Poškozený profil a pomalý systém

[besanek]

Právě se mi dostal do ruky notebook od sousedky. Podle mého názoru je poškozený systémový profil. Poloprázdná nabídka start, systémová nastavení se hned po uložení vrátí do původního stavu, nejdou stahovat soubory z internetu, nejdou nainstalovat bezpečnostní aktualizace a možná ještě nějaké věci kterých jsem si zatím nevšiml. Celý systém je též pomalý (CPU bezdůvodně využito 30-100% bez důvodu). Notebook je momentálně odpojen od sítě.

Log z RSIT :

Logfile of random's system information tool 1.09 (written by random/random)
Run by MIS at 2011-08-14 14:33:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 197 MB (1%) free of 19 GB
Total RAM: 494 MB (60% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
Download Energy Toolbar - C:\Program Files\P2P_Energy\prxtbP2P0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
Internet Panel - C:\Program Files\NetSoftware\IEHelper.dll [2011-05-28 440080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - Download Energy Toolbar - C:\Program Files\P2P_Energy\prxtbP2P0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-01-08 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-01-08 114688]
"AcerNotebookManager"=C:\Program Files\Acer\Notebook Manager\almxptray.exe [2003-05-16 509952]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2008-01-08 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-08 610304]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"NetSoftware"=C:\Program Files\NetSoftware\Starter.exe [2011-01-06 156672]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2008-01-08 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-08-14 14:33:58 ----D---- C:\rsit
2011-08-14 14:33:58 ----D---- C:\Program Files\trend micro
2011-08-14 10:41:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-14 10:41:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-14 10:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-08-14 10:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-08-14 10:37:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-08-14 10:37:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-14 10:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-08-14 10:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-08-14 10:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-08-14 10:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-14 10:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-13 19:37:49 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Microsoft
2011-08-13 18:39:16 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Apple Computer
2011-08-13 18:31:00 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Sony
2011-08-13 16:37:11 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Macromedia
2011-08-13 16:37:10 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Adobe
2011-08-13 16:02:03 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Skinux
2011-08-13 16:00:09 ----D---- C:\ArcSoft

======List of files/folders modified in the last 1 month======

2011-08-14 14:33:59 ----D---- C:\WINDOWS\Temp
2011-08-14 14:33:58 ----RD---- C:\Program Files
2011-08-14 14:32:29 ----HD---- C:\WINDOWS\inf
2011-08-14 14:17:03 ----RSD---- C:\WINDOWS\assembly
2011-08-14 14:15:33 ----SHD---- C:\WINDOWS\Installer
2011-08-14 11:03:41 ----D---- C:\WINDOWS\system32\ias
2011-08-14 11:03:00 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-14 11:02:53 ----D---- C:\WINDOWS
2011-08-14 11:02:33 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-14 11:01:38 ----D---- C:\WINDOWS\system32
2011-08-14 11:00:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-14 10:59:37 ----SHD---- C:\Config.Msi
2011-08-14 10:58:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-14 10:57:29 ----D---- C:\WINDOWS\WinSxS
2011-08-14 10:41:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-14 10:41:13 ----A---- C:\WINDOWS\imsins.BAK
2011-08-14 10:41:10 ----D---- C:\WINDOWS\system32\drivers
2011-08-14 10:41:02 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-14 10:40:39 ----D---- C:\WINDOWS\ie7updates
2011-08-14 10:39:35 ----D---- C:\WINDOWS\system32\cs-cz
2011-08-14 10:39:35 ----D---- C:\Program Files\Internet Explorer
2011-08-13 18:55:00 ----D---- C:\Program Files\LGGSM
2011-08-13 18:54:09 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-13 18:49:50 ----D---- C:\Program Files\MyHeritage
2011-08-13 18:47:53 ----D---- C:\Program Files\Family Toolbar
2011-08-13 18:41:46 ----D---- C:\Program Files\QIP
2011-08-13 18:40:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2011-08-13 18:38:55 ----D---- C:\Program Files\Common Files
2011-08-13 18:38:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-08-13 18:37:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kodak
2011-08-13 18:37:36 ----D---- C:\WINDOWS\Help
2011-08-13 18:37:36 ----D---- C:\Program Files\Kodak
2011-08-13 18:37:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-13 16:40:52 ----D---- C:\WINDOWS\Prefetch
2011-08-13 16:01:21 ----D---- C:\Program Files\NetSoftware
2011-08-13 15:52:27 ----D---- C:\Documents and Settings
2011-08-12 13:19:12 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-08-12 13:12:13 ----A---- C:\WINDOWS\OEWABLog.txt
2011-07-30 10:05:12 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-22 18:30:58 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 acernbm;acernbm; C:\WINDOWS\system32\drivers\acernbm.sys [2003-03-05 6570]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2008-01-08 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2008-01-08 78752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2008-01-08 111104]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2008-01-08 90907]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-01-08 270448]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys []
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2008-01-15 257024]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PAC207;VideoCAM GE111; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(Cable & Wireless);Cable & Wireless 802.11g Series Wireless LAN USB(Cable & Wireless); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-12-22 259584]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-03-13 339968]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-03-05 380928]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Porposím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[besanek]

ComboFix 11-08-15.01 - MIS 14.08.2011 18:18:02.1.1 - x86
Spuštěný z: c:\documents and settings\TEMP\Plocha\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MIS\WINDOWS
c:\windows\isRS-000.tmp
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-14 do 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 12:42 . 2011-08-14 12:42 -------- d-----w- c:\documents and settings\abc
2011-08-14 12:33 . 2011-08-14 12:34 -------- d-----w- C:\rsit
2011-08-14 12:33 . 2011-08-14 12:33 -------- d-----w- c:\program files\trend micro
2011-08-13 17:33 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-13 17:01 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-13 14:00 . 2011-08-13 14:00 -------- d-----w- C:\ArcSoft
2011-08-13 13:52 . 2011-08-14 16:13 -------- d-----w- c:\documents and settings\TEMP
2011-08-12 11:19 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\USMT\iconlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-01-08 09:52 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:39 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:39 . 2004-08-18 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:39 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:39 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-18 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2009-05-06 09:09 . 2009-05-06 09:09 21068096 ----a-w- c:\program files\FTBDL.exe
2009-03-29 17:24 . 2009-03-29 17:24 2893952 ----a-w- c:\program files\PPView97.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2011-01-17 14:54 175912 ----a-w- c:\program files\P2P_Energy\prxtbP2P0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\prxtbP2P0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-08 114688]
"AcerNotebookManager"="c:\program files\Acer\Notebook Manager\almxptray.exe" [2003-05-16 509952]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-08 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-08 610304]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2011-01-06 156672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2008-01-15 257024]
R3 PAC207;VideoCAM GE111;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 ZD1211U(Cable & Wireless);Cable & Wireless 802.11g Series Wireless LAN USB(Cable & Wireless);c:\windows\system32\DRIVERS\zd1211u.sys [2004-12-22 259584]
S1 aswSP;avast! Self Protection; [x]
S2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [2003-03-05 6570]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-03-13 339968]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-03-05 380928]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://search.myheritage.com
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 18:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
- - - - - - - > 'winlogon.exe'(132)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Celkový čas: 2011-08-14 18:35:14
ComboFix-quarantined-files.txt 2011-08-14 16:35
.
Před spuštěním: 376 266 752
Po spuštění: 530 219 008
.
- - End Of File - - 3ECC6337B309076FF0B25801FB9B5130

[Rudy]

Několik infikovaných položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?

[besanek]

Problém s výkonem se zlepšil. Ale ostatní problémy přetrvávají

[Rudy]

Poškozený profil nejlépe opravíte, pokud vytvoříte nový a původní odstraníte. Při odstranění si můžete zvolit, zda ho zazálohovat, nebo ne. Ze zálohy pak můžete vytáhnout vše, co budete potřebovat, do nového profilu.

[besanek]

Ještě jedna věcička... Když jsem šel do nastavení uživatelských účtů vyskočilo upozornění že ve skriptu aplikace Internet Explorer došlo k chybě, aniž bych aplikaci měl otevřenou... Přikládám screen chyby

[Rudy]

Je to chyba toho souboru, nikoli IE. Jinak by měl IE normálně fungovat.