VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosím o kontrolu, zasekaný pc

https://forum.viry.cz:443/viewtopic.php?t=95705

Stránka 1 z 1

prosím o kontrolu, zasekaný pc

Napsal: 03 led 2010 12:00
od Deif
Logfile of random's system information tool 1.06 (written by random/random)
Run by oem at 2010-01-03 11:44:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive H: has 173 GB (57%) free of 305 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:21, on 3.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\WINDOWS\system32\WgaTray.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Winamp\winampa.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\Program Files\OpenOffice.org 2.4\program\soffice.exe
H:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Java\jre6\bin\jucheck.exe
H:\Documents and Settings\oem\Plocha\RSIT.exe
H:\Program Files\trend micro\oem.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "H:\WINDOWS\TEMP\E_S41.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "H:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] H:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = H:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3729178562
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7058 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - H:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-16 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-16 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - H:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-16 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=H:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"WinampAgent"=H:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avast!"=H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-10-19 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=H:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"EPSON Stylus DX4400 Series"=H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"swg"=H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-25 39408]
"ICQ"=H:\Program Files\ICQ6\ICQ.exe silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=H:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-02-03 240544]

H:\Documents and Settings\oem\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.4.lnk - H:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\ICQ6\ICQ.exe"="H:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"H:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="H:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"H:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="H:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\ICQ6.5\ICQ.exe"="H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======


======List of files/folders modified in the last 1 months======

2010-01-03 11:44:19 ----D---- H:\Program Files\trend micro
2010-01-03 11:43:54 ----A---- H:\WINDOWS\NeroDigital.ini
2010-01-03 11:41:49 ----D---- H:\WINDOWS\Temp
2010-01-03 11:38:56 ----D---- H:\Program Files\Mozilla Firefox
2010-01-03 11:38:29 ----D---- H:\Documents and Settings\oem\Data aplikací\OpenOffice.org2
2010-01-02 21:12:27 ----A---- H:\WINDOWS\SchedLgU.Txt
2010-01-02 17:57:29 ----D---- H:\Program Files\ICQ6.5
2009-12-30 19:25:05 ----D---- H:\WINDOWS\Prefetch
2009-12-16 11:22:03 ----SHD---- H:\WINDOWS\Installer
2009-12-13 13:10:14 ----D---- H:\WINDOWS\system32\CatRoot2
2009-12-10 18:39:29 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-12-10 18:39:24 ----D---- H:\WINDOWS\system32\drivers
2009-12-10 18:39:01 ----HD---- H:\WINDOWS\inf
2009-12-05 12:36:34 ----A---- H:\WINDOWS\wincmd.ini
2009-12-05 12:20:40 ----D---- H:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; H:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; H:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; H:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; H:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 afcn09y3;afcn09y3; H:\WINDOWS\system32\drivers\afcn09y3.sys []
S3 catchme;catchme; \??\H:\DOCUME~1\oem\LOCALS~1\Temp\catchme.sys []
S3 gdrv;gdrv; \??\H:\WINDOWS\gdrv.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; H:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-10-19 153376]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R3 avast! Mail Scanner;avast! Mail Scanner; H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; H:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 gusvc;Google Software Updater; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-25 182768]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; H:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Re: prosím o kontrolu, zasekaný pc

Napsal: 03 led 2010 12:04
od Unlimited_Killer
Na logu se pracuje. :bye:

Re: prosím o kontrolu, zasekaný pc

Napsal: 03 led 2010 12:14
od Unlimited_Killer
Jdeme na to.

~~~

Stáhněte OTM na Plochu. Spusťte ho dvojklikem na OTMoveIt3.exe, pokud máte Vistu, pravým tlačítkem na soubor -> Run as Administrator [spustit jako administrátor].
Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

Kód: Vybrat vše

:processes
Explorer.EXE

:reg
[HKCU\Software\Microsoft\Internet Connection Wizard]
"ShellNext"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"ICQ"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=-

:files
H:\Program Files\Yahoo!
H:\Documents and Settings\oem\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk

:services
JavaQuickStarterService
catchme

:commands
[emptytemp]
[reboot]
Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra. Pokud se zobrazí hláška k restartování, klikněte na Yes. Po restartu log najdete v C:\_OTM\MovedFiles

~~~

Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
Pokud by tam nějaká položka nebyla, vynechte ji.

~~~

Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.

~~~

Zkuste defragmentovat disk. Buď pomocí integrovaného Windowsáckého nástroje (není moc dobrý), nebo například přes Defraggler. Dobré zkušenosti mám taky s jednoduchým JKDefrag, který se nemusí instalovat.

~~~

Zkuste pročistit PC CCleanerem.
Nainstalujte, jen dávejte pozor a při instalaci odfajfkujte položku Instalovat Yahoo! Toolbar.
Spusťte.

:arrow: Záložka Čistič -> nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.

:arrow: Záložka Registry > klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.

CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

~~~

Po těchto mým 'zákrocích' Vám nebudou fungovat automatické aktualizace například Javy (spouštěly se zbytečně hned po startu systému a zatěžovaly RAM).
Proto doporučuji stáhnout si prográmek jménem FileHippo Update Checker, který stačit jednou týdně spustit a přehledně Vám zobrazí, který software je neaktuální.

~~~

Defragmentaci můžete přeskočit - je na dlouho. Ostatní prosím vykonejte a dodejte logy, o které jsem žádal (OTM, MBAM a nakonec nový RSIT log).

log z OTM

Napsal: 03 led 2010 12:43
od Deif
All processes killed
========== PROCESSES ==========
No active process named Explorer.EXE was found!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard\\ShellNext deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
========== FILES ==========
H:\Program Files\Yahoo!\Companion\Modules folder moved successfully.
H:\Program Files\Yahoo!\Companion\Media folder moved successfully.
H:\Program Files\Yahoo!\Companion\Installs\cpn folder moved successfully.
H:\Program Files\Yahoo!\Companion\Installs folder moved successfully.
H:\Program Files\Yahoo!\Companion\Icons folder moved successfully.
H:\Program Files\Yahoo!\Companion\Download folder moved successfully.
H:\Program Files\Yahoo!\Companion\Data folder moved successfully.
H:\Program Files\Yahoo!\Companion folder moved successfully.
H:\Program Files\Yahoo! folder moved successfully.
H:\Documents and Settings\oem\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk moved successfully.
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 5329370 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: oem
->Temp folder emptied: 182204782 bytes
->Temporary Internet Files folder emptied: 51860964 bytes
->Java cache emptied: 44924687 bytes
->FireFox cache emptied: 91402629 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 16665196 bytes
%systemroot%\System32 .tmp files removed: 4525568 bytes
Windows Temp folder emptied: 111983 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4117942621 bytes

Total Files Cleaned = 4 306,00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 01032010_123239

Files moved on Reboot...
File move failed. H:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. H:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: prosím o kontrolu, zasekaný pc

Napsal: 03 led 2010 12:48
od Unlimited_Killer
0K, teď další kroky. :)

log z MBAM

Napsal: 03 led 2010 13:05
od Deif
Malwarebytes' Anti-Malware 1.43
Verze databáze: 3486
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3.1.2010 13:04:24
mbam-log-2010-01-03 (13-04-24).txt

Typ kontroly: Kompletní kontrola (H:\|)
Zkontrolované objekty: 145037
Uplynulý čas: 14 minute(s), 10 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Re: prosím o kontrolu, zasekaný pc

Napsal: 03 led 2010 13:08
od Unlimited_Killer
Super, teď zbytek, poté nový RSIT log.

log z RSIT

Napsal: 03 led 2010 13:14
od Deif
Logfile of random's system information tool 1.06 (written by random/random)
Run by oem at 2010-01-03 13:13:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive H: has 178 GB (58%) free of 305 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:07, on 3.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\system32\WgaTray.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Winamp\winampa.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DAEMON Tools Lite\daemon.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\oem\Plocha\RSIT.exe
H:\Program Files\trend micro\oem.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "H:\WINDOWS\TEMP\E_S41.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3729178562
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5641 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-16 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-16 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-16 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=H:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"WinampAgent"=H:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"avast!"=H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=H:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"EPSON Stylus DX4400 Series"=H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\ICQ6\ICQ.exe"="H:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"H:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="H:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"H:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="H:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\ICQ6.5\ICQ.exe"="H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="H:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-03 12:47:31 ----D---- H:\Documents and Settings\oem\Data aplikací\Malwarebytes
2010-01-03 12:47:27 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2010-01-03 12:47:27 ----D---- H:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-03 12:32:39 ----D---- H:\_OTM

======List of files/folders modified in the last 1 months======

2010-01-03 13:13:06 ----D---- H:\Program Files\trend micro
2010-01-03 13:10:17 ----D---- H:\Program Files\Mozilla Firefox
2010-01-03 13:09:37 ----D---- H:\WINDOWS
2010-01-03 13:09:35 ----D---- H:\WINDOWS\Prefetch
2010-01-03 12:47:28 ----D---- H:\WINDOWS\system32\drivers
2010-01-03 12:47:27 ----RD---- H:\Program Files
2010-01-03 12:44:27 ----A---- H:\WINDOWS\NeroDigital.ini
2010-01-03 12:35:23 ----D---- H:\WINDOWS\Temp
2010-01-03 12:33:18 ----N---- H:\WINDOWS\SchedLgU.Txt
2010-01-03 12:33:05 ----D---- H:\WINDOWS\system32
2010-01-03 11:38:29 ----D---- H:\Documents and Settings\oem\Data aplikací\OpenOffice.org2
2010-01-02 17:57:29 ----D---- H:\Program Files\ICQ6.5
2009-12-16 11:22:03 ----SHD---- H:\WINDOWS\Installer
2009-12-13 13:10:14 ----D---- H:\WINDOWS\system32\CatRoot2
2009-12-10 18:39:29 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-12-10 18:39:01 ----HD---- H:\WINDOWS\inf
2009-12-05 12:36:34 ----A---- H:\WINDOWS\wincmd.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; H:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; H:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; H:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; H:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ajk35vms;ajk35vms; H:\WINDOWS\system32\drivers\ajk35vms.sys []
S3 gdrv;gdrv; \??\H:\WINDOWS\gdrv.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; H:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R3 avast! Mail Scanner;avast! Mail Scanner; H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; H:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 gusvc;Google Software Updater; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-25 182768]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; H:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Re: prosím o kontrolu, zasekaný pc

Napsal: 03 led 2010 13:24
od Unlimited_Killer
Odstraním Vám MBAM spouštěný po startu.

~~~

Spusťte Poznámkový blok [Start > Spustit > notepad > Enter].
Do něho vkopírujte následující text:

Kód: Vybrat vše

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=-
Uložte například na Plochu jako oprava.reg [viz obrázek] a dvojklikem spusťte.
Obrázek
Poté restartujte PC.

~~~

Jinak proveďte ten CCleaner a defragmentaci (odkazy v minulém postu). Pokud se PC již neseká, je to vše, pokud ano, ještě pojedeme dál.

Napsal: 03 led 2010 13:31
od Deif
tak je to ok, díky moc

Re: prosím o kontrolu, zasekaný pc

Napsal: 03 led 2010 13:34
od Unlimited_Killer
Neseká se? Super.
A není zač, někdy se opět ukažte. :bye:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz