Príliš dlhé vypínanie a nábeh notebooku. Vyřešeno

[Brumteles68]

Prosím vás o kontrolu logu. Trápi ma dlhé vypínanie a nábeh booku. Prikladám log .

Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 8:50:38, on 31. 10. 2008
Platform: Windows Vista (WinNT 6.0)
MSIE: Internet Explorer v7.0 (7.0.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\PixArt\Pac7311\Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\conime.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Skype add-on (mastermind) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Skype add-on (mastermind) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: (Ati External Event Utility) - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Brumteles68]

Posielam ten log. Zatiaľ dík.

Malwarebytes' Anti-Malware 1.35
Verzia databázy: 1923
Windows 6.0.6001 Service Pack 1

31. 10. 2008 11:29:32
mbam-log-2008-10-31 (11-29-32).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 73448
Uplynutý cas: 3 minute(s), 38 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[jaro3]

vyčisti systém CCleanerem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Zkus defragmentaci HDD.

V přidat/odebrat programy odinstaluj: Logfile of Advanced SystemCare 3 Security Analyzer
Stáhni zde a nainstaluj HJT:
http://www.trendsecure.com/portal/en-US ... s/download
Vlož sem potom z něho log+info o nabíhání systému.

[Brumteles68]

Disk som defragm. ráno a nezlepšilo sa to. Teraz čo som ho čistil tak je to rýchlejšie ale nie ešte podľa mojích predstáv. Nemôže to vypnutie a nábeh predlžovať ESET NOD32 4...?
Prikladám log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:13, on 31. 10. 2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5695 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Těžko říct do jaké míry může NOD zpomalovat, zkusíme ještě toto:
Vypni rez. ochranu u NOD32 a štít u ST.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Brumteles68]

Dík, posielam ten log.

ComboFix 09-03-30.04 - Brumteles 2009-03-31 17:10:53.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1051.18.2047.1315 [GMT 2:00]
Running from: c:\users\Brumteles\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-29 07:26 . 2008-10-31 00:40 <DIR> d-------- c:\users\Brumteles\AppData\Roaming\Spyware Terminator
2009-03-29 07:25 . 2009-03-29 07:25 <DIR> d-------- c:\users\Brumteles\AppData\Roaming\Happy Foto
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> dr------- c:\users\Brumteles\Videos
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> dr------- c:\users\Brumteles\Searches
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> dr------- c:\users\Brumteles\Saved Games
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> dr------- c:\users\Brumteles\Pictures
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> dr------- c:\users\Brumteles\Music
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> dr------- c:\users\Brumteles\Links
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> dr------- c:\users\Brumteles\Downloads
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> dr------- c:\users\Brumteles\Documents
2009-03-29 07:24 . 2009-03-29 13:20 <DIR> dr------- c:\users\Brumteles\Contacts
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> d--h----- c:\users\Brumteles\AppData
2009-03-29 07:24 . 2009-03-29 07:24 <DIR> d-------- c:\users\Brumteles
2009-03-29 07:18 . 2009-03-29 07:18 <DIR> d-------- c:\users\Jana\AppData\Roaming\PeerNetworking
2009-03-27 14:37 . 2009-03-27 14:39 <DIR> d-------- c:\program files\Counter-Strike 1.6
2009-03-21 17:39 . 2009-03-21 17:39 <DIR> d-------- c:\program files\Audacity 1.3 Beta (Unicode)
2009-03-13 20:52 . 2009-03-16 22:15 <DIR> d-------- c:\users\Jana\AppData\Roaming\vlc
2009-03-11 14:09 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 14:09 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 14:09 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 14:09 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 14:09 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 14:09 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-09 20:39 . 2009-03-09 20:44 <DIR> d-------- c:\program files\AIDA32 - Personal System Information
2009-03-06 09:02 . 2009-03-06 09:02 <DIR> d-------- C:\Chipset
2009-03-06 09:00 . 2009-03-06 09:00 2,284,293 --a------ C:\infinst_autol.zip
2009-03-02 22:25 . 2009-03-02 22:26 <DIR> d-------- c:\users\Jana\AppData\Roaming\DriverCure
2009-03-02 22:25 . 2009-03-02 22:25 <DIR> d-------- c:\users\All Users\ParetoLogic
2009-03-02 22:25 . 2009-03-02 22:28 <DIR> d-------- c:\users\All Users\DriverCure
2009-03-02 22:25 . 2009-03-02 22:25 <DIR> d-------- c:\programdata\ParetoLogic
2009-03-02 22:25 . 2009-03-02 22:28 <DIR> d-------- c:\programdata\DriverCure
2009-03-02 22:25 . 2009-03-02 22:25 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-03-02 18:12 . 2009-03-29 09:08 329 --a------ c:\windows\System32\BIN_STRSBW.SPT
2009-03-01 18:48 . 2009-03-26 19:14 <DIR> d-------- c:\users\Jana\AppData\Roaming\Spyware Terminator
2009-03-01 18:48 . 2008-10-31 00:38 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-01 18:48 . 2009-03-01 18:48 142,592 --a------ c:\windows\System32\drivers\sp_rsdrv2.sys
2009-03-01 18:40 . 2008-10-30 22:38 <DIR> d-------- c:\users\All Users\Spyware Terminator
2009-03-01 18:40 . 2008-10-30 22:38 <DIR> d-------- c:\programdata\Spyware Terminator
2009-02-27 17:32 . 2009-02-27 17:32 0 --a------ c:\users\Jana\jagex_runescape_preferences.dat
2009-02-12 19:59 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-12 19:59 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 20:47 . 2009-02-11 20:47 626,688 --a------ c:\windows\System32\msvcr80.dll
2009-02-11 20:47 . 2009-02-11 20:47 548,864 --a------ c:\windows\System32\msvcp80.dll
2009-02-11 20:47 . 2005-09-23 00:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2009-02-11 20:46 . 2009-02-11 20:46 <DIR> d-------- c:\users\All Users\MicroWorld
2009-02-11 20:46 . 2009-02-11 20:46 <DIR> d-------- c:\programdata\MicroWorld
2009-02-10 20:19 . 2009-02-10 20:19 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-06 15:24 . 2009-02-06 15:24 92,800 --a------ c:\windows\System32\drivers\epfwwfpr.sys
2009-02-06 15:23 . 2009-02-06 15:23 106,208 --a------ c:\windows\System32\drivers\ehdrv.sys
2009-02-06 15:19 . 2009-02-06 15:19 113,448 --a------ c:\windows\System32\drivers\eamon.sys
2009-02-05 15:04 . 2009-02-05 15:04 <DIR> d-------- c:\users\All Users\vsosdk
2009-02-05 15:04 . 2009-02-05 15:04 <DIR> d-------- c:\programdata\vsosdk
2009-02-05 13:54 . 2009-02-08 10:42 <DIR> d-------- c:\users\Jana\AppData\Roaming\Vso
2009-02-05 13:54 . 2009-02-05 13:54 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2009-02-05 13:54 . 2009-02-05 13:54 47,360 --a------ c:\users\Jana\AppData\Roaming\pcouffin.sys
2009-02-05 13:53 . 2009-02-05 13:53 <DIR> d-------- c:\program files\DVDFab 5
2009-02-03 17:33 . 2009-02-03 17:33 117,008 --a------ c:\users\Jana\AppData\Roaming\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 09:54 --------- d-----w c:\users\Deti\AppData\Roaming\Spyware Terminator
2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-21 15:50 --------- d-----w c:\users\Deti\AppData\Roaming\Audacity
2009-03-16 20:15 --------- d-----w c:\users\Jana\AppData\Roaming\dvdcss
2009-03-12 14:31 --------- d-----w c:\program files\Windows Mail
2009-03-12 14:30 --------- d-----w c:\programdata\Microsoft Help
2009-03-10 18:01 --------- d-----w c:\program files\ICQ6
2009-03-02 16:23 --------- d-----w c:\program files\ESET
2009-03-01 16:40 --------- d-----w c:\users\Jana\AppData\Roaming\Application Data
2009-02-27 11:53 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 12:23 --------- d-----w c:\users\Deti\AppData\Roaming\ICQ
2009-02-25 12:45 --------- d-----w c:\users\Jana\AppData\Roaming\Skype
2009-02-25 12:38 --------- d-----w c:\users\Jana\AppData\Roaming\skypePM
2009-01-24 20:24 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-01-24 20:24 253,952 ------w c:\windows\Setup1.exe
2009-01-23 13:55 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2008-12-23 15:36 96,784 ----a-w c:\windows\System32\Packet.dll
2008-12-23 15:35 281,104 ----a-w c:\windows\System32\wpcap.dll
2008-12-23 15:33 53,299 ----a-w c:\windows\System32\pthreadVC.dll
2008-11-06 16:35 30 ----a-w c:\users\Deti\jagex_runescape_preferences.dat
2008-07-25 18:15 174 --sha-w c:\program files\desktop.ini
2008-07-20 09:55 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-20 09:55 56 ---ha-w c:\programdata\ezsidmv.dat
2008-05-23 05:19 32 ----a-w c:\users\All Users\ezsid.dat
2008-05-23 05:19 32 ----a-w c:\programdata\ezsid.dat
2008-10-31 15:57 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-10-31 15:57 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2008-05-22 16:42 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-10-31 12:53 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-30 22:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008103020081031\index.dat
2008-10-31 12:53 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-31 12:53 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 18:04 49152 c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-05-11 22:21 472632 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 c:\windows\PixArt\Pac7311\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-02-21 15:14 1183744 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2009-03-01 18:48 2233856 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-11 01:12 317128 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BA417191-CD31-472D-822A-32A3A505C111}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{F2EA5B9B-76B5-42F0-91FE-9AC58FDFDF6B}c:\\program files\\icq6\\icq.exe"= Disabled:UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D9D8762E-28AC-42A8-9B45-EA8B086081E7}c:\\program files\\icq6\\icq.exe"= Disabled:TCP:c:\program files\icq6\icq.exe:ICQ Library
"{9ED79A84-2049-4848-8F1F-0E81124DB244}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{306BA4D5-1FAC-4AA3-BA40-45E4857E958B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{7F4F9C34-CFB4-422E-A37A-248A9DC485CF}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{401704EC-3803-4204-8152-7AB6EC49A848}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5B984C0B-C913-4B9A-8AEB-3198DD1CCDCD}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{266A2977-85D7-4AF7-9CEC-B0977A1B9409}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4ABE43F0-651F-467A-8C7C-1E3CCC33A46C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5AFFF8C1-2DA2-467B-8625-9D0014B4B5BA}c:\\program files\\valve\\hltv.exe"= UDP:c:\program files\valve\hltv.exe:HLTV Launcher
"UDP Query User{4820F6AC-BE89-49BF-9620-35A5373B5158}c:\\program files\\valve\\hltv.exe"= TCP:c:\program files\valve\hltv.exe:HLTV Launcher
"TCP Query User{E742A376-73C2-456D-88F1-8AB059908C5D}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{62E107F4-7B93-4BC3-8870-99530514066B}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{219497E7-76D2-4395-9839-6D61C0B0996C}c:\\users\\deti\\desktop\\hry\\flat out 2\\flatout2.exe"= UDP:c:\users\deti\desktop\hry\flat out 2\flatout2.exe:flatout2.exe
"UDP Query User{1690DE48-D43D-4BB3-B3DA-0B9202FFFC8D}c:\\users\\deti\\desktop\\hry\\flat out 2\\flatout2.exe"= TCP:c:\users\deti\desktop\hry\flat out 2\flatout2.exe:flatout2.exe
"{A271B0DD-EA42-4DE3-BD75-2258F0BFFA34}"= UDP:c:\users\Jana\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{6C8D0F44-0DDC-43BE-A4E0-45F122C09127}"= TCP:c:\users\Jana\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{E8444593-6245-4540-A1AB-D0187F3218A3}c:\\users\\deti\\desktop\\hry\\cs 1.6\\hl.exe"= UDP:c:\users\deti\desktop\hry\cs 1.6\hl.exe:hl.exe
"UDP Query User{CC2159BA-B261-45B8-BD41-8A517204A628}c:\\users\\deti\\desktop\\hry\\cs 1.6\\hl.exe"= TCP:c:\users\deti\desktop\hry\cs 1.6\hl.exe:hl.exe
"TCP Query User{DCB58BA5-5FD2-40DF-9D09-4219F725B38E}c:\\program files\\unreal anthology\\ut2004\\system\\ut2004.exe"= UDP:c:\program files\unreal anthology\ut2004\system\ut2004.exe:UT2004
"UDP Query User{7E10DC12-8682-4EAB-A38E-05A13CA6BA09}c:\\program files\\unreal anthology\\ut2004\\system\\ut2004.exe"= TCP:c:\program files\unreal anthology\ut2004\system\ut2004.exe:UT2004
"TCP Query User{B97C071E-0F6A-42D9-9783-F0241BA995D4}c:\\users\\deti\\desktop\\hry\\copy cs 1 6\\hl.exe"= UDP:c:\users\deti\desktop\hry\copy cs 1 6\hl.exe:hl.exe
"UDP Query User{A9B8F976-6580-48B0-91F6-53C9C0579C1F}c:\\users\\deti\\desktop\\hry\\copy cs 1 6\\hl.exe"= TCP:c:\users\deti\desktop\hry\copy cs 1 6\hl.exe:hl.exe
"TCP Query User{F3625B6A-0EDD-4CF1-80D0-698C941D314B}c:\\users\\deti\\desktop\\hry\\cs 1 6\\hl.exe"= UDP:c:\users\deti\desktop\hry\cs 1 6\hl.exe:hl.exe
"UDP Query User{6FE96B03-FB06-45B4-A186-47E7F39ACB51}c:\\users\\deti\\desktop\\hry\\cs 1 6\\hl.exe"= TCP:c:\users\deti\desktop\hry\cs 1 6\hl.exe:hl.exe
"TCP Query User{31E52B8E-EF87-4D6A-88D6-FDA899621ABA}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{EBD5E89C-9676-4027-B1F1-CCD6A0DA6D6D}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{9D73FFB6-7958-4B4E-BC29-A99E92D015B6}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{E1C09AB3-4876-47EC-A67B-B35D6079E424}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2009-02-06 106208]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2008-07-26 72192]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2009-03-01 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [2009-02-06 92800]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-09-03 540448]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [2007-09-03 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [2007-06-08 172131]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2008-12-23 50704]
S3 PAC7311;VGA SoC PC-Camera;c:\windows\System32\drivers\PA707UCM.SYS [2006-11-08 530304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-02 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe []

2009-01-13 c:\windows\Tasks\HPCeeScheduleForJana.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-06-15 23:46]

2009-03-02 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []

2009-03-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Brumteles\AppData\Roaming\Mozilla\Firefox\Profiles\9dwk101x.default\
FF - prefs.js: browser.startup.homepage - www.zoznam.sk
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 17:13:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2848)
c:\program files\Aberger\HfAsistentSlk\FotoSync.dll
c:\program files\Aberger\HfAsistentSlk\xerc2701.dll
c:\program files\Aberger\HfAsistentSlk\fotosynr.dll
.
Completion time: 2009-03-31 17:16:04
ComboFix-quarantined-files.txt 2009-03-31 15:16:00

Pre-Run: 87 822 512 128 bytes free
Post-Run: 87,846,166,528 bytes free

236 --- E O F --- 2008-10-31 07:14:25

[jaro3]

Log z CF je O.K.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

můžeš případně zkontrolovat HDD utilitou od výrobce a RAM Memtestem.
Nebo něco chybí ve win..
Stahni si SREng
- rozbal na plochu a spust ho
- zvol "zvol Smart Scan", nech nastaveni tak jak je
- zvol "Verify the digital signature of process modules"
- klik na "Scan"
- klik na Save Reports, uloz log na plochu a cely obsah logu zkopirujt sem
- rozbal na plochu a spust ho
+
- Spusť ho a zvol možnost System Repair
- Na první záložce File Associations pokud bude zatrhnutý/vybraný některý čtvereček z výpisu, tak klikni dole na tlačítko Repair

[Brumteles68]

Posielam log z SREng. A teraz mám ho opäť spustiť a zvoliť System Repair?

Ten log sem nevojde. upozorňuje ma že to má veľa znakov. Ako ho sem vložiť?

[jaro3]

Jestli tam máš zaškrtnutý nějaký čtvereček, tak dej repair.
Jinak můžeš ten log vložit do dvou-třech příspěvků, nebo poslat na nějaký server-EDISK atd. a vložit sem odkaz.

[Brumteles68]

V system repair nebolo nič, tak som ho nespušťal. ten log som uložil tu http://www.edisk.cz/stahni/88622/SREngL ... .14KB.html Zatiaľ dík.

[jaro3]

Takže dle mě je log O.K:
zkontrolovat HDD utilitou od výrobce a RAM Memtestem.Jinak neporadím, můžeš zadat nové téma do sekce problémy s HW.