Procesor výkon na 100%, klávesnice velice zpomalená

[UkoJesita]

Dobrý den,
od kamaráda z anglie jsem si přivezl notebook Aspire 1642ZWLMi, na kterém byly nainstalovány Windows 7 Ultimate (nová instalace). Po nabootování po chvíli téměř přestala fungovat klávesnie a myš, což jsem si myslel, že by mohlo být způsobeno nenainstalovanými ovladači a slabým výkonem, proto jsem operační sysém přeinstaloval a to konkrétně doubleboot Windows XP a Ubuntu 10.04. Ubuntu funguje naprosto perfektně, proto jsem se vrhnul na zprovoznění XPček...Bohužel problém je stejný jako s Windows 7. Zjistil jsem, že při nabootování do Nouzového režimu vše funguje v pořádku. Nějakým způsobem se mi dokonce podařilo nainstalovat všechny ovladače, Avast a AdAware, které jsem ihned zpustil a počítač prověřil - nebylo nalezeno vůbec nic. Počítač jede pořád na 100%, myší lze normálně pohybovat, programy spouštět a běží i docela rychle, avšak klávesnice reaguje velmi pomalu, téměř nereaguje, vynechává, což se změní pouze, když spustím nějaký progam na prověření počítače...v takovém případě, jako by se vir sám vypnul (či utlumil). Počítač jsem prověřil také Malwbytes' Anti-Malware, rovněž nic nenašel.
Z chování jsem vydedukoval, že vir nejspíš musí být v MBR tabulce.

Výpis logu z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:14, on 23.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\acer\epm\epm-dm.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 5503 bytes

Za jakoukoliv odpověď předem děkuji.

[UkoJesita]

...ještě bych doplnil, že také vypínání je velice pomalé.

[riffman]

zdravim

stahnete a ulozte na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[UkoJesita]

Tady je výpis z ComboFixu:
ComboFix 10-08-22.05 - Administrator 23.08.2010 13:58:01.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.589 [GMT 2:00]
Spuštěný z: c:\documents and settings\Stepan\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-23 do 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-23 11:53 . 2010-08-23 11:52 390144 ----a-w- c:\windows\system32\CF8060.exe
2010-08-23 11:52 . 2010-08-23 11:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-23 11:52 . 2010-08-23 11:57 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2010-08-23 11:52 . 2010-08-20 17:43 -------- d-----w- c:\documents and settings\Administrator\Dokumenty
2010-08-23 11:51 . 2010-08-23 11:52 -------- d-----w- c:\documents and settings\Administrator
2010-08-23 11:51 . 2010-08-20 17:43 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2010-08-23 11:51 . 2010-08-20 17:43 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2010-08-23 11:51 . 2010-08-20 17:43 -------- d-----w- c:\documents and settings\Administrator\Plocha
2010-08-23 11:51 . 2010-08-20 17:43 -------- d-----w- c:\documents and settings\Administrator\Oblíbené položky
2010-08-23 11:51 . 2010-08-20 17:43 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2010-08-23 11:51 . 2010-08-20 16:52 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2010-08-23 11:40 . 2010-08-23 11:40 390144 ----a-w- c:\windows\system32\CF5653.exe
2010-08-23 10:17 . 2010-08-23 10:17 -------- d-----w- c:\program files\Trend Micro
2010-08-23 10:06 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 10:06 . 2010-08-23 10:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 10:06 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 09:56 . 2010-08-23 09:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-23 09:35 . 2010-08-23 09:35 -------- d-----w- c:\windows\system32\KB905474
2010-08-23 09:26 . 2010-08-23 09:27 -------- d-----w- C:\Downloads
2010-08-23 09:25 . 2010-08-23 09:27 -------- d-----w- C:\Drivers_Aspire1642ZWLMi
2010-08-23 08:53 . 2005-06-08 09:03 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-08-23 08:52 . 2010-08-23 08:52 -------- d-sh--w- c:\documents and settings\Stepan\IETldCache
2010-08-23 01:21 . 2010-06-24 12:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-23 01:21 . 2010-06-24 15:57 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-23 01:21 . 2010-06-24 12:27 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-23 01:21 . 2010-06-24 12:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-23 01:21 . 2010-06-24 12:27 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-23 01:21 . 2010-06-24 12:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-23 01:21 . 2010-06-24 12:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-23 01:20 . 2010-08-23 01:22 -------- d-----w- c:\windows\ie8updates
2010-08-23 01:20 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-23 01:18 . 2010-08-23 01:20 -------- dc-h--w- c:\windows\ie8
2010-08-23 01:14 . 2010-08-23 01:14 737280 ----a-w- c:\windows\iun6002.exe
2010-08-23 01:14 . 2010-08-23 01:14 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-08-23 01:13 . 2010-08-23 01:13 -------- d-----w- c:\program files\Mv2Player
2010-08-23 01:12 . 2010-08-23 01:13 -------- d-----w- c:\program files\Pidgin
2010-08-23 01:03 . 2004-10-15 08:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2010-08-23 01:03 . 2010-08-23 01:12 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-08-23 01:01 . 2004-10-29 16:48 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
2010-08-23 01:01 . 2004-10-15 08:20 458752 ----a-w- c:\windows\system32\w29NCPA.dll
2010-08-23 01:00 . 2005-06-30 14:58 7296 ----a-w- c:\windows\system32\drivers\osaio.sys
2010-08-23 01:00 . 2005-01-14 13:57 4010 ----a-w- c:\windows\system32\drivers\osanbm.sys
2010-08-23 00:59 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-23 00:59 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-08-23 00:59 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-23 00:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-08-23 00:54 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-23 00:49 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-23 00:49 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-08-23 00:48 . 2010-08-23 00:48 -------- d-----w- c:\windows\Logs
2010-08-23 00:48 . 2010-08-23 00:48 -------- d-----w- c:\program files\Winamp Detect
2010-08-23 00:48 . 2010-08-23 00:50 -------- d-----w- c:\program files\Winamp
2010-08-23 00:37 . 2010-08-23 00:37 -------- d-----w- c:\program files\Common Files\Skype
2010-08-23 00:37 . 2010-08-23 00:38 -------- d-----r- c:\program files\Skype
2010-08-23 00:32 . 2009-01-07 16:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-08-23 00:32 . 2010-08-23 09:05 -------- d--h--w- c:\windows\$hf_mig$
2010-08-23 00:13 . 2010-08-23 00:13 0 ----a-w- c:\windows\nsreg.dat
2010-08-22 23:49 . 2010-08-22 23:49 -------- dc----w- c:\windows\system32\DRVSTORE
2010-08-22 23:49 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-22 23:49 . 2010-08-22 23:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-22 23:45 . 2010-08-22 23:45 -------- d-----w- c:\program files\Lavasoft
2010-08-22 23:16 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-22 23:16 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-22 23:16 . 2010-04-28 05:45 2068992 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-22 23:16 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-22 22:48 . 2010-08-22 22:48 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2010-08-22 22:47 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-22 22:47 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-22 22:47 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-22 22:47 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-22 22:47 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-22 22:47 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-22 22:47 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-22 22:46 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-22 22:46 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-22 22:28 . 2010-08-22 22:28 -------- d-----w- c:\program files\Alwil Software
2010-08-22 22:24 . 2010-08-22 22:24 -------- d-s---w- c:\documents and settings\Stepan\UserData
2010-08-22 22:17 . 2010-08-23 12:10 -------- d-----w- c:\windows\system32\Lang
2010-08-22 22:14 . 2004-10-08 12:44 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-08-22 22:14 . 2004-10-08 12:46 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-08-22 22:14 . 2004-10-08 12:36 90202 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-08-22 22:14 . 2004-10-08 12:33 185824 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-08-22 22:14 . 2004-10-08 12:36 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2010-08-22 22:14 . 2004-10-08 12:35 77917 ----a-w- c:\windows\system32\SynCOM.dll
2010-08-22 22:14 . 2010-08-22 22:14 -------- d-----w- c:\program files\Synaptics
2010-08-22 22:12 . 2010-08-23 01:08 -------- d-----w- c:\program files\Launch Manager
2010-08-22 22:12 . 2010-08-22 22:12 -------- d-----w- c:\windows\OPTIONS
2010-08-22 22:12 . 2010-08-22 22:12 -------- d-----w- c:\program files\Acer Inc
2010-08-22 22:11 . 2010-08-23 01:01 -------- d-----w- C:\Acer
2010-08-22 22:11 . 2005-04-07 16:08 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2010-08-22 22:11 . 2004-09-01 21:57 221258 ----a-w- c:\windows\system32\Epm-Po.dll
2010-08-22 22:11 . 2004-07-19 11:10 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2010-08-22 22:10 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-08-22 22:08 . 2008-04-13 22:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-08-22 22:08 . 2008-04-13 22:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-08-22 22:08 . 2008-04-13 22:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-08-22 22:08 . 2008-04-13 22:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-08-22 22:08 . 2008-04-13 20:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-08-22 22:08 . 2008-04-13 22:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-08-22 22:08 . 2008-04-13 22:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-08-22 22:08 . 2008-04-13 22:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-08-22 22:08 . 2008-04-13 22:09 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-08-22 22:08 . 2008-04-13 22:09 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-08-22 22:08 . 2008-04-13 22:09 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-08-22 22:06 . 2008-04-14 06:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-08-22 22:06 . 2008-04-13 22:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-08-22 22:06 . 2008-04-13 22:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-08-22 22:06 . 2005-07-26 14:54 2806784 ----a-w- c:\windows\ALCWZRD.EXE
2010-08-22 22:06 . 2005-05-03 16:43 69632 ----a-w- c:\windows\ALCMTR.EXE
2010-08-22 22:06 . 2005-08-09 13:17 14743552 ----a-w- c:\windows\RTHDCPL.EXE
2010-08-22 22:06 . 2010-08-22 22:07 -------- d-----w- c:\windows\system32\RTCOM
2010-08-22 22:06 . 2005-08-09 14:43 3855360 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-08-22 22:06 . 2005-08-04 14:31 2114560 ----a-w- c:\windows\MicCal.exe
2010-08-22 22:06 . 2005-07-28 12:20 9702912 ----a-w- c:\windows\RTLCPL.EXE
2010-08-22 22:06 . 2005-06-21 13:09 90112 ----a-w- c:\windows\SOUNDMAN.EXE
2010-08-22 22:06 . 2005-05-18 11:38 40960 ----a-w- c:\windows\system32\ChCfg.exe
2010-08-22 22:05 . 2010-08-22 22:05 -------- d-----w- c:\program files\Realtek
2010-08-22 21:56 . 2010-08-22 21:56 -------- d-----w- c:\windows\Downloaded Installations
2010-08-21 14:45 . 2010-08-23 01:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-21 14:41 . 2004-12-09 10:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2010-08-21 14:41 . 2004-12-08 12:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-08-21 14:41 . 2002-12-19 13:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-08-21 14:41 . 2005-01-10 14:48 147456 ----a-w- c:\windows\UNINST32.EXE
2010-08-21 14:36 . 2005-04-16 20:20 487424 ----a-w- c:\windows\RtlExUpd.dll
2010-08-21 14:35 . 2010-08-22 21:56 -------- d-----w- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 09:22 . 2008-04-14 12:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-08-23 09:22 . 2008-04-14 12:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2010-08-22 22:05 . 2010-08-20 16:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-22 22:05 . 2010-08-20 16:56 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-08-22 22:01 . 2010-08-20 16:56 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-08-20 16:58 . 2010-08-20 16:58 -------- d-----w- c:\program files\microsoft frontpage
2010-08-20 16:53 . 2010-08-20 16:53 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-30 12:33 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-08-20 16:54 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-07 26211624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 200704]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-18 462848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23.8.2010 1:49 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.8.2010 0:47 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.8.2010 0:47 17744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6.7.2010 19:28 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [23.8.2010 1:49 15008]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 23:49]

2010-08-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-23 20:18]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Stepan\Data aplikací\Mozilla\Firefox\Profiles\ucik3iqw.default\
FF - prefs.js: browser.startup.homepage - About:Blank
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ProInst - c:\windows\Installer\iProInst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 14:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2896)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Alwil Software\Avast5\setup\avast.setup
c:\acer\eManager\anbmServ.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-08-23 14:13:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-23 12:13

Před spuštěním: Volných bajtů: 18 814 390 272
Po spuštění: Volných bajtů: 18 836 860 928

- - End Of File - - 31E7D077CE3FC65960B466A5201D412B

[UkoJesita]

Dokázal by mi prosím někdo poradit, zda ten výpis je v pořádku? Předem děkuji za odpověď.

[riffman]

Combofix nasel a smazal nejake svinstvo, jak se tvari pocitac?

[UkoJesita]

Nejspíš je to pořád stejné. Procesor běží pořád téměř na 100 procent:( Také klávesnice pořádně nefunguje a vynechává, ale to by asi mohlo být tím, využitím CPU. Nějaké další nápady?

[riffman]

stahnete GMER , rozbalte a spustte


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem

[UkoJesita]

Dobrý den,
omlouvám se za odmlku, byl jsem na dovolené. Můj problém stále přetrvává. Budu rád za každou radu. Tady je log z gmer:
========================
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-31 01:18:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxrdypod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAA160B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAA1609C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAA160AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
=============================================
druhý log z gmer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 01:08:18
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxrdypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA153CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA153B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAA154142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA15406C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA153764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA153C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA1536A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA153708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA153D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAA154210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA153D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA153EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAA160B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAA1609C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAA160AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP AA160AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP AA1609C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP AA15C5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP AA15DF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP AA160BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3420] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3472] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 35

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Stepan\Local Settings\temp\plugtmp\plugin-banners5-2.asp 1936 bytes
File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log 131072 bytes
File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes

---- EOF - GMER 1.0.15 ----

[riffman]

tady nic nevidim

kdyz koukete do spravce uloh, ktery proces zatezuje procesor nejvice?