereaguje. " a také se nepodařilo načíst plochu (přístup k desktop byl odepřen). Po restartu se plocha načetla, nicméně první hláška o připojení ke službe systému Windows se znovu objevila + systém nemá obvyklou grafiku.

Přikládám logfile z RSITu a prosím o pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lubos at 2013-04-04 07:09:00
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 978 MB (1%) free of 107 GB
Total RAM: 1013 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:09:17, on 4.4.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\ProgramData\AutoStarter\AutoStarter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Lubos\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Lubos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lubos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Lubos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lubos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lubos\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Lubos.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = vscht.cz;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\Run: [AutoStarter] C:\ProgramData\AutoStarter\AutoStarter.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lubos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CZ
O17 - HKLM\Software\..\Telephony: DomainName = CZ
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CZ
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CZ
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5340 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966314965-1446201100-2446403922-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966314965-1446201100-2446403922-1001UA.job
C:\Windows\tasks\User_Feed_Synchronization-{9667790B-B9A1-483F-8A5A-0F465DF3DBD8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"Anvi Smart Defender"=C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [2012-12-21 1434984]
"AutoStarter"=C:\ProgramData\AutoStarter\AutoStarter.exe [2013-03-15 1419328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Lubos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 116648]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-10-01 87552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"msacm.lameacm"=LameACM.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

======List of files/folders modified in the last 1 month======

2013-04-04 07:09:03 ----D---- C:\Program Files\trend micro
2013-04-04 07:08:57 ----D---- C:\Windows\temp
2013-04-04 07:07:26 ----D---- C:\Users\Lubos\AppData\Roaming\Skype
2013-04-04 06:45:42 ----D---- C:\Windows\System32
2013-04-04 06:45:42 ----D---- C:\Windows\inf
2013-04-04 06:45:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-04 06:42:08 ----D---- C:\Windows\system32\cs-CZ
2013-04-03 21:45:58 ----D---- C:\Windows\Prefetch
2013-04-03 07:42:14 ----D---- C:\Users\Lubos\AppData\Roaming\uTorrent
2013-04-01 11:03:34 ----SHD---- C:\System Volume Information
2013-03-30 16:58:18 ----D---- C:\Users\Lubos\AppData\Roaming\dvdcss
2013-03-21 21:40:19 ----D---- C:\Users\Lubos\AppData\Roaming\vlc
2013-03-18 10:10:25 ----D---- C:\Windows\system32\catroot2
2013-03-15 00:45:32 ----D---- C:\Windows\Minidump
2013-03-15 00:45:32 ----D---- C:\Windows
2013-03-15 00:41:26 ----HD---- C:\Program Files\InstallShield Installation Information
2013-03-15 00:41:26 ----D---- C:\Program Files\Hewlett-Packard
2013-03-15 00:31:40 ----SHD---- C:\Windows\Installer
2013-03-15 00:31:37 ----D---- C:\Windows\winsxs
2013-03-15 00:31:18 ----D---- C:\Program Files\Common Files\microsoft shared
2013-03-14 00:07:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-03-22 304920]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-06 691696]
R1 asdnet;asdnet; \??\C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys [2012-09-07 15696]
R1 asdrm;asdrm; C:\Windows\system32\DRIVERS\asdrm.sys [2012-11-07 16208]
R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 FNETURPX;FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [2013-02-06 14656]
R1 FNETVDDA;FNETVDDA; C:\Windows\System32\drivers\FNETVDDA.SYS [2013-02-06 35552]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System; \??\C:\Windows\system32\DRIVERS\asdrs.sys [2012-11-07 22864]
R2 asdws;AnviSmartDefender Web Guard; \??\C:\Windows\system32\DRIVERS\asdws.sys [2012-11-07 14160]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-11-17 143872]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-06-18 690432]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
S3 a7cr5r10;a7cr5r10; C:\Windows\system32\drivers\a7cr5r10.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-06-18 690432]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 CFcatchme;CFcatchme; \??\C:\Users\Lubos\AppData\Local\Temp\CFcatchme.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
S3 esiasdrv;esiasdrv; \??\C:\Users\Lubos\AppData\Local\Temp\esiasdrv.sys []
S3 FNETTBOH_305;FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-02-06 29760]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-30 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-05-04 2219520]
S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\Windows\system32\DRIVERS\LVCD.sys [2004-04-26 474304]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-05-11 43520]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADBlockerSrv;AD Blocker Service; C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 253656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-18 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 04 dub 2013 17:12

Zdravím!
Nejprve dotaz. PC, z něhož jste dallog je soukromý, nebo patří nějaké organizaci?

krabac · #3 Příspěvek od **krabac** » 04 dub 2013 21:07

Soukromý. Můžu se zeptat proč se ptáte?

#4 Příspěvek od **Rudy** » 04 dub 2013 21:14

Můžete. Pokud jste četl pravidla fóra, neposkytujeme služby pro firemní PC, neboť ty mají placené týmy lidí, kteří se o ně starají. Takže považujeme za nemravné, abychom dělali zadarmo něco, zač je někdo jiný placen. Ve vašem PC jsem zahlédl jisté symptomy, které by mohly být na firemním zasíťovaném PC. Proto jsem se ptal.

V tom případě je to OK. Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte na Search
Proběhne skenováni a pak se objeví log, který sem vložte.

krabac · #5 Příspěvek od **krabac** » 04 dub 2013 21:33

V tom s Vámi souhlasím. Firemní počítač je v pořádku, možná proto, že si na něm nedovolím dělat to, co na tom soukromém

Zde je log z AdwCleaneru:

# AdwCleaner v2.200 - Log vytvooen 04/04/2013 v 22:31:09
# Aktualizováno 02/04/2013 Xplode
# Operaení systém : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Uživatel : Lubos - HPG7020EC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Lubos\Desktop\adwcleaner (1).exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files\SweetIM
Soubor Nalezeno : C:\Users\Lubos\AppData\Roaming\Mozilla\Firefox\Profiles\r7cwwsfx.default\searchplugins\SweetIm.xml

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v [Nemohu získat verzi]

Soubor : C:\Users\Lubos\AppData\Roaming\Mozilla\Firefox\Profiles\r7cwwsfx.default\prefs.js

Nalezeno : user_pref("browser.search.defaultenginename", "SweetIM Search");
Nalezeno : user_pref("browser.search.selectedEngine", "SweetIM Search");
Nalezeno : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={E1877E70-[...]
Nalezeno : user_pref("icqtoolbar.installsource", "1");
Nalezeno : user_pref("icqtoolbar.skip_default_search", "yes");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.facebook.com/home.php?ref[...]
Nalezeno : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={E187[...]
Nalezeno : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "ICQ Search");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Nalezeno : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&barid={E1877E70-5D8A-11E2-9499-[...]
Nalezeno : user_pref("sweetim.toolbar.previous.keyword.URL", "");

-\\ Google Chrome v26.0.1410.43

Soubor : C:\Users\Lubos\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.1886] : homepage = "hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={E1877E70-5D8A-11E2-9499-CE53B6C028B3}",

-\\ Opera v [Nemohu získat verzi]

Soubor : C:\Users\Lubos\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [3431 octets] - [26/12/2012 14:45:40]
AdwCleaner[R2].txt - [3491 octets] - [26/12/2012 21:39:03]
AdwCleaner[R3].txt - [3367 octets] - [04/04/2013 22:31:09]
AdwCleaner[S1].txt - [3269 octets] - [26/12/2012 21:39:35]

########## EOF - C:\AdwCleaner[R3].txt - [3487 octets] ##########

#6 Příspěvek od **Rudy** » 04 dub 2013 21:48

Spusťte znovu ADWCleaner a klikněte na >Delete<. Vložte nový log.

krabac · #7 Příspěvek od **krabac** » 05 dub 2013 06:32

Níže můžete nalézt log z AdwCleaneru. Dal jsem možnost Delete, program následně vyžadoval restart, což jsem povolil a počítač se restartoval. Poté následoval stejný scénář jak z předchozího rána, tzn nenačetla se plocha, vyskočila hláška, že se nepodařilo připojení ke službě systému Windows a nebylo tím pádem možné otevřít žádné programy. Tak jsem počítač znovu restartoval, tentokrát se plocha načetla (ale windows měly celkově odlišnou grafiku, takovou zjednodušenou) a ukázal se mi log z AdwCleaneru, který jsem chtěl vložit sem do fóra, ale začaly pracovat ventilátory, počítač se přehřál a vypnul (mám 4 roky starý laptop a tohle se mi čas od času stane). Takže níže vložený log je z nového skenu AdwCleanerem z dnešního rána.

# AdwCleaner v2.200 - Log vytvooen 05/04/2013 v 07:04:39
# Aktualizováno 02/04/2013 Xplode
# Operaení systém : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Uživatel : Lubos - HPG7020EC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Lubos\Desktop\adwcleaner (1).exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

***** [Registry] *****

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v [Nemohu získat verzi]

Soubor : C:\Users\Lubos\AppData\Roaming\Mozilla\Firefox\Profiles\r7cwwsfx.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v26.0.1410.43

Soubor : C:\Users\Lubos\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

-\\ Opera v [Nemohu získat verzi]

Soubor : C:\Users\Lubos\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [3431 octets] - [26/12/2012 14:45:40]
AdwCleaner[R2].txt - [3491 octets] - [26/12/2012 21:39:03]
AdwCleaner[R3].txt - [3556 octets] - [04/04/2013 22:31:09]
AdwCleaner[R4].txt - [1167 octets] - [05/04/2013 07:04:39]
AdwCleaner[S1].txt - [3269 octets] - [26/12/2012 21:39:35]
AdwCleaner[S2].txt - [3612 octets] - [04/04/2013 23:05:28]

########## EOF - C:\AdwCleaner[R4].txt - [1347 octets] ##########

#8 Příspěvek od **Rudy** » 05 dub 2013 17:25

Dejte nový log RSIT.

krabac · #9 Příspěvek od **krabac** » 07 dub 2013 10:15

Omlouvám se za prodlevu v komunikaci a vkládám nový log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lubos at 2013-04-08 08:58:47
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 2 GB (2%) free of 107 GB
Total RAM: 1013 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:03, on 8.4.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\ProgramData\AutoStarter\AutoStarter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Lubos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lubos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lubos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Lubos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lubos\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Lubos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = vscht.cz;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\Run: [AutoStarter] C:\ProgramData\AutoStarter\AutoStarter.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lubos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CZ
O17 - HKLM\Software\..\Telephony: DomainName = CZ
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CZ
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CZ
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5237 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966314965-1446201100-2446403922-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966314965-1446201100-2446403922-1001UA.job
C:\Windows\tasks\User_Feed_Synchronization-{9667790B-B9A1-483F-8A5A-0F465DF3DBD8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"Anvi Smart Defender"=C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [2012-12-21 1434984]
"AutoStarter"=C:\ProgramData\AutoStarter\AutoStarter.exe [2013-03-15 1419328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Lubos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 116648]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-10-01 87552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"msacm.lameacm"=LameACM.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-04-07 20:22:10 ----ASH---- C:\hiberfil.sys
2013-04-07 20:19:07 ----A---- C:\Windows\ntbtlog.txt
2013-04-05 07:04:39 ----A---- C:\AdwCleaner[R4].txt
2013-04-04 23:05:28 ----A---- C:\AdwCleaner[S2].txt
2013-04-04 22:31:09 ----A---- C:\AdwCleaner[R3].txt

======List of files/folders modified in the last 1 month======

2013-04-08 08:59:00 ----D---- C:\Windows\Prefetch
2013-04-08 08:58:52 ----D---- C:\Program Files\trend micro
2013-04-08 08:56:18 ----D---- C:\Windows\temp
2013-04-08 08:52:41 ----D---- C:\Windows\system32\cs-CZ
2013-04-08 08:52:41 ----D---- C:\Windows\System32
2013-04-08 08:50:38 ----D---- C:\Windows
2013-04-08 08:50:18 ----D---- C:\Windows\inf
2013-04-08 08:50:09 ----D---- C:\Users\Lubos\AppData\Roaming\Skype
2013-04-07 20:13:13 ----SHD---- C:\System Volume Information
2013-04-06 15:48:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-06 15:44:54 ----D---- C:\Windows\system32\catroot2
2013-04-04 23:05:50 ----D---- C:\Program Files
2013-04-03 07:42:14 ----D---- C:\Users\Lubos\AppData\Roaming\uTorrent
2013-03-30 16:58:18 ----D---- C:\Users\Lubos\AppData\Roaming\dvdcss
2013-03-21 21:40:19 ----D---- C:\Users\Lubos\AppData\Roaming\vlc
2013-03-15 00:45:32 ----D---- C:\Windows\Minidump
2013-03-15 00:41:26 ----HD---- C:\Program Files\InstallShield Installation Information
2013-03-15 00:41:26 ----D---- C:\Program Files\Hewlett-Packard
2013-03-15 00:31:40 ----SHD---- C:\Windows\Installer
2013-03-15 00:31:37 ----D---- C:\Windows\winsxs
2013-03-15 00:31:18 ----D---- C:\Program Files\Common Files\microsoft shared
2013-03-14 00:07:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-03-22 304920]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-06 691696]
R1 asdnet;asdnet; \??\C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys [2012-09-07 15696]
R1 asdrm;asdrm; C:\Windows\system32\DRIVERS\asdrm.sys [2012-11-07 16208]
R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 FNETURPX;FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [2013-02-06 14656]
R1 FNETVDDA;FNETVDDA; C:\Windows\System32\drivers\FNETVDDA.SYS [2013-02-06 35552]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System; \??\C:\Windows\system32\DRIVERS\asdrs.sys [2012-11-07 22864]
R2 asdws;AnviSmartDefender Web Guard; \??\C:\Windows\system32\DRIVERS\asdws.sys [2012-11-07 14160]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-11-17 143872]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-06-18 690432]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
S3 alomx8vk;alomx8vk; C:\Windows\system32\drivers\alomx8vk.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-06-18 690432]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 CFcatchme;CFcatchme; \??\C:\Users\Lubos\AppData\Local\Temp\CFcatchme.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
S3 esiasdrv;esiasdrv; \??\C:\Users\Lubos\AppData\Local\Temp\esiasdrv.sys []
S3 FNETTBOH_305;FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-02-06 29760]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-30 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-05-04 2219520]
S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\Windows\system32\DRIVERS\LVCD.sys [2004-04-26 474304]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-05-11 43520]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADBlockerSrv;AD Blocker Service; C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 253656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-18 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]

-----------------EOF-----------------

krabac · #10 Příspěvek od **krabac** » 08 dub 2013 23:45

Dobrý den, v neděli 7.4.2013 mi přišla ve 12:12 na email zpráva, že jste mi odpověděl, ale nic tady nevidím, tak jsem se chtěl zeptat, jestli nedošlo k nějakému nedorozumění v komunikaci...? Nový log z RSIT můžete nalézt výše. Děkuji.

#11 Příspěvek od **Rudy** » 09 dub 2013 16:55

Nevím, co se stalo, ale odpověď tam opravdu byla.

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966314965-1446201100-2446403922-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966314965-1446201100-2446403922-1001UA.job

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

krabac · #12 Příspěvek od **krabac** » 09 dub 2013 20:10

Tak provedeno, nicméně po restartu PC se systém opět 5 minut bootoval a poté se objevilo to, co na začátku tohoto vlákna - nenačetla se plocha a nepodařilo se připojení ke službě windows. Musel jsem tedy ještě jednou restartovat.

Zde je aktuální log z RSITu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lubos at 2013-04-09 21:03:37
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 2 GB (2%) free of 107 GB
Total RAM: 1013 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:04, on 9.4.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\ProgramData\AutoStarter\AutoStarter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Lubos\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Lubos\Desktop\RSIT (1).exe
C:\Program Files\trend micro\Lubos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = vscht.cz;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\Run: [AutoStarter] C:\ProgramData\AutoStarter\AutoStarter.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lubos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CZ
O17 - HKLM\Software\..\Telephony: DomainName = CZ
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CZ
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CZ
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5053 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{9667790B-B9A1-483F-8A5A-0F465DF3DBD8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"Anvi Smart Defender"=C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [2012-12-21 1434984]
"AutoStarter"=C:\ProgramData\AutoStarter\AutoStarter.exe [2013-03-15 1419328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Lubos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 116648]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-02-28 18642024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-10-01 87552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"msacm.lameacm"=LameACM.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-04-09 20:42:55 ----D---- C:\_OTM
2013-04-09 07:22:40 ----A---- C:\AdwCleaner[S3].txt
2013-04-09 07:22:13 ----A---- C:\AdwCleaner[R5].txt
2013-04-08 17:31:41 ----D---- C:\Program Files\Common Files\Skype
2013-04-07 20:22:10 ----ASH---- C:\hiberfil.sys
2013-04-07 20:19:07 ----A---- C:\Windows\ntbtlog.txt
2013-04-05 07:04:39 ----A---- C:\AdwCleaner[R4].txt
2013-04-04 23:05:28 ----A---- C:\AdwCleaner[S2].txt
2013-04-04 22:31:09 ----A---- C:\AdwCleaner[R3].txt

======List of files/folders modified in the last 1 month======

2013-04-09 21:03:51 ----D---- C:\Program Files\trend micro
2013-04-09 21:03:43 ----D---- C:\Windows\Prefetch
2013-04-09 21:02:47 ----D---- C:\Windows\temp
2013-04-09 21:01:41 ----SHD---- C:\Windows\Installer
2013-04-09 20:59:29 ----D---- C:\Users\Lubos\AppData\Roaming\Skype
2013-04-09 20:55:54 ----SHD---- C:\System Volume Information
2013-04-09 20:43:02 ----D---- C:\Windows\Tasks
2013-04-09 19:31:36 ----D---- C:\Users\Lubos\AppData\Roaming\uTorrent
2013-04-09 17:49:48 ----D---- C:\Windows\system32\cs-CZ
2013-04-09 17:49:48 ----D---- C:\Windows\System32
2013-04-08 17:31:55 ----D---- C:\ProgramData\Skype
2013-04-08 17:31:41 ----RD---- C:\Program Files\Skype
2013-04-08 17:31:41 ----D---- C:\Program Files\Common Files
2013-04-08 08:50:38 ----D---- C:\Windows
2013-04-08 08:50:18 ----D---- C:\Windows\inf
2013-04-06 15:48:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-06 15:44:54 ----D---- C:\Windows\system32\catroot2
2013-04-04 23:05:50 ----D---- C:\Program Files
2013-03-30 16:58:18 ----D---- C:\Users\Lubos\AppData\Roaming\dvdcss
2013-03-21 21:40:19 ----D---- C:\Users\Lubos\AppData\Roaming\vlc
2013-03-15 00:45:32 ----D---- C:\Windows\Minidump
2013-03-15 00:41:26 ----HD---- C:\Program Files\InstallShield Installation Information
2013-03-15 00:41:26 ----D---- C:\Program Files\Hewlett-Packard
2013-03-15 00:31:37 ----D---- C:\Windows\winsxs
2013-03-15 00:31:18 ----D---- C:\Program Files\Common Files\microsoft shared
2013-03-14 00:07:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-03-22 304920]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-06 691696]
R1 asdnet;asdnet; \??\C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys [2012-09-07 15696]
R1 asdrm;asdrm; C:\Windows\system32\DRIVERS\asdrm.sys [2012-11-07 16208]
R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 FNETURPX;FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [2013-02-06 14656]
R1 FNETVDDA;FNETVDDA; C:\Windows\System32\drivers\FNETVDDA.SYS [2013-02-06 35552]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System; \??\C:\Windows\system32\DRIVERS\asdrs.sys [2012-11-07 22864]
R2 asdws;AnviSmartDefender Web Guard; \??\C:\Windows\system32\DRIVERS\asdws.sys [2012-11-07 14160]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-11-17 143872]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-06-18 690432]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
S3 abud7faf;abud7faf; C:\Windows\system32\drivers\abud7faf.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-06-18 690432]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 CFcatchme;CFcatchme; \??\C:\Users\Lubos\AppData\Local\Temp\CFcatchme.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
S3 esiasdrv;esiasdrv; \??\C:\Users\Lubos\AppData\Local\Temp\esiasdrv.sys []
S3 FNETTBOH_305;FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-02-06 29760]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-30 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-05-04 2219520]
S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\Windows\system32\DRIVERS\LVCD.sys [2004-04-26 474304]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-05-11 43520]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADBlockerSrv;AD Blocker Service; C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 253656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-18 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]

-----------------EOF-----------------

#13 Příspěvek od **Rudy** » 09 dub 2013 20:18

Log je již OK. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Ještě poprosím o log HijackThis:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

krabac · #14 Příspěvek od **krabac** » 09 dub 2013 21:30

Tentokrát proběhl restart bez problémů. Ještě než vložím log z combofixu a hijackthis, tak bych ještě chtěl zmínit, že se mi po každém spuštění systému při kliknutí na jakoukoliv ikonu samovolně spustí instalace Adobe Acrobat 8.0 (hláška "Systém připravuje instalaci..."), kterou pokaždé ukončím kliknutím na Storno, protože jsem nic takového nespouštěl. Nevíte v čem by mohl být zádrhel?

Nyní už zmíněné logy z Combofix a Hijackthis:

1) Combofix:

ComboFix 13-04-09.01 - Lubos 09.04.2013 21:58:00.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1013.182 [GMT 2:00]
Spuštěný z: c:\users\Lubos\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-09 do 2013-04-09 )))))))))))))))))))))))))))))))
.
.
2013-04-08 15:31 . 2013-04-08 15:31 -------- d-----w- c:\program files\Common Files\Skype
2013-03-17 13:40 . 2013-03-17 13:45 -------- d-----w- c:\users\Lubos\mess
2013-03-14 22:22 . 2013-03-19 19:58 -------- d-----w- c:\users\Lubos\FASKA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 22:07 . 2012-12-06 18:10 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 22:07 . 2012-12-06 18:10 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-28 06:15 . 2013-02-28 06:16 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-28 06:15 . 2012-07-07 13:10 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-28 06:15 . 2010-04-29 06:27 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-05 23:29 . 2013-02-05 23:23 14656 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2013-02-05 23:27 . 2013-02-05 23:27 35552 ----a-w- c:\windows\system32\drivers\FNETVDDA.SYS
2013-02-05 23:24 . 2013-02-05 23:24 78912 ----a-w- c:\windows\system32\TurboShell_105.dll
2013-02-05 23:24 . 2013-02-05 23:24 29760 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]
"AutoStarter"="c:\programdata\AutoStarter\AutoStarter.exe" [2013-03-15 1419328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 ADBlockerSrv;AD Blocker Service;c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 22:07]
.
2013-04-09 c:\windows\Tasks\User_Feed_Synchronization-{9667790B-B9A1-483F-8A5A-0F465DF3DBD8}.job
- c:\windows\system32\msfeedssync.exe [2008-06-24 07:33]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = proxy.vscht.cz:3128
uInternet Settings,ProxyOverride = vscht.cz;<local>
TCP: DhcpNameServer = 172.16.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Expekt Poker - c:\poker\Expekt Poker\_SetupPoker_73de0.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-09 22:13
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-04-09 22:18:54
ComboFix-quarantined-files.txt 2013-04-09 20:18
.
Před spuštěním: 2 015 375 360
Po spuštění: 1 765 302 272
.
- - End Of File - - DF00F5250FCC654708602FB24D7EE75C

2) Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:25:22, on 9.4.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Lubos\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = vscht.cz;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\Run: [AutoStarter] C:\ProgramData\AutoStarter\AutoStarter.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CZ
O17 - HKLM\Software\..\Telephony: DomainName = CZ
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CZ
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CZ
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4640 bytes

#15 Příspěvek od **Rudy** » 09 dub 2013 21:50

Log je OK. Co se stane, pokud instalaci povolíte a necháte doběhnout?

VIRY.CZ

Nepodařilo se připojení ke službě systému Windows

Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows

Re: Nepodařilo se připojení ke službě systému Windows