Prosím o kontrolu logu - Freezy hry

[Dymon]

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/20 15:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: E:\hiberfil.sys
Status: Locked to the Windows API!

Path: E:\Documents and Settings\Petr\Local Settings\temp\fla27C.tmp
Status: Visible to the Windows API, but not on disk.

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\cache\activity.opr
Status: Visible to the Windows API, but not on disk.

Path: e:\documents and settings\petr\local settings\data aplikací\opera\opera\thumbnails\8b0c87cf-0e73-f142-9149-13bf1890e06e.png
Status: Size mismatch (API: 13354, Raw: 13249)

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\cache\g_005E\opr17SXY.tmp
Status: Invisible to the Windows API!

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\cache\g_0062\opr17TAZ.tmp
Status: Invisible to the Windows API!

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\cache\g_0062\opr17TB3.tmp
Status: Visible to the Windows API, but not on disk.

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\cache\g_0062\opr17TB4.tmp
Status: Visible to the Windows API, but not on disk.

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\cache\g_0062\opr17TB5.tmp
Status: Visible to the Windows API, but not on disk.

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\cache\g_0062\opr17TB6.tmp
Status: Visible to the Windows API, but not on disk.

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\cache\g_0062\opr17TB7.tmp
Status: Visible to the Windows API, but not on disk.

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\cache\g_0062\opr17TB8.tmp
Status: Visible to the Windows API, but not on disk.

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\vps\0000\adoc.bx-j
Status: Invisible to the Windows API!

Path: e:\documents and settings\petr\local settings\data aplikací\opera\opera\vps\0000\md.dat
Status: Allocation size mismatch (API: 172032, Raw: 180224)

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\vps\0000\md.dat-j
Status: Invisible to the Windows API!

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\vps\0000\url.axx-j
Status: Invisible to the Windows API!

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\vps\0000\w.axx-j
Status: Invisible to the Windows API!

Path: E:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera\Opera\vps\0000\wb.vx-j
Status: Invisible to the Windows API!

[Reklama]

[jaro3]

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
klikni na tlačítko CleanUp!

Stáhni si File Lister

a ulož si ho na plochu.Rozbal si ho na plochu.Otevři adresář File Lister, pravým klikni na soubor FileLister.vbe a vyber otevřít .
Spustí se program, nic není ale vidět.
Když program skončí, vytvoří se log, který se nachází v C:\Files.txt
A v adresáři File Lister. Zkopíruj sem prosím celý jeho obsah.

[Dymon]

+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 20.4.2010 21:16:14

====== Running Processes ======

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\winamp\winampa.exe
E:\Program Files\Pošťák\Postak\Postak.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\A4Tech\Mouse\Amoumain.exe
E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
e:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\WINDOWS\System32\WScript.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE

====== BHO's ======
BHO: (NO NAME) - -

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = E:\WINDOWS\system32\userinit.exe,
Winlogon\Shell = Explorer.exe
AppInit_DLLs = E:\WINDOWS\system32\wbsys.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[WinampAgent] = "E:\Program Files\winamp\winampa.exe"
[SMail] = "E:\Program Files\Pošťák\Postak\Postak.exe"
[HP Component Manager] = "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[egui] = "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
[StartCCC] = "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
[WheelMouse] = E:\Program Files\A4Tech\Mouse\Amoumain.exe

====== HKCU\~\Run Keys ======

[AFProg] = E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] = "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[DAEMON Tools Lite] = "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
[H/PC Connection Agent] = "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[ctfmon.exe] = E:\WINDOWS\system32\ctfmon.exe

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}\ NameServer= 62.129.50.20,85.135.32.100

HKEY_LOCAL_MACHINE\CS001\~\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}\ NameServer= 62.129.50.20,85.135.32.100

HKEY_LOCAL_MACHINE\CS002\~\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}\ NameServer= 62.129.50.20,85.135.32.100

HKEY_LOCAL_MACHINE\CS003\~\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}\ NameServer= 62.129.50.20,85.135.32.100

NV Hostname = petr-93f360f962
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = petr-93f360f962
UseDomainNameDevolution = 1
DeadGWDetectDefault = 1
DontAddDefaultGatewayDefault = 0

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

20.4.2010 15:15:37 614925 E:\!FixIEDef
20.4.2010 15:15:37 394 E:\!FixIEDef\Temp
20.4.2010 15:15:50 58584381 E:\ERDNT
20.4.2010 15:15:50 58584381 E:\ERDNT\FixIEDef
20.4.2010 15:15:53 6971392 E:\ERDNT\FixIEDef\Users
20.4.2010 15:15:53 229376 E:\ERDNT\FixIEDef\Users\00000001
20.4.2010 15:15:53 8192 E:\ERDNT\FixIEDef\Users\00000002
20.4.2010 15:15:53 233472 E:\ERDNT\FixIEDef\Users\00000003
20.4.2010 15:15:53 8192 E:\ERDNT\FixIEDef\Users\00000004
20.4.2010 15:15:53 6303744 E:\ERDNT\FixIEDef\Users\00000005
20.4.2010 15:15:54 188416 E:\ERDNT\FixIEDef\Users\00000006
20.4.2010 15:12:05 85 E:\RECYCLER
20.4.2010 15:12:05 85 E:\RECYCLER\S-1-5-21-1482476501-329068152-725345543-1003
20.4.2010 15:15:40 0 E:\WINDOWS\ERDNT
20.4.2010 15:15:40 0 E:\WINDOWS\ERDNT\FixIEDef
20.4.2010 15:15:40 331204 E:\WINDOWS\ERUNT
20.4.2010 14:40:53 0 E:\WINDOWS\temp
20.4.2010 21:13:45 0 32 E:\WINDOWS\0.log
20.4.2010 16:01:43 1438 32 E:\WINDOWS\WindowsUpdate.log
20.4.2010 21:13:47 0 32 E:\WINDOWS\system32\nmp.log
20.3.2010 14:17:07 794408 32 E:\WINDOWS\system32\pbsvc.exe
20.3.2010 14:36:21 215104 32 E:\WINDOWS\system32\PnkBstrB.xtr

====== "\Administrator & All Users\Startup" Last 60 Days======





====== "\Program Files" Last 60 Days======

24.3.2010 18:12:44 7025653 E:\Program Files\A4Tech
6.4.2010 16:18:04 2027858143 E:\Program Files\Cenega Czech
20.3.2010 11:59:52 3175565 E:\Program Files\GamePark
27.2.2010 22:31:10 35234634 E:\Program Files\ICQ7.0

======"Drivers" Modified Last 60 Days======

21.11.2008 14:29:58 138576 32 E:\WINDOWS\system32\drivers\PnkBstrK.sys

====== Files Deleted under "%Temp%" ======

17 Files deleted

======"All Users\Application Data" Last 60 Days======



====== HKLM\~\ShellServiceObjectDelayLoad======

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll

SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - E:\WINDOWS\system32\upnpui.dll

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll


====== HKLM\~\SharedTaskScheduler======

Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll

Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

Amfilter (A4Tech Mouse Filter Driver)- E:\WINDOWS\system32\DRIVERS\Amfilter.sys - System/Running
Amusbprt (A4Tech HID-compliant Mouse Driver)- E:\WINDOWS\system32\DRIVERS\Amusbprt.sys - Manual/Running
AtiHdmiService (ATI Function Driver for HDMI Service)- E:\WINDOWS\system32\drivers\AtiHdmi.sys - Manual/Running
eamon (eamon)- E:\WINDOWS\system32\DRIVERS\eamon.sys - Auto/Running
ehdrv (ehdrv)- E:\WINDOWS\system32\DRIVERS\ehdrv.sys - System/Running
epfwtdir (epfwtdir)- E:\WINDOWS\system32\DRIVERS\epfwtdir.sys - System/Running
Moufiltr (Mouse Test Driver)- E:\WINDOWS\system32\DRIVERS\Moufiltr.sys - Manual/Stopped
MouseCap (MouseCapture Driver)- E:\WINDOWS\system32\Drivers\MouseCap.sys - Manual/Running
MTsensor (ATK0110 ACPI UTILITY)- E:\WINDOWS\system32\DRIVERS\ASACPI.sys - Manual/Running
NdisIP (Microsoft TV/Video Connection)- E:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
prodrv06 (StarForce Protection Environment Driver v6)- E:\WINDOWS\system32\drivers\prodrv06.sys - System/Running
prohlp02 (StarForce Protection Helper Driver v2)- E:\WINDOWS\system32\drivers\prohlp02.sys - Boot/Running
prosync1 (StarForce Protection Synchronization Driver v1)- E:\WINDOWS\system32\drivers\prosync1.sys - Boot/Running
SenFiltService (SenFilt Service)- E:\WINDOWS\system32\drivers\Senfilt.sys - Manual/Running
sfhlp01 (StarForce Protection Helper Driver)- E:\WINDOWS\system32\drivers\sfhlp01.sys - Boot/Running
SLIP (BDA Slip De-Framer)- E:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
tapvpn (TAP VPN Adapter)- E:\WINDOWS\system32\DRIVERS\tapvpn.sys - Manual/Running
tifsfilter (Acronis True Image FS Filter)- E:\WINDOWS\system32\DRIVERS\tifsfilt.sys - Auto/Running
timounter (Acronis True Image Backup Archive Explorer)- E:\WINDOWS\system32\DRIVERS\timntr.sys - Boot/Running
TVICHW32 (TVICHW32)- \??\E:\WINDOWS\system32\DRIVERS\TVICHW32.SYS - Manual/Stopped
usb_rndisx (Adaptér USB RNDIS)- E:\WINDOWS\system32\DRIVERS\usb8023x.sys - Manual/Stopped

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 3220 MB

Boot Info

OS Type: Systém Microsoft Windows XP Professional
Build: 5.1.2600
Service Pack: 3.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==


Freezy pořád pokračují hlavně na místech kde je vetší množství nepřátel (detaily mam na minimum)

[jaro3]

Nic tam už nevidím,

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

[Dymon]

Je nějaká možnost kde najít ten report, když jsem na konci skenu neklikl na show report?

Vyléčilo mi to 6 souborů.

[jaro3]

Přesně nevím , zkus najít , buď v Program Files nebo documents and setting.
Pod F-Secure.

[Dymon]

Bohužel log jsem nenašel.

Hru teď reinstaluji tak doufám že to pomůže. Super, nepomohlo... teď už mi zbývá snad jen reinstal windowsu

Ještě se chci zeptat jestli ty programy co jsem instaloval mám odinstalovat nebo mi na to doporučíš nějaky program?

[jaro3]

Můžeš smazat:
C:\ FixIEDef
C:\RootRepeal
C:\ File Lister
C:\_OTM


Zkontroluj DirectX:

START-spustit, napiš dxdiag a dej OK.

pokud tam v okně budou nějaké problémy , tak zkus opravit.

Stáhni si Dial-a-fix
Fix Windows Installer - Opraví problémy při instalaci programů v podobě .msi souborů nebo programů postavených na starších verzích instalátoru.
ActiveX controls/codecs - Pokusí se o opravu prvků ActiveX.
Direct(X, Draw, Show, Media) - Pokusí se o opravu rozhraní Direct.
Policies: Otevře přehled všech použitých omezení nastavených v registru, například na použití editoru registru, správce úloh atd. (vlož pak log..)

Klikni na službu(dej zatržítko) a potom na GO.

[Dymon]

22:41:59 | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 8.0.6001.18702
MPC: 55703-640
CPU: AMD Athlon(tm) 64 Processor 3000+ (~1800MHz)
CPU: CPU is 64-bit or has 64-bit extensions
BIOS: 21.8.2006
Memory (approx): 2047MB
Uptime: 6 hour(s)
Current directory: E:\Documents and Settings\Petr\Plocha\Dial-a-fix-v0.60.0.24
---

23.4.2010 22:41:59 -- Dial-a-fix : [v0.60.0.24] -- started
22:41:59 | Policy scan started
22:41:59 | Policy scan ended - no restrictive policies were found
--- MSI ---
22:42:14 | Registered: E:\WINDOWS\system32\msi.dll
--- MSI ---
22:42:51 | Registered: E:\WINDOWS\system32\msi.dll
--- Registration: ActiveX controls/codecs ---
22:42:53 | Registered: E:\WINDOWS\system32\acelpdec.ax
22:42:53 | Registered: E:\WINDOWS\system32\actxprxy.dll
22:42:53 | Registered: E:\WINDOWS\system32\asctrls.ocx
22:42:54 | Registered: E:\WINDOWS\system32\daxctle.ocx
22:42:54 | Registered: E:\WINDOWS\system32\hhctrl.ocx
22:42:54 | Registered: E:\WINDOWS\system32\l3codecx.ax
22:42:54 | Registered: E:\WINDOWS\system32\licmgr10.dll
22:42:54 | Registered: E:\WINDOWS\system32\mpg4ds32.ax
22:42:57 | Registered: E:\WINDOWS\system32\msdxm.ocx
22:42:57 | Registered: E:\WINDOWS\system32\proctexe.ocx
22:42:57 | Registered: E:\WINDOWS\system32\tdc.ocx
22:42:57 | Registered: E:\WINDOWS\system32\wshom.ocx
--- Registration: Direct[X|Draw|Show|Media] ---
22:42:57 | Registered: E:\WINDOWS\system32\quartz.dll
22:42:58 | Registered: E:\WINDOWS\system32\danim.dll
22:42:58 | Registered: E:\WINDOWS\system32\dmscript.dll
22:42:58 | Registered: E:\WINDOWS\system32\dmstyle.dll
22:42:58 | Registered: E:\WINDOWS\system32\dxmasf.dll
22:42:58 | Registered: E:\WINDOWS\system32\dxtmsft.dll
22:42:58 | Registered: E:\WINDOWS\system32\dxtrans.dll
22:42:58 | Registered: E:\WINDOWS\system32\sbe.dll
22:43:03 | Policy scan started
22:43:04 | Policy scan ended - no restrictive policies were found
22:43:16 | "Hide disabled policies" was toggled - initiating a policy scan:
22:43:16 | Policy scan ended - no restrictive policies were found
22:43:16 | Policy scan started
22:43:16 | Policy scan ended - no restrictive policies were found
22:43:19 | "Hide disabled policies" was toggled - initiating a policy scan:
22:43:19 | Policy scan ended - no restrictive policies were found

[jaro3]

Log OK, jestli chceš , můžeš odinstalovat , smazat Dial-a-fix.

Pokud problémy přetrvávají , bude na vině nejspíše HW. Zkontroluj napětí teploty , HDD, RAM atd.
Tady je to vše.Viry to není.