preventivka

[Lord Excalibur]

Pěkné odpoledne, požádal bych o preventivní kontrolu a pomoc při čistce, případně doporučení lepšího zabezpečení. PC je teď čerstvě připojené k internetu, využívá se k přehrávání hudby (ať už internetové rádio nebo z disku), filmů, hry a pro práci (psaní programů pro CNC). Poslední dobou trochu zlenivěl, spouštění i vypínání trvá déle než je obvyklé (neměřil jsem). Občas se stane, že při přehrávání hudby se to krátkodobě zasekne (možná i u ostatních procesů, ale puze u hudby to je zřetelné). Zaseknutí trvá řádově několik málo sekund.

přikládám log

Logfile of random's system information tool 1.09 (written by random/random)
Run by Zdenda at 2013-09-13 14:44:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 522 MB (3%) free of 20 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:44:28, on 13.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS.2\System32\smss.exe
C:\WINDOWS.2\system32\winlogon.exe
C:\WINDOWS.2\system32\services.exe
C:\WINDOWS.2\system32\lsass.exe
C:\WINDOWS.2\system32\svchost.exe
C:\WINDOWS.2\System32\svchost.exe
C:\WINDOWS.2\system32\svchost.exe
C:\WINDOWS.2\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS.2\system32\nvsvc32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\WINDOWS.2\System32\PAStiSvc.exe
C:\WINDOWS.2\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS.2\system32\wuauclt.exe
C:\WINDOWS.2\system32\wscntfy.exe
C:\WINDOWS.2\Explorer.EXE
C:\WINDOWS.2\RTHDCPL.EXE
C:\WINDOWS.2\system32\RUNDLL32.EXE
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\DOCUME~1\ZDENDA~1.001\LOCALS~1\Temp\DOASNA~4.ZIP\DRIVES~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS.2\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS.2\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\RSIT.exe
C:\Program Files\trend micro\Zdenda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ChangeFilterMerit] "C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe"
O4 - HKLM\..\Run: [Presto! PVR Monitor] "C:\Program Files\NewSoft\Presto! PVR\Monitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.2\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\DOCUME~1\ZDENDA~1.001\LOCALS~1\Temp\DOASNA~4.ZIP\DRIVES~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows.2\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.2\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.2\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.2\system32\nvsvc32.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS.2\System32\PAStiSvc.exe

--
End of file - 7699 bytes

======Scheduled tasks folder======

C:\WINDOWS.2\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS.2\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-29 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-29 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS.2\system32\NvCpl.dll [2007-12-07 8523776]
"RTHDCPL"=C:\WINDOWS.2\RTHDCPL.EXE [2008-04-10 16861184]
"Alcmtr"=C:\WINDOWS.2\ALCMTR.EXE [2005-05-03 69632]
"NvMediaCenter"=C:\WINDOWS.2\system32\NvMcTray.dll [2007-12-07 81920]
"ChangeFilterMerit"=C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe [2007-06-08 51280]
"Presto! PVR Monitor"=C:\Program Files\NewSoft\Presto! PVR\Monitor.exe [2009-08-07 161616]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"NeroCheck"=C:\WINDOWS.2\system32\NeroCheck.exe [2011-10-30 155648]
"Nero DriveSpeed"=C:\DOCUME~1\ZDENDA~1.001\LOCALS~1\Temp\DOASNA~4.ZIP\DRIVES~1.EXE [2004-12-18 593920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-12-04 384800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.2\system32\ctfmon.exe [2008-04-14 15360]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2011-03-04 2736128]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS.2\mHotkey.exe [2006-12-08 547840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.2\system32\wpdshserviceobj.dll [2008-08-08 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\WINDOWS.2\system32\javaw.exe"="C:\WINDOWS.2\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Program Files\3DO\Heroes 3 Complete\Heroes3_C_crked.exe"="D:\Program Files\3DO\Heroes 3 Complete\Heroes3_C_crked.exe:*:Enabled:Heroes of Might and Magic® III"
"D:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE"="D:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE:*:Enabled:Heroes of Might and Magic® III"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre7\bin\java.exe"="C:\Program Files\Java\jre7\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Program Files\Mount&Blade Warband2\mb_warband.exe"="D:\Program Files\Mount&Blade Warband2\mb_warband.exe:*:Enabled:Mount&Blade: Warband"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS.2\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS.2\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2013-09-13 14:44:23 ----D---- C:\Program Files\trend micro
2013-09-13 14:44:22 ----D---- C:\rsit
2013-09-13 14:42:42 ----D---- C:\WINDOWS.2\system32\PreInstall
2013-09-13 14:42:39 ----HDC---- C:\WINDOWS.2\$NtUninstallKB898461$
2013-09-13 14:42:39 ----HD---- C:\WINDOWS.2\$hf_mig$
2013-09-13 14:42:39 ----D---- C:\WINDOWS.2\LastGood
2013-09-12 15:00:50 ----D---- C:\Program Files\Google
2013-09-12 14:43:35 ----D---- C:\WINDOWS.2\system32\SoftwareDistribution
2013-09-09 16:21:50 ----D---- C:\Documents and Settings\Zdenda.VELKEJ.001\Data aplikací\.minecraft
2013-09-06 23:04:20 ----D---- C:\Program Files\Minecraft
2013-08-21 01:55:16 ----A---- C:\WINDOWS.2\system32\xinput1_3.dll

======List of files/folders modified in the last 1 month======

2013-09-13 14:44:26 ----D---- C:\WINDOWS.2\Temp
2013-09-13 14:44:23 ----RD---- C:\Program Files
2013-09-13 14:44:00 ----D---- C:\WINDOWS.2\system32
2013-09-13 14:43:59 ----A---- C:\WINDOWS.2\system32\PerfStringBackup.INI
2013-09-13 14:42:46 ----HD---- C:\WINDOWS.2\inf
2013-09-13 14:42:45 ----D---- C:\WINDOWS.2
2013-09-13 14:41:13 ----D---- C:\WINDOWS.2\Prefetch
2013-09-13 14:40:04 ----RSHDC---- C:\WINDOWS.2\system32\dllcache
2013-09-13 14:40:02 ----D---- C:\WINDOWS.2\system32\ias
2013-09-13 14:40:00 ----D---- C:\WINDOWS.2\system32\CatRoot2
2013-09-13 02:17:05 ----A---- C:\WINDOWS.2\SchedLgU.Txt
2013-09-13 01:10:25 ----D---- C:\WINDOWS.2\system32\drivers
2013-09-12 15:20:31 ----SD---- C:\Documents and Settings\Zdenda.VELKEJ.001\Data aplikací\Microsoft
2013-09-12 15:05:12 ----SHD---- C:\WINDOWS.2\Installer
2013-09-12 15:00:53 ----SD---- C:\WINDOWS.2\Tasks
2013-09-12 14:44:18 ----D---- C:\WINDOWS.2\SoftwareDistribution
2013-09-12 14:44:15 ----D---- C:\WINDOWS.2\Help
2013-09-08 12:45:37 ----A---- C:\WINDOWS.2\WDICT32.INI
2013-09-06 23:07:32 ----D---- C:\Documents and Settings\Zdenda.VELKEJ.001\Data aplikací\ftblauncher
2013-08-24 18:16:26 ----D---- C:\WINDOWS.2\system32\DirectX
2013-08-24 18:15:48 ----D---- C:\WINDOWS.2\Logs
2013-08-22 00:22:12 ----A---- C:\WINDOWS.2\win.ini
2013-08-21 00:14:24 ----A---- C:\WINDOWS.2\MConfig.INI
2013-08-19 22:41:22 ----D---- C:\Documents and Settings\Zdenda.VELKEJ.001\Data aplikací\Mount&Blade Warband

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Imagedrv;Imagedrv; C:\WINDOWS.2\system32\DRIVERS\imagedrv.sys [2011-10-30 34368]
R0 JRAID;JRAID; C:\WINDOWS.2\system32\DRIVERS\jraid.sys [2008-04-03 76688]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS.2\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS.2\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.2\system32\DRIVERS\WudfPf.sys [2008-08-08 77568]
R1 ATMhelpr;ATMhelpr; C:\WINDOWS.2\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 avipbb;avipbb; C:\WINDOWS.2\system32\DRIVERS\avipbb.sys [2012-11-22 134336]
R1 avkmgr;avkmgr; C:\WINDOWS.2\system32\DRIVERS\avkmgr.sys [2012-11-22 36552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS.2\system32\DRIVERS\dtsoftbus01.sys [2013-05-16 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS.2\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS.2\system32\DRIVERS\ssmdrv.sys [2012-08-27 28520]
R2 avgntflt;avgntflt; C:\WINDOWS.2\system32\DRIVERS\avgntflt.sys [2012-11-27 83944]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS.2\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS.2\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS.2\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 Sentinel;Sentinel; C:\WINDOWS.2\System32\Drivers\SENTINEL.SYS [2009-09-17 92712]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS.2\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS.2\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS.2\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.2\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS.2\system32\DRIVERS\L8042Kbd.sys [2006-07-19 13568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS.2\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS.2\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS.2\system32\DRIVERS\nv4_mini.sys [2007-12-07 7435648]
R3 NWRDR;NetWare Rdr; C:\WINDOWS.2\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS.2\system32\drivers\RTL2832UBDA.sys [2009-08-17 93216]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS.2\System32\Drivers\RTL2832UUSB.sys [2009-08-17 32800]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS.2\system32\DRIVERS\Rtenicxp.sys [2008-01-04 105856]
R3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\WINDOWS.2\system32\DRIVERS\SNTNLUSB.SYS [2009-09-17 38376]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS.2\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS.2\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS.2\system32\drivers\EagleXNt.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS.2\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.2\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.2\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.2\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.2\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS.2\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS.2\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS.2\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS.2\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS.2\system32\DRIVERS\wpdusb.sys [2008-08-08 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS.2\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.2\system32\DRIVERS\wudfrd.sys [2008-08-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-12-04 109344]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-03-29 170912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2011-03-04 73728]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.2\system32\nvsvc32.exe [2007-12-07 155716]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS.2\system32\svchost.exe [2008-04-14 14336]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-17 369952]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2009-09-17 1246496]
R2 SentinelSecurityRuntime;Sentinel Security Runtime; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-17 292128]
R2 STI Simulator;STI Simulator; C:\WINDOWS.2\System32\PAStiSvc.exe [2005-01-14 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.2\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-12 116648]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-12 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS.2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.2\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\DOCUME~1\ZDENDA~1.001\LOCALS~1\Temp\DOASNA~4.ZIP\DRIVES~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.2\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Zdenda.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

LightScribeService Direct Disc Labeling Service

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


V Naplánovaných úlohách zastav :

Google Update (bude to tam 2 x)


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[Lord Excalibur]

ComboFix 13-09-13.03 - Zdenda 13.09.2013 20:24:39.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.948 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zdenda.VELKEJ.001\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Zdenda.VELKEJ.001\WINDOWS
c:\windows.2\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-13 do 2013-09-13 )))))))))))))))))))))))))))))))
.
.
2013-09-13 12:44 . 2013-09-13 18:03 -------- d-----w- c:\program files\trend micro
2013-09-13 12:44 . 2013-09-13 12:44 -------- d-----w- C:\rsit
2013-09-13 12:42 . 2013-09-13 14:27 -------- d--h--w- c:\windows.2\$hf_mig$
2013-09-13 12:42 . 2013-09-13 12:42 -------- d-----w- c:\windows.2\LastGood
2013-09-12 13:00 . 2013-09-12 13:01 -------- d-----w- c:\documents and settings\Zdenda.VELKEJ.001\Local Settings\Data aplikací\Google
2013-09-12 13:00 . 2013-09-12 13:01 -------- d-----w- c:\program files\Google
2013-09-12 13:00 . 2013-09-12 13:00 -------- d-----w- c:\documents and settings\Zdenda.VELKEJ.001\Local Settings\Data aplikací\Deployment
2013-09-09 14:21 . 2013-09-09 14:22 -------- d-----w- c:\documents and settings\Zdenda.VELKEJ.001\Data aplikací\.minecraft
2013-09-06 21:04 . 2013-09-13 15:03 -------- d-----w- c:\program files\Minecraft
2013-08-20 23:55 . 2013-08-20 20:06 68888 ----a-w- c:\windows.2\system32\xinput1_3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 15:21 . 2008-08-27 15:21 821760 ----a-w- c:\program files\CUE_Splitter.exe
2004-12-18 21:01 . 2010-09-28 12:16 593920 ----a-w- c:\program files\DriveSpeed.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows.2\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows.2\system32\NvCpl.dll" [2007-12-07 8523776]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"NvMediaCenter"="c:\windows.2\system32\NvMcTray.dll" [2007-12-07 81920]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2009-08-07 161616]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"4StoryPrePatch"="d:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2013-02-19 327680]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2006-12-08 15:01 547840 ----a-w- c:\windows.2\mHotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-07 05:51 1626112 ----a-w- c:\windows.2\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS.2\\system32\\javaw.exe"=
"d:\\Program Files\\3DO\\Heroes 3 Complete\\Heroes3_C_crked.exe"=
"d:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"d:\\Program Files\\Mount&Blade Warband2\\mb_warband.exe"=
.
R1 ATMhelpr;ATMhelpr;c:\windows.2\system32\drivers\ATMHELPR.SYS [1.9.2012 14:08 4064]
R1 avkmgr;avkmgr;c:\windows.2\system32\drivers\avkmgr.sys [2.4.2013 23:59 36552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows.2\system32\drivers\dtsoftbus01.sys [16.5.2013 23:07 242240]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2.4.2013 23:59 85280]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [17.9.2009 1:03 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [17.9.2009 1:00 292128]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows.2\system32\drivers\RTL2832UBDA.sys [14.7.2011 1:03 93216]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows.2\system32\drivers\RTL2832UUSB.sys [14.7.2011 1:03 32800]
S3 EagleXNt;EagleXNt;\??\c:\windows.2\system32\drivers\EagleXNt.sys --> c:\windows.2\system32\drivers\EagleXNt.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - GUPDATEM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-12 13:01 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-13 20:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-09-13 20:29:26
ComboFix-quarantined-files.txt 2013-09-13 18:29
.
Před spuštěním: 311 234 560
Po spuštění: 1 488 027 648
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.2
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.2="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP III Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 516D7BC3FBCFA338C88CA7AED33F2549
413FC2A0C716421B3158746D63736515

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo dole klikni na Scan.

Po té proběhne sken a po jeho skončení na Tebe vypadne log, který mi sem zkopíruj.

[Lord Excalibur]

nevim zda se změnilo rozhraní ADWcleaneru, ale log to na mě nevyplivlo. Nicméně jsem nalezl toto

# AdwCleaner v3.003 - Report created 14/09/2013 at 00:34:37
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Zdenda - NEWPC
# Running from : C:\Documents and Settings\Zdenda.VELKEJ.001\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS.2\system32\Utils.dll

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.5730.13


*************************

AdwCleaner[R0].txt - [634 octets] - [14/09/2013 00:34:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [693 octets] ##########

[Roli]

nevim zda se změnilo rozhraní ADWcleaneru, ale log to na mě nevyplivlo. Nicméně jsem nalezl toto

Ano změnilo, jen jsem zapomněl návod poopravit


Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.

[Lord Excalibur]

# AdwCleaner v3.003 - Report created 14/09/2013 at 17:34:36
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Zdenda - NEWPC
# Running from : C:\Documents and Settings\Zdenda.VELKEJ.001\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [772 octets] - [14/09/2013 00:34:37]
AdwCleaner[S1].txt - [581 octets] - [14/09/2013 17:34:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [640 octets] ##########

[Roli]

Bezva uklizeno, jaký je stav PC ?