Zpomalený startup, nefunkční antivir+aktualizace windows

[bbdra]

OTL Extras logfile created on: 26.11.2013 20:01:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,48 Mb Total Physical Memory | 257,56 Mb Available Physical Memory | 28,76% Memory free
2,11 Gb Paging File | 1,47 Gb Available in Paging File | 69,58% Paging File free
Paging file location(s): C:\pagefile.sys 1342 1342 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 23,65 Gb Free Space | 63,48% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 267,27 Gb Free Space | 89,66% Space Free | Partition Type: NTFS
Drive E: | 37,27 Gb Total Space | 11,27 Gb Free Space | 30,25% Space Free | Partition Type: NTFS
Drive G: | 474,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 7,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32

Computer Name: DK-D595C5267E89 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = DragonHTML] -- C:\Program Files\Comodo\Dragon\dragon.exe (Comodo)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = DragonHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
https [open] -- "C:\Program Files\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"" = 0
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Webový štít -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostika 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:Instalátor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Obecná kontrola pošty -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{99E4D531-0265-4FAA-B0A4-84E0CDDBEFC6}_is1" = RegistryCleanerKit
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{EEAFDDCF-0B0E-44DB-995B-886FB139CF1F}" = AVG 2014
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDD7AF3-89D3-41EE-B71C-EDB8919118B8}" = Panda Global Protection 2014
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"Comodo Dragon" = Comodo Dragon
"DAEMON Tools Lite" = DAEMON Tools Lite
"Eurobattle.net1.26" = Eurobattle.net
"IObitUninstall" = IObit Uninstaller
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19.11.2013 5:26:24 | Computer Name = DK-D595C5267E89 | Source = VIPRE Internet Security | ID = 0
Description = ERROR 636 1 2013-11-19T10:26:24.5625000+01:00 SocialWatch.Authentication.FacebookProvider SocialWatch.Authentication.FacebookProvider.GetApplicationDisplayName: Facebook.WebExceptionWrapper:
The remote name could not be resolved: 'graph.facebook.com' at Facebook.HttpHelper.OpenRead()

at Facebook.FacebookClient.Api(HttpMethod httpMethod, String path, Object parameters,
Type resultType) at Facebook.FacebookClient.Get(String path, Object parameters,
Type resultType) at Facebook.FacebookClient.Get(String path, Object parameters)

at Facebook.FacebookClient.Get(String path) at SocialWatch.Authentication.FacebookProvider.GetApplicationDisplayName()


Error - 19.11.2013 5:30:17 | Computer Name = DK-D595C5267E89 | Source = VIPRE Internet Security | ID = 0
Description = ERROR 2716 1 2013-11-19T10:30:17.5781250+01:00 SocialWatch.Authentication.FacebookProvider SocialWatch.Authentication.FacebookProvider.GetApplicationDisplayName: Facebook.WebExceptionWrapper:
The remote name could not be resolved: 'graph.facebook.com' at Facebook.HttpHelper.OpenRead()

at Facebook.FacebookClient.Api(HttpMethod httpMethod, String path, Object parameters,
Type resultType) at Facebook.FacebookClient.Get(String path, Object parameters,
Type resultType) at Facebook.FacebookClient.Get(String path, Object parameters)

at Facebook.FacebookClient.Get(String path) at SocialWatch.Authentication.FacebookProvider.GetApplicationDisplayName()


Error - 19.11.2013 18:59:29 | Computer Name = DK-D595C5267E89 | Source = Application Error | ID = 1000
Description = Chybující aplikace wordpad.exe, verze 5.1.2600.5512, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.

Error - 24.11.2013 18:47:24 | Computer Name = DK-D595C5267E89 | Source = Application Error | ID = 1000
Description = Chybující aplikace sporeapp.exe, verze 1.1.0.385, chybující modul
sporeapp.exe, verze 1.1.0.385, adresa chyby 0x00a0740e.

Error - 24.11.2013 18:48:46 | Computer Name = DK-D595C5267E89 | Source = Application Error | ID = 1000
Description = Chybující aplikace sporeapp.exe, verze 1.1.0.385, chybující modul
sporeapp.exe, verze 1.1.0.385, adresa chyby 0x00a0740e.

Error - 25.11.2013 19:16:07 | Computer Name = DK-D595C5267E89 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 25.11.2013 19:16:17 | Computer Name = DK-D595C5267E89 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 25.11.2013 19:33:44 | Computer Name = DK-D595C5267E89 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 25.11.2013 20:02:43 | Computer Name = DK-D595C5267E89 | Source = MsiInstaller | ID = 11704
Description = Product: VIPRE Internet Security -- Error 1704. An installation for
Microsoft Application Error Reporting is currently suspended. You must undo the
changes made by that installation to continue. Do you want to undo those changes?

Error - 25.11.2013 20:27:30 | Computer Name = DK-D595C5267E89 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Chyba
27054. CA_Error27054: SetupAction(0xC0070642): Instalace selhala.

[ System Events ]
Error - 24.11.2013 18:22:07 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bitool.dll
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 24.11.2013 18:22:08 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC90.CRT nebyla nalezena a poslední
chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 24.11.2013 18:22:08 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC90.CRT se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 24.11.2013 18:22:08 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bitool.dll
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 24.11.2013 18:22:08 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC90.CRT nebyla nalezena a poslední
chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 24.11.2013 18:22:08 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC90.CRT se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 24.11.2013 18:22:08 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bitool.dll
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 24.11.2013 18:22:08 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC90.CRT nebyla nalezena a poslední
chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 24.11.2013 18:22:08 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC90.CRT se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 24.11.2013 18:22:08 | Computer Name = DK-D595C5267E89 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bitool.dll
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .


< End of report >

[Reklama]

[jaro3]

Teda takovou sbírku antivirů v jednom logu jsem ještě neviděl...

Pokud najdeš , Odinstaluj:
Panda Security
Trend Micro Titanium Maximum Security Installer
McAfee On-Access Scanner
Personal Antivirus
Max Secure
SpyDig

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
MOD - [2013.04.02 05:25:34 | 000,543,744 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2013.01.16 02:55:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
MOD - [2013.01.16 02:50:42 | 000,016,896 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
MOD - [2013.01.16 02:50:40 | 000,039,424 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
MOD - [2012.12.18 21:04:34 | 001,098,240 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2011.04.13 12:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Gold Protection\pavsrvx86.exe -- (PAVSRV)
SRV - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awgli8iy)
DRV - [2013.09.04 07:23:38 | 000,102,904 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2013.09.04 07:20:10 | 000,083,352 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2013.09.04 07:12:16 | 000,288,840 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2013.06.12 15:53:22 | 000,166,984 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2011.02.21 14:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Gold Protection\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Gold Protection\Inicio.exe (Panda Security, S.L.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O32 - AutoRun File - [2003.05.23 14:51:36 | 000,061,440 | R--- | M] () - G:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2003.02.12 09:01:48 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013.11.08 22:27:22 | 000,000,016 | -H-- | M] () - H:\AUTORUN.INF -- [ FAT32 ]
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

:Files
C:\WINDOWS\System32\PAV
C:\Documents and Settings\Administrator\Data aplikací\Panda Security
C:\WINDOWS\System32\drivers\tmcomm.sys
C:\WINDOWS\System32\drivers\tmactmon.sys
C:\WINDOWS\System32\drivers\tmevtmgr.sys
C:\Documents and Settings\Administrator\Plocha\RK_Quarantine
C:\WINDOWS\System32\pavcpl.cpl
C:\WINDOWS\System32\TpUtil.dll
[2013.11.26 02:11:02 | 000,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL
C:\WINDOWS\System32\PavLspHook.dll
C:\WINDOWS\System32\pavipc.dll
C:\WINDOWS\System32\PavSHook.dll
C:\WINDOWS\System32\avldr.dll
C:\WINDOWS\System32\drivers\PavProc.sys
C:\WINDOWS\System32\drivers\ShlDrv51.sys
C:\Documents and Settings\All Users\Data aplikací\Panda Security
C:\WINDOWS\System32\SYSTOOLS(2).DLL
C:\Program Files\Panda Security
C:\Program Files\Common Files\Panda Security
C:\Documents and Settings\All Users\Data aplikací\Max Secure
C:\Documents and Settings\Administrator\Plocha\MaxSpywaredetector.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Max Secure Software
C:\WINDOWS\System32\PCloudCleanerService.EXE
C:\Documents and Settings\Administrator\Plocha\MaxSpywaredetector.exe
C:\Documents and Settings\All Users\Plocha\Trend_Micro.exe
C:\Documents and Settings\Administrator\Plocha\avira_free_antivirus_en.exe

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.


C:\WINDOWS\System32\drivers\etc\Hosts přejmenuj tento soubor na hosts.


C:\Program Files\Common Files\Services---podívej se do této složky , co tam je za soubory , můžeš dát i screen.

[bbdra]

Nejede mi pripojeni k internetu v te slozce jsem nasel 3 soubory: bigfoot verisign whowhere(obrazky)

[bbdra]

Jo a nejede mi zvuk. Dal jsem full scan v avg

[bbdra]

Avg scan se sekl,tak jsem zapnul kaspersky rescue disc. Tady internet jede vporadku, az doconcim scan tak ti poslu ten log z otl. Jinak tento program ma taky logfile, ale nevim jak se k nemu dostat.

[bbdra]

Test nic nenasel, jinak posilam log z otl.

http://leteckaposta.cz/470643810

[jaro3]

log vlož sem.

[bbdra]

Snad jsem te pochopil dobre...tady je log z windowsunlockeru, to je soucast kaspersky rescue disc

http://leteckaposta.cz/339379528

a potom log bez pouziti windowsunlockeru

http://leteckaposta.cz/581841878

Jsou to posledni testy co jsem delal

[jaro3]

Fajn a co problémy?

[bbdra]

Pořád to nevalilo, tak jsem reinstaloval pc, protože potřebuju mít přístup k netu a zvuk.
Po reinstal windows jsem spustil salitykillera a neco to opravilo 1 registr nebo nejakou chybu s registrama
Potom jsem zapl roguekillera(+Malwarebytes) a ten mi opravil dost chyb(registry myslím 3-5 typů), vždy po vyčištění jsem použil CCE od comoda, které mi hodně pomohlo (opravilo mi MBR a abnormal security settings) zatím se mi to nevrátilo, ale trápí mě zvukovka tam bude asi problém.
Po reinstalu windows se PC tváří že má nahrané starší zvukové ovladače, nejdou smazat, ani nahradit pomocí přidat hardware.
Zvuk jsem rozjel tak, že jsem zapnul instalaci ovladačů přímo z cd,ale řekl bych,že instalací jsem nepřemazal ty starší zvukové ovladače dále jen vir.
Stáhl jsem taky otl a naházel do něj skripty cos mi poslal, potom jsem instaloval AVG a zase se to začalo kazit. Tak jsem vrátil konfiguraci systému a použil CCleaner+Registrycleanerkit(opraví jen 16 chyb free). Nakonec jsem odebral zbytky AVG.
Protože ze všech utilit, kterým jakš takš rozumím mi pomohlo CCE od tak jsem zkusil stáhnout comodo internet security, které mi nic nenašlo, ale nedělá ani problémy zatím(zpomalený startup, stahování falešných aktualizací) btw všechny aktualizace mám vyplé+ obnovení systému.Hodím ti sem Log z HJT



Jo, teď jsem to projel znovu roguekillerem kvůli tomu internet security. a smazalo to 2x proces svchost.exe a našlo to nějaké problémy(falešné ovladače,susp unic startup,pum hj hkey_localmachine) tady je log:
RogueKiller V8.7.3 [Oct 15 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Administrator [Práva správce]
Mód : Odebrat -- Datum : 11/30/2013 17:44:33
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [7] -> SMAZÁNO [TermProc]
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 1 ¤¤¤
[All Users][SUSP UNIC] Start GeekBuddy.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Start GeekBuddy.lnk @C:\PROGRA~1\Comodo\GEEKBU~1\launcher.exe "unit_manager.exe" [-][7][x] -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - WDC WD800JB-00FMA0 +++++
--- User ---
[MBR] 3e3ec5913a605ca9ab8233e1c7f610b9
[BSP] 384169af0281d50ddacbbe0617004bf5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 14998 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standardní diskové jednotky) - Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 977ca30e15e88dd6f8c90273017aed4f
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 7511 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standardní diskové jednotky) - SAMSUNG HM321HI USB Device +++++
--- User ---
[MBR] 2d142180b6cdaafb6afd2886a77ae2ec
[BSP] f881d677e12cc099aea874b401865ccd : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_D_11302013_174433.txt >>
RKreport[0]_D_11302013_023121.txt;RKreport[0]_D_11302013_040440.txt;RKreport[0]_D_11302013_063311.txt
RKreport[0]_D_11302013_070740.txt;RKreport[0]_H_11302013_060213.txt;RKreport[0]_S_11302013_022940.txt
RKreport[0]_S_11302013_023107.txt;RKreport[0]_S_11302013_023219.txt;RKreport[0]_S_11302013_024759.txt
RKreport[0]_S_11302013_033214.txt;RKreport[0]_S_11302013_040430.txt;RKreport[0]_S_11302013_040537.txt
RKreport[0]_S_11302013_045527.txt;RKreport[0]_S_11302013_052700.txt;RKreport[0]_S_11302013_053158.txt
RKreport[0]_S_11302013_054129.txt;RKreport[0]_S_11302013_060203.txt;RKreport[0]_S_11302013_061043.txt
RKreport[0]_S_11302013_061246.txt;RKreport[0]_S_11302013_063301.txt;RKreport[0]_S_11302013_063427.txt
RKreport[0]_S_11302013_064610.txt;RKreport[0]_S_11302013_070005.txt;RKreport[0]_S_11302013_070729.txt
RKreport[0]_S_11302013_070858.txt;RKreport[0]_S_11302013_174255.txt

[bbdra]

RogueKiller V8.7.3 [Oct 15 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Administrator [Práva správce]
Mód : Odebrat -- Datum : 11/30/2013 17:49:30
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [7] -> SMAZÁNO [TermProc]
[SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - WDC WD800JB-00FMA0 +++++
--- User ---
[MBR] 3e3ec5913a605ca9ab8233e1c7f610b9
[BSP] 384169af0281d50ddacbbe0617004bf5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 14998 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standardní diskové jednotky) - Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 977ca30e15e88dd6f8c90273017aed4f
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 7511 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standardní diskové jednotky) - SAMSUNG HM321HI USB Device +++++
--- User ---
[MBR] 2d142180b6cdaafb6afd2886a77ae2ec
[BSP] f881d677e12cc099aea874b401865ccd : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_D_11302013_174930.txt >>
RKreport[0]_D_11302013_023121.txt;RKreport[0]_D_11302013_040440.txt;RKreport[0]_D_11302013_063311.txt
RKreport[0]_D_11302013_070740.txt;RKreport[0]_D_11302013_174433.txt;RKreport[0]_H_11302013_060213.txt
RKreport[0]_S_11302013_022940.txt;RKreport[0]_S_11302013_023107.txt;RKreport[0]_S_11302013_023219.txt
RKreport[0]_S_11302013_024759.txt;RKreport[0]_S_11302013_033214.txt;RKreport[0]_S_11302013_040430.txt
RKreport[0]_S_11302013_040537.txt;RKreport[0]_S_11302013_045527.txt;RKreport[0]_S_11302013_052700.txt
RKreport[0]_S_11302013_053158.txt;RKreport[0]_S_11302013_054129.txt;RKreport[0]_S_11302013_060203.txt
RKreport[0]_S_11302013_061043.txt;RKreport[0]_S_11302013_061246.txt;RKreport[0]_S_11302013_063301.txt
RKreport[0]_S_11302013_063427.txt;RKreport[0]_S_11302013_064610.txt;RKreport[0]_S_11302013_070005.txt
RKreport[0]_S_11302013_070729.txt;RKreport[0]_S_11302013_070858.txt;RKreport[0]_S_11302013_174255.txt
RKreport[0]_S_11302013_174826.txt

[bbdra]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:59:05, on 30.11.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files\COMODO\GeekBuddy\unit.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
D:\Windows utility 32bit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1123561945-861567501-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Adam')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9111C03-6AD1-49DD-91B8-88EDE045D25A}: NameServer = 156.154.70.25,156.154.71.25
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4132 bytes