Zaplněná fyzická paměť a pomalý pc

[maru1maru]

Dobrý den, od doby připojení mého PC na internet, je pomalý. Vím, že je tu malá fyzická paměť, ale dalo by se s tím něco dělat?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:56, on 29.9.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\werfault.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5161 bytes

[vyosek]

Zdravim a pekny den preji

Prectete si pravidla fora a dejte dle nich prislusny log z RSIT (je podrobnejsi nez HJT)

[maru1maru]

Tak tady je:

Logfile of random's system information tool 1.08 (written by random/random)
Run by maru at 2010-09-29 17:03:10
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 25 GB (36%) free of 68 GB
Total RAM: 478 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:30, on 29.9.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maru\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\maru\Downloads\RSIT.exe
C:\Program Files\trend micro\maru.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5325 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075862621-27575045-3734707588-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075862621-27575045-3734707588-1003UA.job
C:\Windows\tasks\Registry Reviver-maru-Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2009-09-15 1219072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-08-04 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2009-09-15 1219072]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-01-19 2267136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-29 17:03:10 ----D---- C:\rsit
2010-09-29 16:22:13 ----D---- C:\Program Files\Trend Micro
2010-09-27 21:40:53 ----D---- C:\Users\maru\AppData\Roaming\skypePM
2010-09-27 21:39:06 ----D---- C:\Users\maru\AppData\Roaming\Skype
2010-09-18 20:21:39 ----D---- C:\Program Files\CesarFTP
2010-09-18 17:53:15 ----A---- C:\Windows\UC.PIF
2010-09-18 17:53:15 ----A---- C:\Windows\RAR.PIF
2010-09-18 17:53:15 ----A---- C:\Windows\PKZIP.PIF
2010-09-18 17:53:15 ----A---- C:\Windows\PKUNZIP.PIF
2010-09-18 17:53:15 ----A---- C:\Windows\NOCLOSE.PIF
2010-09-18 17:53:15 ----A---- C:\Windows\LHA.PIF
2010-09-18 17:53:15 ----A---- C:\Windows\ARJ.PIF
2010-09-18 17:53:14 ----D---- C:\Users\maru\AppData\Roaming\GHISLER
2010-09-18 17:53:14 ----D---- C:\totalcmd
2010-09-18 16:03:22 ----D---- C:\PROGRAMF
2010-09-18 15:54:51 ----D---- C:\ProgramData\ReviverSoft
2010-09-18 15:54:05 ----D---- C:\Users\maru\AppData\Roaming\OpenCandy
2010-09-18 15:54:02 ----D---- C:\Program Files\ExtractNow
2010-09-16 20:55:30 ----A---- C:\Windows\system32\usp10.dll
2010-09-16 20:55:27 ----A---- C:\Windows\system32\spoolsv.exe
2010-09-16 20:55:24 ----A---- C:\Windows\system32\MP4SDECD.DLL
2010-09-16 20:51:31 ----A---- C:\Windows\system32\inetcomm.dll
2010-09-16 20:36:08 ----D---- C:\Windows\pss
2010-09-15 08:30:21 ----D---- C:\Users\maru\AppData\Roaming\inkscape
2010-09-15 08:07:32 ----D---- C:\Program Files\Inkscape
2010-09-15 07:56:35 ----D---- C:\Program Files\GIMP-2.0
2010-09-08 14:19:50 ----D---- C:\Program Files\ESET
2010-09-06 22:45:20 ----RASH---- C:\MSDOS.SYS
2010-09-06 22:45:20 ----RASH---- C:\IO.SYS
2010-09-06 22:44:34 ----A---- C:\Windows\system32\javaws.exe
2010-09-06 22:44:34 ----A---- C:\Windows\system32\javaw.exe
2010-09-06 22:44:34 ----A---- C:\Windows\system32\java.exe
2010-09-06 22:28:57 ----D---- C:\Users\maru\AppData\Roaming\WinRAR
2010-09-03 23:18:44 ----D---- C:\Program Files\Zrychleni Pocitace
2010-09-03 21:46:42 ----D---- C:\Program Files\ICQ6Toolbar
2010-09-03 21:46:32 ----D---- C:\ProgramData\ICQ
2010-09-03 21:46:22 ----D---- C:\Users\maru\AppData\Roaming\ICQ
2010-09-03 21:46:12 ----D---- C:\Program Files\ICQ7.2
2010-09-02 20:15:21 ----D---- C:\ProgramData\Sun
2010-09-02 20:14:25 ----A---- C:\Windows\system32\deployJava1.dll
2010-08-30 23:00:08 ----D---- C:\Users\maru\AppData\Roaming\XnView
2010-08-30 22:44:37 ----D---- C:\Program Files\XnView

======List of files/folders modified in the last 1 months======

2010-09-29 17:03:30 ----D---- C:\Windows\Temp
2010-09-29 17:03:27 ----D---- C:\Windows\Prefetch
2010-09-29 16:22:13 ----RD---- C:\Program Files
2010-09-29 15:59:44 ----D---- C:\Windows\system32\catroot
2010-09-29 15:59:41 ----D---- C:\Windows\system32\catroot2
2010-09-29 15:59:38 ----D---- C:\Windows\winsxs
2010-09-28 11:50:11 ----SHD---- C:\System Volume Information
2010-09-28 09:38:31 ----D---- C:\Windows
2010-09-27 20:22:50 ----D---- C:\Windows\system32\drivers
2010-09-27 20:17:41 ----D---- C:\Windows\System32
2010-09-27 20:17:40 ----D---- C:\Windows\inf
2010-09-27 20:17:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-27 17:16:05 ----SHD---- C:\Windows\Installer
2010-09-23 20:58:51 ----D---- C:\Program Files\Crawler
2010-09-18 21:21:35 ----D---- C:\Windows\LiveKernelReports
2010-09-18 16:11:05 ----D---- C:\Windows\system32\Tasks
2010-09-18 15:59:26 ----D---- C:\Windows\Tasks
2010-09-18 15:54:51 ----HD---- C:\ProgramData
2010-09-18 08:14:38 ----SHD---- C:\$Recycle.Bin
2010-09-18 08:13:19 ----RD---- C:\Users
2010-09-17 23:30:50 ----D---- C:\Program Files\Windows Mail
2010-09-16 23:21:41 ----A---- C:\Windows\win.ini
2010-09-16 23:19:02 ----A---- C:\Windows\system32\mrt.exe
2010-09-16 20:17:41 ----D---- C:\Program Files\WinClamAVShield
2010-09-16 20:09:23 ----D---- C:\Users\maru\AppData\Roaming\Spyware Terminator
2010-09-08 14:27:13 ----D---- C:\Program Files\Spyware Terminator
2010-09-08 14:20:53 ----D---- C:\ProgramData\Spyware Terminator
2010-09-08 14:19:50 ----D---- C:\ProgramData\ESET
2010-09-07 21:57:41 ----D---- C:\Program Files\WinRAR
2010-09-06 22:49:21 ----D---- C:\Program Files\Mozilla Firefox
2010-09-06 22:45:21 ----D---- C:\Program Files\IceTec Studios Arcade
2010-09-06 22:45:02 ----D---- C:\Program Files\Java
2010-09-06 00:03:15 ----SD---- C:\Users\maru\AppData\Roaming\Microsoft
2010-09-03 21:46:38 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-02 20:15:11 ----D---- C:\Program Files\Common Files\Java
2010-08-31 20:42:43 ----D---- C:\Windows\system32\WDI
2010-08-30 22:17:18 ----D---- C:\Windows\Microsoft.NET
2010-08-30 22:17:15 ----RSD---- C:\Windows\assembly
2010-08-30 21:34:16 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-08-30 395312]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-01-19 142592]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2006-12-13 309760]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-08 4462152]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-01-19 540672]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[vyosek]

Vypnete u Spyware Terminatora rezidentni stit, jelikoz se Vam pere s NODem a Windows Defenderem - pouzivejte ST jen na obcasny rucni sken - vypnu jej taktez ve sluzbach a ve spousteni at na to nemusite pokazde myslet. Proste ST bude jen na rucni skenovani

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  services.msc

• Kliknete na OK
• Najdete sluzby nize
• Spyware Terminator Realtime Shield Service
• U kazde provedte toto
  • Klik na ni pravym mysidlem a zvolit Vlastnosti
  • Nyní klik na Zastavit
  • Typ spousteni nastavit na Zakazano
  • Potvrdte kliknutim na OK

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKCU\Software\Microsoft\Internet Explorer\Main]
  "Start Page"="www.google.com"
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
  "{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
  
  :files
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
  C:\Program Files\ICQ6Toolbar
  C:\PROGRA~1\Crawler\ctbr.dll
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075862621-27575045-3734707588-1003Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075862621-27575045-3734707588-1003UA.job
  C:\Windows\tasks\Registry Reviver-maru-Startup.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Kliknete na cervene tlacitko MoveIt!
• Sem pote dejte obsah okna Results (pod zelenou carou)
• Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

[maru1maru]

NOD mám teprve od pondělka a Spyware byl již vypnutý, když jsem spustila services. Problémy s pamětí byly dříve. Program OTM mi nejprve chvíli pracoval, pak přestal (hlášení win, že nepracuje). Při druhém pokusu:
All processes killed
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"www.google.com" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk\ not found.
========== FILES ==========
File/Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk not found.
File/Folder C:\Program Files\ICQ6Toolbar not found.
File/Folder C:\PROGRA~1\Crawler\ctbr.dll not found.
File/Folder C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075862621-27575045-3734707588-1003Core.job not found.
File/Folder C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075862621-27575045-3734707588-1003UA.job not found.
File/Folder C:\Windows\tasks\Registry Reviver-maru-Startup.job not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Agentura ČB
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: CVB Praha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: maru
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 8147476 bytes
->Flash cache emptied: 27738 bytes

User: Public

User: Tomík
->Temp folder emptied: 38480 bytes
->Temporary Internet Files folder emptied: 111675 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38712199 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35626715 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 1428 bytes
RecycleBin emptied: 477427141 bytes

Total Files Cleaned = 534,00 mb


Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.16.1 log created on 09292010_175541

Files moved on Reboot...

Registry entries deleted on Reboot...

[vyosek]

Doufam ze NOD mate v planu po vyprseni trial licence koupit a ne cracknout

Jdeme dale v cisteni
TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Napiste jak se chova PC, ci doslo ke zlepseni

[maru1maru]

Cracknout ani neumím, takže koupit

TFC smazal 10MB

CCleaner trochu víc. Je Advanced system care něco podobného? Mám tu na něj licenci, ale není nainstalovaný.

Jinak PC se chová stále stejně - paměť běží okolo 84% - i když je vše kromě správce úloh vypnuté, CPU většinou pod 10%.

[vyosek]

Advance System Care je cinsky smejd, mezi zdejsimi radci neni doporucovan ani obliben, asi i proto ze ukradli databazi haveti spolecnosti co dela MBAM...Ona ta pamet niz ani nepujde, mate malo RAM pameti na Visty, na Visty je doporuceno minimun 1 giga, Vy mate 478 MB...Doporucuji zakoupit RAMky...

[maru1maru]

Děkuji.
Mě jen zaráží, že před připojením internetu nebyl problém (upravovala jsem hd videa vcelku v klidu - na rodinném pc to nejde a ten má paměť daleko větší), teď běží něco neustále. Ale asi mi nezbyde nic jiného než přidat tu paměť. PC jsem dostala od kamaráda - rušil kancelář, je ještě v záruce, měl být na kancelářské věci, ale v současném stavu je i problém spustit word a spol.

[vyosek]

Kouknem tedy po nejake te haveti jeste...
Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[maru1maru]

Tak Antimalware čisto. Ještě mě napadlo - ten pc byl v podstatě rok a půl bez internetu, nemohla to zpomalení udělat nějaká aktualizace, co se sputila jak se to připojilo na net?

[vyosek]

Pokud nebyl PC pul roku pripojen, tak za tu dobu vyslo urcite spousty aktualizaci, ktere je vsak nutne v ramci bezpecnostni stahnout...
Udelejte mi screen spravce zarizeni a podivame se na to co tam tak papa pamet...

[maru1maru]

Tohle je výpis ze sledování paměti, ještě se pokusím to dostat nějak do obrázku

Název procesu PID Chyby stránkování/min Svěření (kB) Pracovní sada (kB) Ke sdílení (KB) Soukromé (kB)
svchost.exe (LocalSystemNetworkRestricted) 1044 0 34168 28412 3236 25176
chrome.exe 3044 0 23848 40808 18704 22104
ekrn.exe 1768 0 54984 19992 2112 17880
explorer.exe 2864 0 42756 26816 11240 15576
SearchIndexer.exe 192 0 27896 13272 4596 8676
chrome.exe 3944 0 11576 17332 10896 6436
svchost.exe (netsvcs) 1080 1 55476 9448 3404 6044
perfmon.exe 3056 0 7288 13212 7276 5936
svchost.exe (secsvcs) 892 0 70740 6852 1488 5364
audiodg.exe 1140 0 10856 6992 2076 4916
chrome.exe 1332 0 12048 10428 6232 4196
csrss.exe 524 0 7904 6556 2660 3896
svchost.exe (LocalServiceNoNetwork) 1564 0 11268 4612 1584 3028
svchost.exe (NetworkService) 1388 0 15272 4108 1404 2704
svchost.exe (LocalServiceNetworkRestricted) 1004 0 14564 3392 1484 1908
taskmgr.exe 2708 0 2240 8004 6224 1780
svchost.exe (LocalService) 1268 0 6596 2968 1296 1672
svchost.exe (rpcss) 860 0 3060 2484 988 1496
egui.exe 3144 0 5312 2644 1384 1260
taskeng.exe 2644 0 9148 2396 1232 1164
svchost.exe (DcomLaunch) 796 0 2864 2428 1280 1148
services.exe 564 0 2284 1636 640 996
taskeng.exe 4028 0 1176 3884 3068 816
spoolsv.exe 1540 0 6172 1152 376 776
lsass.exe 596 0 3048 1320 532 788
csrss.exe 472 0 1724 1780 1084 696
winlogon.exe 612 0 1924 1968 1340 628
lsm.exe 604 0 1568 1064 504 560
svchost.exe (GPSvcGroup) 1168 0 1784 1040 480 560
MDM.EXE 1920 0 1280 420 148 272
taskeng.exe 1940 0 1812 356 152 204
dwm.exe 2796 0 1072 256 88 168
svchost.exe (imgsvc) 1972 0 4172 172 24 148
svchost.exe (NetworkServiceNetworkRestricted) 1944 0 1960 164 24 140
WUDFHost.exe 904 0 2860 172 56 116
SLsvc.exe 1216 0 5640 108 - 108
svchost.exe (WerSvcGroup) 2020 0 532 120 24 96
wininit.exe 516 0 1144 140 48 92
System 4 0 16560 220 136 84
svchost.exe (bthsvcs) 1736 0 2116 128 48 80
smss.exe 404 0 252 108 28 80

[maru1maru]

Přikládám ze správce úloh seznam seřazený dle paměti.

[vyosek]

Videl bych problem v te male RAM pameti, jak jsem psal, 478MB je velmi velmi malo pro Visty, ktere jsou sileny zrout...