PC se dokola restartuje

[Damned]

Zkus si stáhnout včerejší verzi http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html

[Reklama]

[Pawkin]

nejde je to divne na jinych compech to jde v pohode a na tom mojem vubec

[jaro3]

Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

[Pawkin]

je to divne ani tato stranka se mi nechce zobrazit

[jaro3]

Stáhni si tools:
http://www.edisk.cz/stahni/32942/tools.rar_3.88MB.html

Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než jsou původní programy.
itr - RSIT
buss - DDS
VerTerm - Combofix
pokud ti pojede VerTerm, tak sem vlož z něho log.
Jinak itr(RSIT)

[Pawkin]

tady je log z rst

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-09-21 19:56:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (41%) free of 76 GB
Total RAM: 511 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:48, on 21.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\Rar$EX02.984\tools\itr.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [4736] C:\WINDOWS\system32\3F.tmp.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administrator.HOME\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator.HOME\reader_s.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 4273 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DB97E567-291E-4B34-8D35-AE6DDBCE7786}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FD2844F6-6DA7-4CFC-A47D-F40495874E68}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"4736"=C:\WINDOWS\system32\3F.tmp [2009-09-21 18944]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-09-21 59904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []
"GrpConv"=grpconv -o []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe [2009-09-21 66560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"servises"=C:\WINDOWS\system32\servises.exe [2009-09-21 66560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe [2009-09-21 66560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod]
C:\DOCUME~1\TOMPAW~1\LOCALS~1\Temp\c.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\NeverwinterNights\NWN\nwmain.exe"="C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\NeverwinterNights\NWN\nwserver.exe"="C:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Documents and Settings\Tomáš Pawera\Plocha\Files\1nsane\Game.exe"="C:\Documents and Settings\Tomáš Pawera\Plocha\Files\1nsane\Game.exe:*:Enabled:INSANE"
"C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-21 19:46:11 ----A---- C:\WINDOWS\system32\40.tmp
2009-09-21 19:46:10 ----A---- C:\WINDOWS\system32\3F.tmp
2009-09-21 19:46:07 ----A---- C:\WINDOWS\system32\3D.tmp
2009-09-21 19:45:46 ----A---- C:\WINDOWS\system32\3A.tmp
2009-09-21 19:45:42 ----A---- C:\WINDOWS\system32\37.tmp
2009-09-21 19:21:00 ----A---- C:\WINDOWS\system32\3B.tmp
2009-09-21 19:20:55 ----A---- C:\WINDOWS\system32\39.tmp
2009-09-21 19:20:49 ----A---- C:\WINDOWS\system32\34.tmp
2009-09-16 17:29:59 ----A---- C:\WINDOWS\system32\servises.exe
2009-09-16 17:29:43 ----A---- C:\WINDOWS\system32\38.tmp
2009-09-16 17:29:42 ----A---- C:\WINDOWS\system32\sys64_nov.exe
2009-09-16 17:29:41 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-09-16 17:29:41 ----A---- C:\WINDOWS\system32\36.tmp
2009-09-16 17:29:35 ----A---- C:\WINDOWS\system32\33.tmp
2009-09-16 15:27:51 ----A---- C:\WINDOWS\system32\2F.tmp
2009-09-16 15:27:47 ----A---- C:\1636,316.exe
2009-09-14 19:09:37 ----D---- C:\rsit
2009-09-14 19:05:23 ----HD---- C:\WINDOWS\PIF
2009-09-14 18:52:23 ----A---- C:\WINDOWS\system32\2E.tmp
2009-09-14 15:55:35 ----A---- C:\WINDOWS\system32\3C.tmp
2009-09-14 14:54:58 ----A---- C:\WINDOWS\system32\35.tmp
2009-09-14 14:54:55 ----A---- C:\WINDOWS\system32\32.tmp
2009-09-14 14:54:52 ----A---- C:\WINDOWS\system32\29.tmp
2009-09-14 14:46:31 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-09-14 14:46:30 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-09-14 14:46:30 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-14 14:46:28 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-09-14 13:30:54 ----A---- C:\WINDOWS\system32\10.tmp
2009-09-14 13:30:52 ----A---- C:\WINDOWS\system32\D.tmp
2009-09-07 20:10:12 ----A---- C:\WINDOWS\system32\31.tmp
2009-09-07 20:10:09 ----A---- C:\WINDOWS\system32\30.tmp
2009-09-07 20:09:25 ----A---- C:\WINDOWS\system32\13.tmp
2009-09-07 19:55:36 ----A---- C:\5228,998.exe
2009-09-07 19:55:29 ----A---- C:\WINDOWS\system32\A.tmp
2009-09-06 18:25:23 ----A---- C:\WINDOWS\system32\F.tmp
2009-09-06 18:25:21 ----A---- C:\WINDOWS\system32\E.tmp
2009-09-06 18:25:18 ----A---- C:\WINDOWS\system32\7.tmp
2009-09-06 17:19:19 ----A---- C:\WINDOWS\system32\C.tmp
2009-09-06 17:19:16 ----A---- C:\WINDOWS\system32\B.tmp
2009-09-06 17:19:13 ----A---- C:\WINDOWS\system32\4.tmp
2009-09-06 15:51:13 ----A---- C:\WINDOWS\system32\9.tmp
2009-09-06 15:51:10 ----A---- C:\WINDOWS\system32\8.tmp
2009-09-06 15:51:04 ----A---- C:\WINDOWS\system32\3.tmp
2009-09-06 14:20:11 ----D---- C:\Qoobox
2009-09-06 14:05:03 ----A---- C:\WINDOWS\system32\6.tmp
2009-09-06 14:05:00 ----A---- C:\WINDOWS\system32\5.tmp
2009-09-06 14:04:53 ----A---- C:\WINDOWS\system32\2.tmp
2009-09-06 14:02:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-06 13:59:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-06 13:02:11 ----A---- C:\WINDOWS\system32\2D.tmp
2009-09-06 13:02:09 ----A---- C:\WINDOWS\system32\2C.tmp
2009-09-06 13:02:09 ----A---- C:\WINDOWS\system32\2B.tmp
2009-09-06 13:02:04 ----A---- C:\WINDOWS\system32\21.tmp
2009-09-06 11:43:19 ----A---- C:\WINDOWS\system32\2A.tmp
2009-09-06 11:43:17 ----A---- C:\WINDOWS\system32\28.tmp
2009-09-06 11:43:16 ----A---- C:\WINDOWS\system32\27.tmp
2009-09-06 11:43:11 ----A---- C:\WINDOWS\system32\20.tmp
2009-09-05 22:13:16 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Macromedia
2009-09-05 22:13:16 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Adobe
2009-09-05 22:08:37 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Sun
2009-09-05 21:56:36 ----A---- C:\WINDOWS\system32\26.tmp
2009-09-05 21:56:34 ----A---- C:\WINDOWS\system32\22.tmp
2009-09-05 21:56:27 ----A---- C:\WINDOWS\system32\1E.tmp
2009-09-05 20:51:06 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Malwarebytes
2009-09-05 20:48:52 ----A---- C:\WINDOWS\system32\25.tmp
2009-09-05 20:48:52 ----A---- C:\WINDOWS\system32\24.tmp
2009-09-05 20:48:49 ----A---- C:\WINDOWS\system32\23.tmp
2009-09-05 20:48:41 ----A---- C:\WINDOWS\system32\1C.tmp
2009-09-05 20:44:07 ----A---- C:\WINDOWS\file.bat
2009-08-24 16:21:52 ----A---- C:\WINDOWS\system32\1F.tmp
2009-08-24 16:21:48 ----A---- C:\WINDOWS\system32\1A.tmp
2009-08-24 16:14:20 ----A---- C:\WINDOWS\system32\1D.tmp
2009-08-24 16:14:14 ----A---- C:\WINDOWS\system32\19.tmp
2009-08-24 16:10:27 ----A---- C:\WINDOWS\system32\1B.tmp
2009-08-24 16:10:21 ----A---- C:\WINDOWS\system32\16.tmp
2009-08-23 13:00:32 ----A---- C:\WINDOWS\system32\18.tmp
2009-08-23 13:00:28 ----A---- C:\WINDOWS\system32\15.tmp
2009-08-22 15:42:47 ----A---- C:\WINDOWS\system32\17.tmp
2009-08-22 15:42:42 ----A---- C:\WINDOWS\system32\12.tmp

======List of files/folders modified in the last 1 months======

2009-09-21 19:55:24 ----D---- C:\WINDOWS\system32
2009-09-21 19:52:32 ----D---- C:\Program Files\Mozilla Firefox
2009-09-21 19:46:31 ----D---- C:\WINDOWS\temp
2009-09-21 19:43:50 ----D---- C:\WINDOWS
2009-09-21 19:20:54 ----D---- C:\WINDOWS\system32\drivers
2009-09-21 19:06:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-16 17:30:11 ----A---- C:\WINDOWS\system32\svchost.exe
2009-09-14 19:06:03 ----A---- C:\WINDOWS\system.ini
2009-09-14 18:55:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-09-14 18:51:34 ----D---- C:\WINDOWS\Minidump
2009-09-14 14:53:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-14 14:46:31 ----RD---- C:\Program Files
2009-09-14 13:31:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-06 19:33:29 ----D---- C:\WINDOWS\Prefetch
2009-09-06 15:56:06 ----D---- C:\WINDOWS\system32\Restore
2009-09-06 15:56:05 ----SHD---- C:\System Volume Information
2009-09-06 14:07:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-06 11:43:35 ----RSD---- C:\WINDOWS\Fonts
2009-09-05 22:13:56 ----SD---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Microsoft
2009-09-05 22:07:18 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R1 zeamaqjcud3;zeamaqjcud3; C:\WINDOWS\system32\drivers\zeamaqjcud3.sys [2009-09-06 40192]
R1 zjotbholfp5;zjotbholfp5; C:\WINDOWS\system32\drivers\zjotbholfp5.sys [2009-08-14 40192]
R1 zkiyfhlxbx3;zkiyfhlxbx3; C:\WINDOWS\system32\drivers\zkiyfhlxbx3.sys [2009-08-13 40192]
R1 zouworlsngivi5;zouworlsngivi5.sys; C:\WINDOWS\system32\DRIVERS\zouworlsngivi5.sys [2009-08-12 40192]
R1 zvhpckrvhn5;zvhpckrvhn5.sys; C:\WINDOWS\system32\DRIVERS\zvhpckrvhn5.sys [2009-09-05 40192]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 zfgepduthpdwh1;zfgepduthpdwh1; C:\WINDOWS\system32\drivers\zfgepduthpdwh1.sys []
S1 znnniteuevvp1;znnniteuevvp1; C:\WINDOWS\system32\drivers\znnniteuevvp1.sys []
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-07-28 278984]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-28 25416]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 Edspport;EDSP Port Driver; C:\WINDOWS\system32\DRIVERS\es56hpi.sys [2000-02-25 546863]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 protect;protect; C:\WINDOWS\System32\drivers\protect.sys [2009-09-16 18944]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 434176]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 540672]
S2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-29 93184]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 FCI;FCI; C:\WINDOWS\system32\svchost.exe [2009-09-16 34816]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 891904]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-31 152984]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 86016]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-07-30 603904]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2009-09-16 34816]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-30 360192]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 958976]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-16 34816]

-----------------EOF-----------------

[jaro3]

Teda to už jsem dlouho neviděl..

Zkus stáhnout toto:
Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C .
Napiš , zda se to podařilo.

[Pawkin]

stahnout to šlo mam to spustit??

[jaro3]

spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
zeamaqjcud3
zjotbholfp5
zkiyfhlxbx3
zouworlsngivi5
zvhpckrvhn5
zfgepduthpdwh1
znnniteuevvp1

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=-
"NoDriveAutoRun"=-
"NoDriveTypeAutoRun"=-
"NoDrives"=-

:Files
C:\WINDOWS\system32\3F.tmp.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\servises.exe
C:\Documents and Settings\Administrator.HOME\reader_s.exe
C:\WINDOWS\system32\regedit.exe
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\system32\sys64_nov.exe
C:\1636,316.exe
C:\5228,998.exe
C:\WINDOWS\file.bat
C:\WINDOWS\system32\drivers\zeamaqjcud3.sys
C:\WINDOWS\system32\drivers\zjotbholfp5.sys
C:\WINDOWS\system32\drivers\zkiyfhlxbx3.sys
C:\WINDOWS\system32\DRIVERS\zouworlsngivi5.sys
C:\WINDOWS\system32\DRIVERS\zvhpckrvhn5.sys
C:\WINDOWS\system32\drivers\zfgepduthpdwh1.sys
C:\WINDOWS\system32\drivers\znnniteuevvp1.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Potom zkus spustit VerTerm(Combofix).A vlož sem z něj log.

[Pawkin]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver zeamaqjcud3 deleted successfully.

Service\Driver zjotbholfp5 deleted successfully.

Service\Driver zkiyfhlxbx3 deleted successfully.

Service\Driver zouworlsngivi5 deleted successfully.

Service\Driver zvhpckrvhn5 deleted successfully.

Service\Driver zfgepduthpdwh1 deleted successfully.

Service\Driver znnniteuevvp1 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\NoDrives deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\3F.tmp.exe not found.
C:\WINDOWS\System32\reader_s.exe moved successfully.
C:\WINDOWS\system32\servises.exe moved successfully.
C:\Documents and Settings\Administrator.HOME\reader_s.exe moved successfully.
File/Folder C:\WINDOWS\system32\regedit.exe not found.
C:\WINDOWS\system32\10.tmp moved successfully.
C:\WINDOWS\system32\11.tmp moved successfully.
C:\WINDOWS\system32\12.tmp moved successfully.
C:\WINDOWS\system32\13.tmp moved successfully.
C:\WINDOWS\system32\14.tmp moved successfully.
C:\WINDOWS\system32\15.tmp moved successfully.
C:\WINDOWS\system32\16.tmp moved successfully.
C:\WINDOWS\system32\17.tmp moved successfully.
C:\WINDOWS\system32\18.tmp moved successfully.
C:\WINDOWS\system32\19.tmp moved successfully.
C:\WINDOWS\system32\1A.tmp moved successfully.
C:\WINDOWS\system32\1B.tmp moved successfully.
C:\WINDOWS\system32\1C.tmp moved successfully.
C:\WINDOWS\system32\1D.tmp moved successfully.
C:\WINDOWS\system32\1E.tmp moved successfully.
C:\WINDOWS\system32\1F.tmp moved successfully.
C:\WINDOWS\system32\2.tmp moved successfully.
C:\WINDOWS\system32\20.tmp moved successfully.
C:\WINDOWS\system32\21.tmp moved successfully.
C:\WINDOWS\system32\22.tmp moved successfully.
C:\WINDOWS\system32\23.tmp moved successfully.
C:\WINDOWS\system32\24.tmp moved successfully.
C:\WINDOWS\system32\25.tmp moved successfully.
C:\WINDOWS\system32\26.tmp moved successfully.
C:\WINDOWS\system32\27.tmp moved successfully.
C:\WINDOWS\system32\28.tmp moved successfully.
C:\WINDOWS\system32\29.tmp moved successfully.
C:\WINDOWS\system32\2A.tmp moved successfully.
C:\WINDOWS\system32\2B.tmp moved successfully.
C:\WINDOWS\system32\2C.tmp moved successfully.
C:\WINDOWS\system32\2D.tmp moved successfully.
C:\WINDOWS\system32\2E.tmp moved successfully.
C:\WINDOWS\system32\2F.tmp moved successfully.
C:\WINDOWS\system32\3.tmp moved successfully.
C:\WINDOWS\system32\30.tmp moved successfully.
C:\WINDOWS\system32\31.tmp moved successfully.
C:\WINDOWS\system32\32.tmp moved successfully.
C:\WINDOWS\system32\33.tmp moved successfully.
C:\WINDOWS\system32\34.tmp moved successfully.
C:\WINDOWS\system32\35.tmp moved successfully.
C:\WINDOWS\system32\36.tmp moved successfully.
C:\WINDOWS\system32\37.tmp moved successfully.
C:\WINDOWS\system32\38.tmp moved successfully.
C:\WINDOWS\system32\39.tmp moved successfully.
C:\WINDOWS\system32\3A.tmp moved successfully.
C:\WINDOWS\system32\3B.tmp moved successfully.
C:\WINDOWS\system32\3C.tmp moved successfully.
C:\WINDOWS\system32\3D.tmp moved successfully.
C:\WINDOWS\system32\3E.tmp moved successfully.
C:\WINDOWS\system32\3F.tmp moved successfully.
C:\WINDOWS\system32\4.tmp moved successfully.
C:\WINDOWS\system32\40.tmp moved successfully.
C:\WINDOWS\system32\41.tmp moved successfully.
C:\WINDOWS\system32\42.tmp moved successfully.
C:\WINDOWS\system32\43.tmp moved successfully.
C:\WINDOWS\system32\44.tmp moved successfully.
C:\WINDOWS\system32\46.tmp moved successfully.
C:\WINDOWS\system32\47.tmp moved successfully.
C:\WINDOWS\system32\49.tmp moved successfully.
C:\WINDOWS\system32\4A.tmp moved successfully.
C:\WINDOWS\system32\5.tmp moved successfully.
C:\WINDOWS\system32\6.tmp moved successfully.
C:\WINDOWS\system32\7.tmp moved successfully.
C:\WINDOWS\system32\8.tmp moved successfully.
C:\WINDOWS\system32\9.tmp moved successfully.
C:\WINDOWS\system32\A.tmp moved successfully.
C:\WINDOWS\system32\B.tmp moved successfully.
C:\WINDOWS\system32\C.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\D.tmp moved successfully.
C:\WINDOWS\system32\E.tmp moved successfully.
C:\WINDOWS\system32\F.tmp moved successfully.
C:\WINDOWS\system32\sys64_nov.exe moved successfully.
C:\1636,316.exe moved successfully.
C:\5228,998.exe moved successfully.
C:\WINDOWS\file.bat moved successfully.
C:\WINDOWS\system32\drivers\zeamaqjcud3.sys moved successfully.
C:\WINDOWS\system32\drivers\zjotbholfp5.sys moved successfully.
C:\WINDOWS\system32\drivers\zkiyfhlxbx3.sys moved successfully.
C:\WINDOWS\system32\DRIVERS\zouworlsngivi5.sys moved successfully.
C:\WINDOWS\system32\DRIVERS\zvhpckrvhn5.sys moved successfully.
File/Folder C:\WINDOWS\system32\drivers\zfgepduthpdwh1.sys not found.
File/Folder C:\WINDOWS\system32\drivers\znnniteuevvp1.sys not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\Rar$EX00.390\OTMoveIt\OTM.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\etilqs_b7RhOguECEFlD5fCWhM6 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\atexfymd.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\dvhnbrgckpj.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\lfmjrpucfq.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\majderdsy.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 09212009_210310

[Pawkin]

pořád to nejde spustit

[jaro3]

Zkus ho spustit v nouz. režimu, pokud nepůjde , zkud buss(DDS).
Nebo toto:
Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTListIt.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.


Dnes musím končit , kdyžtak pomůže Damned.