Prosím o kontrolu výpisu z Hijackthis!

[kytovec]

Chytil jsem vira - hlásilo mi to trojan gen (other) a přidal se k tomu cutwail. Nejdřív se mi začal vypínat počítač, potom už jen dokola restartoval, nakonec fungoval jen nouzovém režimu. Když dám po restartu spuštění kontroly avastem, tak mi počítač nastartuje a jede, bez tohoto režimu ale musím jít do nouzového, jinak se startuje a vypíná pořád dokola.

Díky za pomoc, moc se v tom nevyznám!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:46, on 13.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS1\system32\RUNDLL32.EXE
C:\WINDOWS1\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SafeNet\iKey Components\Bin\iKeyACR.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\SafeNet\iKey Components\Bin\iKeyTU.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\WINDOWS1\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS1\system32\svchost.exe
C:\vejš listiny pro zvolené 2006\stažené\vzít s sebou\abcde.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS1\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [iKeyACR.exe] "C:\Program Files\SafeNet\iKey Components\Bin\iKeyACR.exe"
O4 - HKLM\..\Run: [iKeyTU.exe] "C:\Program Files\SafeNet\iKey Components\Bin\iKeyTU.exe" /SYSTRAY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS1\
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Update Service (gupdate1c986c88fe75ffa) (gupdate1c986c88fe75ffa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Machine Debug Manager MDMdmserver (MDMdmserver) - Unknown owner - C:\WINDOWS1\system32\acctresi.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS1\

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
použij v nouz. režimu, pokud bude problém s uložením-přejmenuj mbam.exe na mabn.exe a ulož a nainstaluj.

[kytovec]

Díky. Provedl jsem instalaci a spustil, ale vypíná mi to počítač po pár minutách skenování.

Ruda

[jaro3]

A zkoušel jsi ho v nouzovém režimu? Pokud ano , tak zkus toto:
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

[kytovec]

Pouštěl jsem to v nouzovém režimu. Tady je ten výpis pomocí rsit.

Dík

Logfile of random's system information tool 1.06 (written by random/random)
Run by OEM at 2009-05-13 18:09:45
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 28 GB (37%) free of 76 GB
Total RAM: 510 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS1\tasks\Google Software Updater.job
C:\WINDOWS1\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728]
"NvCplDaemon"=C:\WINDOWS1\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS1\system32\NvMcTray.dll [2006-06-01 86016]
"NeroFilterCheck"=C:\WINDOWS1\system32\NeroCheck.exe [2001-07-09 155648]
"HPDJ Taskbar Utility"=C:\WINDOWS1\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-04-29 188416]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-09-07 1400944]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"Startup Cleaner"=C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [2006-08-08 122880]
"DesktopMechanic"= []
"iKeyACR.exe"=C:\Program Files\SafeNet\iKey Components\Bin\iKeyACR.exe [2006-12-27 77824]
"iKeyTU.exe"=C:\Program Files\SafeNet\iKey Components\Bin\iKeyTU.exe [2006-12-27 84096]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"KernelFaultCheck"=C:\WINDOWS1\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS1\system32\ctfmon.exe [2004-08-18 15360]

C:\Documents and Settings\All Users.WINDOWS1\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS1\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS1\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli

:\WINDOWS1\system32\srrstr.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe"="C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe:*:Enabled:Easy Wireless Net"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-05-13 18:09:46 ----D---- C:\Program Files\trend micro
2009-05-13 18:09:45 ----D---- C:\rsit
2009-05-13 17:20:32 ----A---- C:\WINDOWS1\ntbtlog.txt
2009-05-13 17:18:21 ----D---- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
2009-05-13 17:18:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-13 17:18:16 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Data aplikací\Malwarebytes
2009-05-12 13:36:59 ----N---- C:\WINDOWS1\SchedLgU.Txt
2009-05-12 13:22:15 ----A---- C:\WINDOWS1\system32\aswBoot.exe
2009-04-27 08:31:35 ----D---- C:\WINDOWS1\LastGood.Tmp
2009-04-24 10:11:13 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-04-24 10:11:13 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-24 10:11:13 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-04-24 10:11:12 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-04-23 05:55:31 ----D---- C:\WINDOWS1\Minidump
2009-04-20 05:59:22 ----HDC---- C:\WINDOWS1\$NtUninstallKB959426$
2009-04-20 05:59:08 ----HDC---- C:\WINDOWS1\$NtUninstallKB961373$
2009-04-20 05:55:33 ----HDC---- C:\WINDOWS1\$NtUninstallKB956572$
2009-04-20 05:54:59 ----HDC---- C:\WINDOWS1\$NtUninstallKB952004$
2009-04-20 05:54:49 ----HDC---- C:\WINDOWS1\$NtUninstallKB960803$
2009-04-20 05:54:23 ----HDC---- C:\WINDOWS1\$NtUninstallKB963027$
2009-04-20 05:54:00 ----HDC---- C:\WINDOWS1\$NtUninstallKB923561$

======List of files/folders modified in the last 1 months======

2009-05-13 18:09:46 ----RD---- C:\Program Files
2009-05-13 17:35:24 ----D---- C:\WINDOWS1
2009-05-13 17:29:25 ----SD---- C:\WINDOWS1\Tasks
2009-05-13 17:29:16 ----D---- C:\WINDOWS1\Temp
2009-05-13 17:18:21 ----D---- C:\WINDOWS1\Prefetch
2009-05-13 17:18:20 ----D---- C:\WINDOWS1\system32\drivers
2009-05-13 16:17:29 ----D---- C:\Program Files\Mozilla Firefox
2009-05-13 14:38:13 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Data aplikací\Google Updater
2009-05-12 13:26:02 ----D---- C:\Program Files\Zip67
2009-05-12 13:24:06 ----D---- C:\Documents and Settings\All Users.WINDOWS1\Data aplikací\Spybot - Search & Destroy
2009-05-12 13:22:35 ----D---- C:\WINDOWS1\system32
2009-05-11 19:24:23 ----D---- C:\WINDOWS1\system32\CatRoot2
2009-05-11 10:43:00 ----SHD---- C:\WINDOWS1\Installer
2009-05-07 11:07:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-07 08:04:20 ----D---- C:\WINDOWS1\Debug
2009-05-07 08:01:44 ----D---- C:\Program Files\CCleaner
2009-04-30 14:55:10 ----HD---- C:\WINDOWS1\inf
2009-04-29 12:13:15 ----RSHDC---- C:\WINDOWS1\system32\dllcache
2009-04-27 08:34:20 ----D---- C:\vejš listiny pro zvolené 2006
2009-04-27 08:31:19 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-27 08:31:19 ----D---- C:\Program Files\CyberLink DVD Solution
2009-04-27 08:30:48 ----D---- C:\Program Files\střih videa 1_4
2009-04-27 08:30:46 ----D---- C:\Program Files\Common Files
2009-04-27 08:28:41 ----D---- C:\Program Files\IrfanView
2009-04-27 08:28:15 ----D---- C:\Program Files\Hair Pro 2006 Light
2009-04-24 11:30:09 ----A---- C:\WINDOWS1\system32\PerfStringBackup.INI
2009-04-23 16:29:57 ----D---- C:\Documents and Settings
2009-04-23 14:18:55 ----D---- C:\WINDOWS1\system32\config
2009-04-23 14:18:50 ----D---- C:\WINDOWS1\system32\wbem
2009-04-23 14:18:48 ----D---- C:\WINDOWS1\Registration
2009-04-23 14:18:28 ----D---- C:\Program Files\Eraser
2009-04-20 09:47:46 ----D---- C:\WINDOWS1\AppPatch
2009-04-20 05:55:20 ----HD---- C:\WINDOWS1\$hf_mig$
2009-04-20 05:54:36 ----D---- C:\Program Files\Internet Explorer
2009-04-15 12:10:58 ----A---- C:\Log.txt
2009-04-15 09:11:36 ----D---- C:\Documents and Settings\OEM\Data aplikací\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS1\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 InCDPass;InCDPass; C:\WINDOWS1\System32\DRIVERS\InCDPass.sys [2004-09-07 28544]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS1\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS1\system32\drivers\pfc.sys [2007-07-19 10368]
R3 SMBios;Intel (R) System Managment BIOS Service; C:\WINDOWS1\system32\DRIVERS\SMBios.sys [2003-06-17 35012]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS1\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS1\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS1\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 52690ebf;52690ebf; C:\WINDOWS1\System32\drivers\52690ebf.sys [2009-04-29 94842]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS1\system32\drivers\Aavmker4.sys [2009-02-05 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS1\system32\drivers\aswSP.sys [2009-02-05 114768]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS1\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
S1 sf;SFI Service; C:\WINDOWS1\system32\drivers\sf.sys [2003-05-09 33248]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS1\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS1\system32\drivers\aswMon2.sys [2009-02-05 94032]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS1\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS1\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS1\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 aeaudio;aeaudio; C:\WINDOWS1\system32\drivers\aeaudio.sys [2003-03-14 100224]
S3 aswRdr;aswRdr; C:\WINDOWS1\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS1\system32\DRIVERS\ikeyenum.sys [2007-02-19 12480]
S3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS1\system32\DRIVERS\ikeyifd.sys [2007-02-19 19232]
S3 MidiSyn;MidiSyn; C:\WINDOWS1\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 nv;nv; C:\WINDOWS1\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS1\system32\DRIVERS\rnbtoken.sys [2007-02-19 22304]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS1\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 smwdm;smwdm; C:\WINDOWS1\system32\drivers\smwdm.sys [2003-06-02 578304]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS1\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS1\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS1\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS1\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS1\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS1\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDfs;InCD File System; C:\WINDOWS1\system32\drivers\InCDfs.sys [2004-09-07 91136]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS1\system32\DRIVERS\sr.sys [2004-08-18 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 gupdate1c986c88fe75ffa;Google Update Service (gupdate1c986c88fe75ffa); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-09-07 1151090]
S2 LogWatch;Event Log Watch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 MDMdmserver;Machine Debug Manager MDMdmserver; C:\WINDOWS1\system32\acctresi.exe srv []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS1\system32\nvsvc32.exe [2006-06-01 155715]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 CA_LIC_CLNT;CA License Client; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS1\system32\svchost.exe [2004-08-18 14336]

-----------------EOF-----------------

[jaro3]

Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
MDMdmserver

:Reg

:Files
C:\WINDOWS1\system32\acctresi.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

vyčisti systém CCleanerem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

[kytovec]

Snad jsem to provedl správně.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver MDMdmserver deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\WINDOWS1\system32\acctresi.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\OEM\LOCALS~1\Temp\etilqs_eggX8OEakZziMh9xRRzc scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05132009_185530

Ruda

[jaro3]

Je to správně , ale ještě jeden script v OTMoveIt:

Kód: Vybrat vše

:Processes
explorer.exe

:Services
52690ebf

:Reg

:Files
C:\WINDOWS1\System32\drivers\52690ebf.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Postup stejný jako výše.

Pak zkus znovu v nouz. režimu MbAM.

[kytovec]

Tak ten mBam to pořád vypíná, vidím tam nějaké viry, ale pak se vypne a restartuje pořád dokola, dokud se mi to nepodaří dostat do nouzového režimu.

Tady je ten výpis z MovIT. Díky.

====== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver MDMdmserver deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\WINDOWS1\system32\acctresi.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\OEM\LOCALS~1\Temp\etilqs_eggX8OEakZziMh9xRRzc scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05132009_185530

Files moved on Reboot...
File C:\DOCUME~1\OEM\LOCALS~1\Temp\etilqs_eggX8OEakZziMh9xRRzc not found!
C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\OEM\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\ehofjsja.default\XUL.mfl moved successfully.


Ruda

[jaro3]

Omylem jsi provedl ten přechozí script...
Rozjeď znovu ten OTMoveIt3...
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
52690ebf

:Reg

:Files
C:\WINDOWS1\System32\drivers\52690ebf.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

[kytovec]

Omlouvám se, nějak se to spletlo.

Tady je ten výpis.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver 52690ebf not found.
Service\Driver 52690ebf not found.
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\WINDOWS1\System32\drivers\52690ebf.sys not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\OEM\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05132009_212030

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config 52690ebf start= disabled
sc stop 52690ebf
sc delete 52690ebf


ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS1\system32\NeroCheck.exe

vyčisti systém CCleanerem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

zkus toto , ale nevím, zda se PC nebude restartovat..
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
Problém může být i v HW, HDD nebo RAM.či chyba ve win..