Kontrola logu Vyřešeno

[Max583]

No to je právě ten problém, že žádný log nemám a nikde tam není. Jsou tam jen dva tex. dokumenty, ten co jsem poslal a ještě tenhle - nic víc:

2013-10-02 08:53:10 . 2013-10-02 08:53:10 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2013-10-01 20:41:23 . 2013-10-01 20:41:23 992 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-GoforFiles.reg.dat
2013-10-01 20:41:23 . 2013-10-01 20:41:23 572 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-vfd-ob.reg.dat
2013-10-01 20:38:17 . 2013-10-02 08:58:34 12,890 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-10-01 20:33:42 . 2013-10-02 08:53:08 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-10-01 20:30:44 . 2013-10-02 08:51:32 153 ----a-w- C:\Qoobox\Quarantine\catchme.log

[Reklama]

[Max583]

Tak jsem to zmáknul ale musel jsem do nouzáku, pak ten log vytvořil:

ComboFix 13-10-01.03 - bohouš 02.10.2013 13:18:11.25.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1585 [GMT 2:00]
Spuštěný z: c:\documents and settings\bohouš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\bohouš\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-02 do 2013-10-02 )))))))))))))))))))))))))))))))
.
.
2013-10-02 06:50 . 2013-10-02 06:50 60872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5E3F2EFD-6EAF-403B-9C11-495FD8F16C24}\offreg.dll
2013-10-02 06:47 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{5E3F2EFD-6EAF-403B-9C11-495FD8F16C24}\mpengine.dll
2013-10-01 21:20 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-01 19:51 . 2013-10-01 19:51 177496 ----a-w- c:\windows\system32\drivers\30918476.sys
2013-10-01 18:16 . 2013-10-01 18:16 -------- d-----w- c:\windows\ERUNT
2013-10-01 08:32 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-01 06:53 . 2013-10-01 06:53 388096 ----a-r- c:\documents and settings\bohouš\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-29 17:48 . 2012-03-30 06:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-29 17:48 . 2011-06-16 09:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2004-08-17 15:49 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2004-08-17 15:44 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2004-08-17 15:49 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-17 15:49 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2004-08-17 15:49 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2009-01-30 18:35 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2004-08-17 15:49 406016 ----a-w- c:\windows\system32\usp10.dll
2010-02-15 13:48 . 2010-02-15 13:43 26665984 ------w- c:\program files\AdbeRdr930_cs_CZ.exe
2010-02-15 13:41 . 2010-02-15 13:41 1697792 ----a-w- c:\program files\AdbeRdrUpd913_all_incr.msp
2010-01-18 13:54 . 2010-01-18 13:51 77003400 ------w- c:\program files\BusinessCardsMX-setup.exe
2009-08-28 20:17 . 2009-08-28 20:17 1410632 ----a-w- c:\program files\setup_dm_paradies_foto_2.exe
2008-08-05 13:37 . 2008-08-05 13:30 6104632 ----a-w- c:\program files\picasaweb-current-setup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2012-07-02 2498048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 07:52 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMouse ]
2004-06-27 13:38 503808 ----a-w- c:\program files\Mouse Driver\MouseDrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 13:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27 45056 ----a-w- c:\progra~1\MEDIAK~1\MagicKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2013-04-22 08:05 720064 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Plánovače\\čištění\\solutoinstaller.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\bohouš\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [12.6.2011 9:48 45288]
S1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [2.3.2012 12:03 25248]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [31.3.2012 19:40 238952]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [30.3.2012 17:33 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [30.3.2012 17:33 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [30.3.2012 17:33 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [30.3.2012 17:33 25088]
S3 cpuz135;cpuz135; [x]
S3 cpuz136;cpuz136; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [31.3.2012 20:13 80184]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.1.2011 11:22 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [26.10.2012 9:53 12400]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\MTK.SYS [28.3.2007 10:33 15670]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [26.4.2010 9:40 32377]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [4.8.2013 18:10 155824]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [31.3.2012 20:13 181432]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:48]
.
2013-10-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 16:05]
.
2013-10-02 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 16:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-02 13:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|đÁ]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????˜"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|xć]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????˜"
"DeviceInstanceIds"=multi:"\0c\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="831FD2BA74BED7515319D005B16CF02B9EA742E997C8CF4CA467D8C721205F11F34E445F31544F5B0C4F4DE55C8A9B76D006532DFADEEC7947778B4B1BA843C6A75D95E7AFD6F094BE8A640721CF69079BD0EBEF216D5F5D94882C9D53FD2DA8119882C3C6DF9198B2174CDCBE27BE553DF661D0CACF38EADCCB5026B00A7A41B48E7A44A00D7A2B418574C243FCF17B822B3C548E667A3384B3BCB16E3E7DBCAC15211DBEFBEBB058ABFC7715434D384F62BCE154111EF005F6ECEF9A8BF86BA5C3CD68F4D495B4FBA2389CECEF11EE1C5751445C39107E68100FF518EC294360768CA56ABD9EE3C047B03957FB6E26F2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452C038D530D6EB3452FEBC9E127BECC74CBC313EC0B2BD5CE4686776EF5BF52F53E875B0D4C0AB6D94C6C71D740DB2C6BA69B972D146D054A0B7B780B3F6CD7ED5C63854BBE5535961957866CFD914AE506319655572CCF99882FB7D368E8B8BC652FD443AC1D3B180B27727325902F0551E13ECEAF610D15CBFF34CFBB41BB6A9222309DA58C6CC89F45DAC4922E2FE94D220C285996C868D2593AEDC7DDA8395113A0FFA3137A62976F82E984A8D6B70FBEA046F2329E563B2044C07041D9737BD09A4CB56255F9F184EC1756D51F1DE5BD33241DEFE61A6A8A22E7A642A3F4C09877C545586BC40FA92650DAB6E6DE6F4ECB2EC9E1C11380BFE438CC1BBE62899E4306CC141A374073079DB2998DF298FFECE36B5A3AB07A45E5FE54002A4B3DA0239C232B1A238694642B58CFA6E543904B4B27E2A919B02B736820B9FAD68787477D94229671C8EA766C18231E0AE40AD7451543AC210F339E3B44FABDCD6E506AD078E6A4744AA59747A394DA4113A5E054F18D267119043E69F3E30B121593305F2BB2D39E735175CAD65D34969FDACBDC1AF644763AFE8A0BC8E2D4EFECD2E089DEE9FDA55E8CF7200BFBC863829665E8F82D5D0DA6F74D8D8781679BC7F5DA657D35F6AEA4525EE66817633149B8906F57D811763306238943A511FB772D8B2C518814C1E0C6EEEAC6BE14E24F7493C0490B4CE7B98E04F65953ACDE4EAEF64636F8E887647B471F14153F5A7A88E699CB1B1523390D60F13509FB7CAF42257FC9080CA10BFB85B274B1570EDD7F3D978582E1FB3455C4EBAB344B4045E268BB535CAE21C05EAF516546226DE7648412382D4D735A7BD47CD0EDEBFC138E4E2829C4E45DFEA736C562C6DA571B810B3FB2FC341866E7B1810B01CF6C5587CA52D0964093187ABCFD826DB9D351783AA38E40DC78A90C9C31BF0991E67DB3E80D3C159EA7CB62215DF1BC4E449CC0D835D2BB4F5B74D11305B29E99A921D2F01E710EB4A44981A1401E537F1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(316)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1612)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
.
Celkový čas: 2013-10-02 13:32:21
ComboFix-quarantined-files.txt 2013-10-02 11:32
.
Před spuštěním: 3 246 272 512
Po spuštění: 3 222 155 264
.
- - End Of File - - 0F7D6D54396370F5D132E8B28E4104A7
413FC2A0C716421B3158746D63736515

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
http://files.avast.com/files/rootkit-scanner/aswmbr.exe
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vlož nový log z HJT+info o problémech.

+
Stáhni si aswMBR
http://files.avast.com/files/rootkit-scanner/aswmbr.exe
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Max583]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-03 10:21:01
-----------------------------
10:21:01.718 OS Version: Windows 5.1.2600 Service Pack 3
10:21:01.718 Number of processors: 2 586 0x409
10:21:01.718 ComputerName: BOHOU-040C629BC UserName: bohouš
10:21:02.171 Initialize success
10:21:07.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
10:21:07.203 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
10:21:07.203 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e
10:21:07.218 Disk 1 Vendor: WDC_WD5000AVDS-63U7B1 01.00A01 Size: 476940MB BusType: 3
10:21:07.468 Disk 0 MBR read successfully
10:21:07.484 Disk 0 MBR scan
10:21:07.484 Disk 0 Windows XP default MBR code
10:21:07.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
10:21:07.484 Disk 0 scanning sectors +78156225
10:21:07.671 Disk 0 scanning C:\WINDOWS\system32\drivers
10:21:18.296 Service scanning
10:21:42.093 Modules scanning
10:21:54.937 Disk 0 trace - called modules:
10:21:55.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
10:21:55.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a643ab8]
10:21:55.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a64ef18]
10:21:55.000 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x8a6a8d98]
10:21:55.015 Scan finished successfully
10:22:11.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\MBR.dat"
10:22:11.296 The log file has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-03 10:28:33
-----------------------------
10:28:33.390 OS Version: Windows 5.1.2600 Service Pack 3
10:28:33.390 Number of processors: 2 586 0x409
10:28:33.390 ComputerName: BOHOU-040C629BC UserName: bohouš
10:28:33.828 Initialize success
10:28:38.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
10:28:38.140 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
10:28:38.140 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e
10:28:38.140 Disk 1 Vendor: WDC_WD5000AVDS-63U7B1 01.00A01 Size: 476940MB BusType: 3
10:28:38.343 Disk 0 MBR read successfully
10:28:38.343 Disk 0 MBR scan
10:28:38.343 Disk 0 Windows XP default MBR code
10:28:38.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
10:28:38.437 Disk 0 scanning sectors +78156225
10:28:38.796 Disk 0 scanning C:\WINDOWS\system32\drivers
10:28:54.515 Service scanning
10:30:17.015 Modules scanning
10:30:35.843 Disk 0 trace - called modules:
10:30:35.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:30:35.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a643ab8]
10:30:35.890 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a64ef18]
10:30:35.906 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x8a6a8d98]
10:30:35.906 Scan finished successfully
10:30:46.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\MBR.dat"
10:30:46.015 The log file has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\aswMBR.txt"


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:03, on 3.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Plánovače\čištění\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: FastestTube BHO - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\1.3.7\WombatBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BOHOU~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 6320 bytes


PC se znatelně zrychlil. Dokonce i při startu, což mě velmi potěšilo, protože to mě hodně štvalo, čekat vždy 5 minut než jsem mohl začít něco dělat.


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-03 10:32:21
-----------------------------
10:32:21.359 OS Version: Windows 5.1.2600 Service Pack 3
10:32:21.359 Number of processors: 2 586 0x409
10:32:21.359 ComputerName: BOHOU-040C629BC UserName: bohouš
10:32:22.171 Initialize success
10:32:25.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
10:32:25.656 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
10:32:25.656 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e
10:32:25.671 Disk 1 Vendor: WDC_WD5000AVDS-63U7B1 01.00A01 Size: 476940MB BusType: 3
10:32:25.859 Disk 0 MBR read successfully
10:32:25.859 Disk 0 MBR scan
10:32:25.875 Disk 0 Windows XP default MBR code
10:32:25.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
10:32:25.875 Disk 0 scanning sectors +78156225
10:32:26.062 Disk 0 scanning C:\WINDOWS\system32\drivers
10:32:37.906 Service scanning
10:33:02.078 Modules scanning
10:33:14.812 Disk 0 trace - called modules:
10:33:14.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:33:14.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a643ab8]
10:33:14.843 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x8a64ef18]
10:33:14.843 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x8a6a8d98]
10:33:14.843 Scan finished successfully
10:34:36.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\MBR.dat"
10:34:36.406 The log file has been saved successfully to "C:\Documents and Settings\bohouš\Plocha\aswMBR2.txt"

[memphisto]

Asw i HJT v pořádku. Pokud nejsou problémy, tak můžeš dát vyřešeno

[Max583]

Díky za pomoc a přeji krásný zbytek dne.