preventivka

[strikis]

mam v cod 2 male fps tak pikladam log jestli tam neco neni

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:33, on 1.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Call Of Duty 2\setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4097 bytes

[Reklama]

[Danator]

Tim to nebude hod sem tvou GK :-)

[strikis]

radeon 9200 ale driv sem mival aspon 50 stalych ted mi pada pod 30 s 50 se to da fps cfg mam defrag sem zkousel nwm cim to je

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[strikis]

msiexec::


Soubor msiexec.exe přijatý 2009.09.13 13:21:45 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.09.13 -
AhnLab-V3 5.0.0.2 2009.09.13 -
AntiVir 7.9.1.14 2009.09.11 -
Antiy-AVL 2.0.3.7 2009.09.11 -
Authentium 5.1.2.4 2009.09.12 -
Avast 4.8.1351.0 2009.09.12 -
AVG 8.5.0.412 2009.09.13 -
BitDefender 7.2 2009.09.13 -
CAT-QuickHeal 10.00 2009.09.12 -
ClamAV 0.94.1 2009.09.13 -
Comodo 2304 2009.09.13 -
DrWeb 5.0.0.12182 2009.09.13 -
eSafe 7.0.17.0 2009.09.10 -
eTrust-Vet 31.6.6733 2009.09.11 -
F-Prot 4.5.1.85 2009.09.12 -
F-Secure 8.0.14470.0 2009.09.13 -
Fortinet 3.120.0.0 2009.09.13 -
GData 19 2009.09.13 -
Ikarus T3.1.1.72.0 2009.09.13 -
Jiangmin 11.0.800 2009.09.13 -
K7AntiVirus 7.10.843 2009.09.12 -
Kaspersky 7.0.0.125 2009.09.13 -
McAfee 5739 2009.09.12 -
McAfee+Artemis 5739 2009.09.12 -
McAfee-GW-Edition 6.8.5 2009.09.13 -
Microsoft 1.5005 2009.09.13 -
NOD32 4421 2009.09.13 -
Norman 6.01.09 2009.09.11 -
nProtect 2009.1.8.0 2009.09.12 -
Panda 10.0.2.2 2009.09.13 -
PCTools 4.4.2.0 2009.09.11 -
Prevx 3.0 2009.09.13 -
Rising 21.46.61.00 2009.09.13 -
Sophos 4.45.0 2009.09.13 -
Sunbelt 3.2.1858.2 2009.09.12 -
Symantec 1.4.4.12 2009.09.13 -
TheHacker 6.3.4.4.402 2009.09.12 -
TrendMicro 8.950.0.1094 2009.09.13 -
VBA32 3.12.10.10 2009.09.11 -
ViRobot 2009.9.12.1932 2009.09.12 -
VirusBuster 4.6.5.0 2009.09.12 -
Rozšiřující informace
File size: 78848 bytes
MD5...: f5f0146580e7023adb963879840777f8
SHA1..: 4030c8bbcb8f146a1d8ba0ff2357be6575e48199
SHA256: f400780fb3828fdb6b2abedfe8d38536c586a001dc10b29346cfed164e5b5148
ssdeep: 1536:qTe4LTqQbX+bFkmdP8ju2e/OKsjvvgzoPaY8yC6KbbSCGaRKrC6KbbSCnoa
UOwuA:qTe4LWQbX+bFkmB8ju2e/kvvgzoPaThg
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xf322
timedatestamp.....: 0x4236424f (Tue Mar 15 02:02:55 2005)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf572 0xf600 6.27 ad63fd592dab97fa07088826b112b368
.data 0x11000 0x2fe8 0x1e00 2.53 704c7ac73b1e11eb68d5d9fe37b57372
.rsrc 0x14000 0x1bc0 0x1c00 4.52 8ed8998ad43dde32b9caf4a11f19321c

( 7 imports )
> msvcrt.dll: _vsnwprintf, wcsrchr, _except_handler3, _c_exit, _exit, _XcptFilter, _cexit, exit, _controlfp, _onexit, __dllonexit, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, _vsnprintf
> ADVAPI32.dll: SetSecurityDescriptorOwner, StartServiceCtrlDispatcherW, OpenThreadToken, RevertToSelf, GetTokenInformation, MakeAbsoluteSD, RegGetKeySecurity, GetSecurityDescriptorOwner, EqualSid, RegisterServiceCtrlHandlerW, SetServiceStatus, RegEnumKeyExW, CreateServiceW, OpenSCManagerW, OpenServiceW, ControlService, QueryServiceStatus, DeleteService, CloseServiceHandle, SetThreadToken, RegEnumKeyW, RegOpenKeyExW, RegCreateKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, GetLengthSid, AllocateAndInitializeSid, FreeSid, MakeSelfRelativeSD, GetSecurityDescriptorLength, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetAce, AddAccessAllowedAce, InitializeAcl, RegCloseKey, RegSetValueExW, RegDeleteKeyW, RegQueryValueExW, RegDeleteValueW
> KERNEL32.dll: GetCurrentThread, CompareStringW, GetFileType, GetStdHandle, GetCommandLineW, ExitProcess, SetConsoleCtrlHandler, CreateThread, GetUserDefaultLangID, GetSystemDirectoryW, GetModuleHandleW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, GetStartupInfoA, SetLastError, lstrlenW, lstrcmpiW, InterlockedExchange, GetLastError, CloseHandle, GetCurrentProcess, Sleep, GetVersionExW, GetEnvironmentVariableW, GetProcAddress, LoadLibraryW, InitializeCriticalSection, DeleteCriticalSection, MultiByteToWideChar, lstrcpynW, lstrcpynA, WideCharToMultiByte, OpenEventW, GlobalAlloc, GlobalFree, FreeLibrary, UnhandledExceptionFilter, WaitForSingleObject, CreateProcessW, GetModuleFileNameW, lstrcmpW, FormatMessageA, GetSystemDefaultLangID, LoadLibraryExW, WriteFile, FormatMessageW, GetLocaleInfoW, GetACP, GetUserDefaultUILanguage, SetCurrentDirectoryW, OutputDebugStringW, LeaveCriticalSection, EnterCriticalSection, OpenProcess, CreateEventW
> USER32.dll: PostQuitMessage, TranslateMessage, DispatchMessageW, PeekMessageW, GetMessageW, IsCharAlphaNumericW, PostThreadMessageW, MsgWaitForMultipleObjects
> ntdll.dll: NtQueryInformationProcess
> ole32.dll: CoUninitialize, StgOpenStorage, CoInitialize, CoRevokeClassObject, CoRegisterClassObject
> msi.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=f5f0146580e7023adb963879840777f8' target='_blank'>http://www.threatexpert.com/report.aspx?md5=f5f0146580e7023adb963879840777f8</a>
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)

[strikis]

Malwarebytes' Anti-Malware 1.40
Database version: 2586
Windows 5.1.2600 Service Pack 2

12.9.2009 17:29:58
mbam-log-2009-09-11 (17-46-58).txt

Scan type: Quick Scan
Objects scanned: 101007
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah