Zatraceně zpomalený notebook

[mirotin]

Dobrý večer, mohu poprosit o konzultaci? Jsem v koncích, noťas je zpomalený, např. po kliku na plochu pravou myší se ničeho nedočkám...

Logfile of random's system information tool 1.09 (written by random/random)
Run by uzivatel at 2012-10-01 20:26:37
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 18 GB (35%) free of 50 GB
Total RAM: 1790 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:26:52, on 1.10.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\uzivatel\Downloads\RSIT (1).exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Služba Google Update (gupdate1ca0dff66ebee40) (gupdate1ca0dff66ebee40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4377 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForuzivatel.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-06-07 1008184]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-06-07 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2010-11-16 172856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-24 323640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-11-20 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.IV31"=ir32_32.dll
"VIDC.IV32"=ir32_32.dll
"VIDC.IV41"=ir41_32.ax
"VIDC.IV50"=ir50_32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-01 20:26:38 ----D---- C:\Program Files\trend micro
2012-10-01 20:26:37 ----D---- C:\rsit
2012-10-01 20:10:57 ----A---- C:\Windows\system32\vbscript.dll
2012-10-01 20:10:57 ----A---- C:\Windows\system32\mshtmled.dll
2012-10-01 20:10:55 ----A---- C:\Windows\system32\msfeeds.dll
2012-10-01 20:10:55 ----A---- C:\Windows\system32\jsproxy.dll
2012-10-01 20:10:55 ----A---- C:\Windows\system32\ieUnatt.exe
2012-10-01 20:10:55 ----A---- C:\Windows\system32\ieui.dll
2012-10-01 20:10:54 ----A---- C:\Windows\system32\wininet.dll
2012-10-01 20:10:53 ----A---- C:\Windows\system32\jscript.dll
2012-10-01 20:10:52 ----A---- C:\Windows\system32\url.dll
2012-10-01 20:10:52 ----A---- C:\Windows\system32\jscript9.dll
2012-10-01 20:10:51 ----A---- C:\Windows\system32\iertutil.dll
2012-10-01 20:10:50 ----A---- C:\Windows\system32\urlmon.dll
2012-10-01 20:10:47 ----A---- C:\Windows\system32\ieframe.dll
2012-10-01 20:10:46 ----A---- C:\Windows\system32\mshtml.dll
2012-10-01 19:58:25 ----A---- C:\Windows\system32\win32k.sys
2012-10-01 19:44:07 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-01 19:44:07 ----A---- C:\Windows\system32\crypt32.dll
2012-10-01 19:44:06 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-01 19:23:50 ----A---- C:\Windows\system32\localspl.dll
2012-10-01 19:23:10 ----A---- C:\Windows\system32\shell32.dll
2012-10-01 19:23:05 ----A---- C:\Windows\system32\netapi32.dll
2012-10-01 19:22:51 ----A---- C:\Windows\system32\msxml6.dll
2012-10-01 19:22:51 ----A---- C:\Windows\system32\msxml3.dll
2012-10-01 19:22:49 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-10-01 19:18:33 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-10-01 19:18:32 ----A---- C:\Windows\system32\schannel.dll
2012-10-01 19:18:32 ----A---- C:\Windows\system32\ncrypt.dll
2012-10-01 19:06:19 ----A---- C:\Windows\system32\wups2.dll
2012-10-01 19:06:18 ----A---- C:\Windows\system32\wucltux.dll
2012-10-01 19:06:18 ----A---- C:\Windows\system32\wuaueng.dll
2012-10-01 19:06:18 ----A---- C:\Windows\system32\wuauclt.exe
2012-10-01 19:05:55 ----A---- C:\Windows\system32\wups.dll
2012-10-01 19:05:55 ----A---- C:\Windows\system32\wudriver.dll
2012-10-01 19:05:55 ----A---- C:\Windows\system32\wuapi.dll
2012-10-01 19:05:43 ----A---- C:\Windows\system32\wuwebv.dll
2012-10-01 19:05:43 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2012-10-01 20:26:38 ----RD---- C:\Program Files
2012-10-01 20:26:21 ----D---- C:\Windows\Temp
2012-10-01 20:25:22 ----D---- C:\Windows\System32
2012-10-01 20:25:22 ----D---- C:\Windows\inf
2012-10-01 20:25:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-01 20:22:30 ----D---- C:\Windows\Microsoft.NET
2012-10-01 20:22:29 ----RSD---- C:\Windows\assembly
2012-10-01 20:20:23 ----D---- C:\Windows\Prefetch
2012-10-01 20:19:47 ----D---- C:\Windows\system32\catroot
2012-10-01 20:15:00 ----D---- C:\Windows\system32\migration
2012-10-01 20:15:00 ----D---- C:\Windows\system32\cs-CZ
2012-10-01 20:14:59 ----D---- C:\Windows\system32\drivers
2012-10-01 20:14:59 ----D---- C:\Program Files\Internet Explorer
2012-10-01 20:12:20 ----D---- C:\Windows\winsxs
2012-10-01 20:11:30 ----D---- C:\Windows\system32\catroot2
2012-10-01 20:09:12 ----SHD---- C:\Windows\Installer
2012-10-01 19:57:20 ----SHD---- C:\System Volume Information
2012-10-01 19:27:02 ----D---- C:\Windows\rescache
2012-10-01 19:04:46 ----D---- C:\Windows\Tasks
2012-10-01 19:04:46 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
R1 MpKsld947382a;MpKsld947382a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B984B6F-320B-413D-861F-5689E9EC5F5C}\MpKsld947382a.sys [2012-10-01 29904]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-06-07 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 MicroGuard;MicroGuard Copy Protection; \??\C:\Windows\system32\drivers\mgnt.sys [1998-03-03 40480]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-10-16 10084360]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2010-08-12 292712]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-24 14848]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-06-07 134016]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 30208]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-06-07 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-06-07 16384]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-06-07 10752]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-06-07 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-06-07 5632]
S3 Flash1;Flash1; \??\C:\SwSetup\SP45070\winphlash\Flash1.SYS [2007-06-20 2816]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-06-07 24064]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-06-07 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-06-07 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-06-07 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-06-07 6016]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2010-08-12 292712]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\Windows\system32\DRIVERS\irstusb.sys [2008-06-07 30208]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2005-10-09 23600]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-06-07 83328]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-06-07 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-06-07 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-06-07 21504]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-03-24 121344]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-06-07 21504]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-06-07 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S2 gupdate1ca0dff66ebee40;Služba Google Update (gupdate1ca0dff66ebee40); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 138168]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[Rudy]

Zdravím!
Proč jste tedy v předchozím threadu psal, že všechno OK. Klidně jste si mohl poškodit systém svévolným použitím ComboFixu. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log. AVPTool lze použít i v nouz. režimu.

[mirotin]

Dobrý večer, totoje jiné PC, patří tchýni:-). Moje je už ok...zatím. Za chvíli vložím log z Kaspera, právě běží.

[Rudy]

Aha. Promiňte.

[mirotin]

Tak AVP tools po 3 hodinách scanu žádný detekovaný thread - takže nemám co nahrát...

[Rudy]

Dvouklikem na soubor C:\Program Files\trend micro\uzivatel.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60327
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Klikněte na >FixCheced a restartujte PC. Pak zkuste vyčistit PC CCleanerem: http://forum.viry.cz/viewtopic.php?f=46&t=7478 .

[mirotin]

Provedeno, žádná změna. Nejvíce obtěžuje ta obrovská prodleva od kliku pravou myší na plochu, než se zobrazí nabídka...
Dřív ten notebook jel jak po másle, mám podezření na nějakou HW závadu.
Je nějaká možnost diagnózy pomocí SW?

[Rudy]

Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[mirotin]

Tak tad je:


ComboFix 12-10-02.02 - uzivatel 02.10.2012 22:10:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1790.1032 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-02 do 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-10-02 20:17 . 2012-10-02 20:17 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2012-10-02 20:17 . 2012-10-02 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 19:12 . 2012-10-02 19:12 -------- d-----w- c:\program files\Defraggler
2012-10-02 19:09 . 2012-10-02 19:09 -------- d-----w- c:\program files\CrystalDiskInfo
2012-10-02 18:56 . 2012-10-02 18:56 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC4B571B-B151-44DB-8EE3-533D5AFC9398}\MpKsl6b88c897.sys
2012-10-02 18:10 . 2012-10-02 18:07 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3FA688B-AB9F-4B22-A417-BE161DD394DA}\gapaengine.dll
2012-10-02 18:09 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC4B571B-B151-44DB-8EE3-533D5AFC9398}\mpengine.dll
2012-10-02 18:01 . 2012-10-02 18:01 401720 ----a-w- c:\program files\HijackThis.exe
2012-10-01 20:34 . 2012-10-01 20:34 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-01 20:10 . 2012-10-01 20:10 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes
2012-10-01 20:10 . 2012-10-01 20:10 -------- d-----w- c:\programdata\Malwarebytes
2012-10-01 19:39 . 2012-10-01 19:40 669098 ----a-w- C:\ZALOHA.reg
2012-10-01 19:29 . 2012-10-01 19:30 -------- d-----w- C:\Upm
2012-10-01 18:29 . 2012-10-01 18:29 515664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-01 18:26 . 2012-10-02 18:20 -------- d-----w- c:\program files\trend micro
2012-10-01 18:26 . 2012-10-01 18:26 -------- d-----w- C:\rsit
2012-10-01 17:58 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-01 17:44 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-10-01 17:44 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-01 17:44 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-01 17:23 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-10-01 17:23 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-10-01 17:22 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-10-01 17:22 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-10-01 17:22 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-01 17:18 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-01 17:18 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-10-01 17:18 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-01 17:14 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-01 17:06 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-10-01 17:06 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-01 17:06 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-01 17:06 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-10-01 17:05 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-10-01 17:05 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-10-01 17:05 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-10-01 17:05 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-01 17:05 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 13:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-06-07 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3724288132-4467144-2032474500-1000]
"EnableNotificationsRef"=dword:00000003
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 63398774
*NewlyCreated* - 95296951
*NewlyCreated* - MPKSL6B88C897
*Deregistered* - 63398774
*Deregistered* - 95296951
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 14:42]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 14:42]
.
2012-10-01 c:\windows\Tasks\HPCeeScheduleForuzivatel.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.138.116.1 94.138.116.10
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-95296951.sys
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-02 22:17
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-10-02 22:19:24
ComboFix-quarantined-files.txt 2012-10-02 20:19
.
Před spuštěním: Volných bajtů: 19 122 167 808
Po spuštění: Volných bajtů: 18 940 567 552
.
- - End Of File - - B5CCFA19BC372557CCDD339779FB9DE8

[Rudy]

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
63398774
95296951

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkqazy ze skriptu.

[mirotin]

ComboFix 12-10-02.02 - uzivatel 02.10.2012 23:00:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1790.1009 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uzivatel\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_63398774
-------\Legacy_95296951
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-02 do 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-10-02 21:07 . 2012-10-02 21:09 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2012-10-02 21:07 . 2012-10-02 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 20:26 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2E6F4D1-7912-4D1C-894E-3C7E4B6F0B0F}\mpengine.dll
2012-10-02 19:12 . 2012-10-02 19:12 -------- d-----w- c:\program files\Defraggler
2012-10-02 18:10 . 2012-10-02 18:07 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3FA688B-AB9F-4B22-A417-BE161DD394DA}\gapaengine.dll
2012-10-02 18:01 . 2012-10-02 18:01 401720 ----a-w- c:\program files\HijackThis.exe
2012-10-01 20:34 . 2012-10-01 20:34 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-01 20:10 . 2012-10-01 20:10 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes
2012-10-01 20:10 . 2012-10-01 20:10 -------- d-----w- c:\programdata\Malwarebytes
2012-10-01 19:39 . 2012-10-01 19:40 669098 ----a-w- C:\ZALOHA.reg
2012-10-01 19:29 . 2012-10-01 19:30 -------- d-----w- C:\Upm
2012-10-01 18:29 . 2012-10-01 18:29 515664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-01 18:26 . 2012-10-02 18:20 -------- d-----w- c:\program files\trend micro
2012-10-01 18:26 . 2012-10-01 18:26 -------- d-----w- C:\rsit
2012-10-01 17:58 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-01 17:44 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-10-01 17:44 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-01 17:44 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-01 17:23 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-10-01 17:23 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-10-01 17:22 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-10-01 17:22 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-10-01 17:22 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-01 17:18 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-01 17:18 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-10-01 17:18 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-01 17:14 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-01 17:06 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-10-01 17:06 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-01 17:06 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-01 17:06 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-10-01 17:05 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-10-01 17:05 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-10-01 17:05 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-10-01 17:05 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-01 17:05 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 13:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-06-07 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3724288132-4467144-2032474500-1000]
"EnableNotificationsRef"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-01 c:\windows\Tasks\HPCeeScheduleForuzivatel.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.138.116.1 94.138.116.10
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-02 23:10
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\conime.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-10-02 23:13:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-02 21:13
ComboFix2.txt 2012-10-02 20:19
.
Před spuštěním: Volných bajtů: 18 973 540 352
Po spuštění: Volných bajtů: 18 611 134 464
.
- - End Of File - - 419A56871E4F1A0CDE7B70D1D7DC5B00

[Rudy]

Log již vypadá čistý. Nastala nějaká změna?

[mirotin]

Bohužel, co se týče plochy nikoliv, trochu svižněji startuje....

[Rudy]

Zkuste obnovu systému k datu, kdy korketně fungoval.

[mirotin]

asi to dopadne reinstalem systému....takto blbě šlape již asi rok....