Téměř neustálé vytížení PC na 100 % při nějaké činnosti

[mantisa]

Dobrý den,
prosím o radu s PC - neustále je vytěžován na 100 % při nějaké činnosti. Stačí jen brouzdat na netu - při otevření dvou záložek čekám doslova věčnost. Problém je například i při načítání videa atd. Problém se vyskytl nedávno, dříve tak pomalý PC nebyl. Přikládám log. Díky

Logfile of random's system information tool 1.09 (written by random/random)
Run by Vit at 2011-08-11 14:11:44
Systém Microsoft Windows XP Professional Service Pack 2
System drive G: has 75 GB (49%) free of 153 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:11:51, on 11.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\AVAST Software\Avast\AvastSvc.exe
G:\WINDOWS\vsnpstd.exe
G:\Program Files\AVAST Software\Avast\avastUI.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\UAService7.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\Vit\Dokumenty\Stažené soubory\RSIT(1).exe
G:\Program Files\trend micro\Vit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [snpstd] G:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [StartCCC] "G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "G:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - http://asp01.photoprintit.de/microsite/ ... loader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - G:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - G:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - G:\WINDOWS\system32\UAService7.exe

--
End of file - 7855 bytes

======Scheduled tasks folder======

G:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
G:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - G:\Documents and Settings\Vit\Data aplikací\Mozilla\Firefox\Profiles\n19xuzxt.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"wrc@avast.com"=G:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=G:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=G:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=g:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=G:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=G:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=G:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=G:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=G:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

G:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

G:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

G:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
nppdf32.dll
nppl3260.dll
nprpjplug.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

G:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - G:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - G:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-08 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - G:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-10 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - G:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-08 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - G:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-08 256112]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - G:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"snpstd"=G:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"StartCCC"=G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"avast"=G:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"KernelFaultCheck"=G:\WINDOWS\system32\dumprep 0 -k []
"Adobe ARM"=G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-09 39408]
"ctfmon.exe"=G:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"PowerBar"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
G:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x43010000
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoBandCustomize"=0
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="G:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"G:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="G:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"G:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="G:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="G:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="G:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="G:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"G:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="G:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"G:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="G:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"G:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="G:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"G:\WINDOWS\system32\dpvsetup.exe"="G:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"G:\Program Files\EA SPORTS\FIFA 07\fifa07.exe"="G:\Program Files\EA SPORTS\FIFA 07\fifa07.exe:*:Enabled:fifa07"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\Program Files\ICQ6.5\ICQ.exe"="G:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"G:\Program Files\Google\Google Earth\plugin\geplugin.exe"="G:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"G:\Program Files\Skype\Plugin Manager\skypePM.exe"="G:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"G:\WINDOWS\system32\rundll32.exe"="G:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"G:\Program Files\Skype\Phone\Skype.exe"="G:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\Program Files\MSN Messenger\msnmsgr.exe"="G:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"G:\Program Files\MSN Messenger\msncall.exe"="G:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=G:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"MIDI1"=SYNCOR11.DLL
"MSVideo8"=VfWWDM32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"VIDC.I420"=msh263.drv
"msacm.l3acm"=G:\WINDOWS\system32\l3codeca.acm
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-10 20:18:45 ----D---- G:\Documents and Settings\Vit\Data aplikací\vlc
2011-08-10 20:14:56 ----D---- G:\Program Files\VideoLAN
2011-08-09 15:06:09 ----D---- G:\Program Files\AMD APP
2011-08-09 15:05:39 ----D---- G:\Program Files\ATI
2011-08-09 13:46:56 ----D---- G:\Program Files\Defraggler
2011-08-09 13:30:02 ----D---- G:\Program Files\CCleaner
2011-07-28 22:48:44 ----D---- G:\Documents and Settings\Vit\Data aplikací\Malwarebytes
2011-07-28 22:48:37 ----D---- G:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-28 18:13:33 ----D---- G:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-28 18:13:15 ----D---- G:\Program Files\SUPERAntiSpyware
2011-07-28 18:13:15 ----D---- G:\Documents and Settings\Vit\Data aplikací\SUPERAntiSpyware.com
2011-07-25 17:44:04 ----D---- G:\Program Files\CodeStuff

======List of files/folders modified in the last 1 month======

2011-08-11 14:11:47 ----D---- G:\Program Files\trend micro
2011-08-11 14:04:12 ----D---- G:\WINDOWS\temp
2011-08-11 10:00:26 ----D---- G:\WINDOWS\system32\ias
2011-08-11 03:44:40 ----A---- G:\WINDOWS\SchedLgU.Txt
2011-08-11 03:34:31 ----D---- G:\WINDOWS\Prefetch
2011-08-10 20:14:56 ----RD---- G:\Program Files
2011-08-10 19:37:43 ----A---- G:\WINDOWS\NeroDigital.ini
2011-08-09 15:16:41 ----SD---- G:\Documents and Settings\Vit\Data aplikací\Microsoft
2011-08-09 15:16:40 ----D---- G:\Documents and Settings\Vit\Data aplikací\Adobe
2011-08-09 15:06:13 ----SHD---- G:\WINDOWS\Installer
2011-08-09 15:06:13 ----D---- G:\Config.Msi
2011-08-09 15:06:11 ----D---- G:\WINDOWS\system32
2011-08-09 15:06:03 ----D---- G:\Program Files\ATI Technologies
2011-08-09 15:05:42 ----D---- G:\WINDOWS
2011-08-09 14:58:55 ----D---- G:\Program Files\Common Files\Adobe
2011-08-09 14:58:48 ----D---- G:\WINDOWS\WinSxS
2011-08-09 14:58:38 ----D---- G:\Documents and Settings\All Users\Data aplikací\Adobe
2011-08-09 14:58:21 ----D---- G:\Program Files\Adobe
2011-08-09 13:44:08 ----D---- G:\Program Files\Google
2011-08-09 13:35:16 ----D---- G:\Documents and Settings\Vit\Data aplikací\Azureus
2011-08-09 13:35:15 ----D---- G:\WINDOWS\SoftwareDistribution
2011-08-09 13:35:15 ----D---- G:\WINDOWS\Minidump
2011-08-09 13:35:15 ----D---- G:\WINDOWS\Logs
2011-08-09 13:35:15 ----D---- G:\WINDOWS\Debug
2011-08-08 00:14:33 ----D---- G:\Documents and Settings\Vit\Data aplikací\Skype
2011-08-08 00:02:04 ----D---- G:\Documents and Settings\Vit\Data aplikací\skypePM
2011-08-07 16:33:49 ----D---- G:\Program Files\Playrix Games
2011-08-06 11:23:01 ----D---- G:\WINDOWS\system32\CatRoot2
2011-08-01 15:39:18 ----SD---- G:\WINDOWS\Downloaded Program Files
2011-07-29 02:18:16 ----D---- G:\WINDOWS\system32\drivers
2011-07-28 22:34:41 ----D---- G:\Program Files\Common Files\Wise Installation Wizard
2011-07-28 17:05:26 ----D---- G:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; G:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-01-26 20576]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); G:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 SiSide;SiSide; G:\WINDOWS\system32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sisidex;sisidex; G:\WINDOWS\system32\drivers\sisidex.sys [2002-10-17 49024]
R0 sisperf;Add Performance Filter Driver; G:\WINDOWS\system32\drivers\sisperf.sys [2002-08-20 9472]
R0 SiSRaid;SiSRaid; G:\WINDOWS\system32\DRIVERS\SiSRaid.sys [2003-12-09 45568]
R0 uagp35;Filtr Microsoft AGPv3.5; G:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; G:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; G:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 aswRdr;aswRdr; G:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; G:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; G:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; G:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 intelppm;Řadič procesoru Intel; G:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 truecrypt;truecrypt; G:\WINDOWS\System32\drivers\truecrypt.sys [2007-11-21 188672]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; G:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; G:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;avast! Standard Shield Support; G:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R3 aeaudio;aeaudio; G:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; G:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 Pcouffin;Low level access layer for CD devices; G:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-07-25 47360]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; G:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 smwdm;smwdm; G:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 snpstd;VideoCAM Trek; G:\WINDOWS\system32\DRIVERS\snpstd.sys [2005-06-20 390912]
S3 catchme;catchme; \??\G:\DOCUME~1\Vit\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; G:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hamachi;Hamachi Network Interface; G:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-05-30 25544]
S3 HidUsb;Ovladač třídy standardu HID; G:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; G:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; G:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; G:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 k750bus;Sony Ericsson 750 driver (WDM); G:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; G:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; G:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; G:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; G:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; G:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; G:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; G:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-17 10880]
S3 nm;Ovladač programu Sledování sítě; G:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 SLIP;BDA Slip De-Framer; G:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\G:\DOCUME~1\Vit\LOCALS~1\Temp\sony_ssm.sys []
S3 streamip;BDA IPSink; G:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; G:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; G:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;Siemens SX1; G:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; G:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; G:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WUDFRd;WUDFRd; G:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; G:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
R2 avast! Antivirus;avast! Antivirus; G:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 UserAccess7;SecuROM User Access Service (V7); G:\WINDOWS\system32\UAService7.exe [2008-03-13 225280]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; G:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 ATI Smart;ATI Smart; G:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 gupdate;Služba Google Update (gupdate); G:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
S2 Pml Driver HPZ12;Pml Driver HPZ12; G:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); G:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
S3 gusvc;Google Software Updater; G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-09 182768]
S3 NBService;NBService; G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S4 aswUpdSv;avast! iAVS4 Control Service; G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

G:\Program Files\trend micro\Vit.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

Google Software Updater

NBService - Nero AG

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dejmi sem z něj log, předem nic nemazat !!!


P.S. jakou máš verzi Firefoxu ?

Já jen že od verze 4.0 se jim nějak nepovedla pro použití na slabších strojích, tam je ideál 3.6

[mantisa]

Všechno provedeno, v mbam vůbec nic nezjištěno (rychlá kontrola). Firefix mám 5.0, ale ty samé problémy jsou i v Exploreru.

[Roli]

Tak použijeme větší kalibr jen pozorně čti, protože tenhle softík netoleruje chyby.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[mantisa]

Tak tady je ten log z ComboFixu:

ComboFix 11-08-11.02 - Vit 11.08.2011 15:58:06.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.493 [GMT 2:00]
Spuštěný z: g:\documents and settings\Vit\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
g:\documents and settings\Vit\WINDOWS
g:\windows\isRS-000.tmp
g:\windows\IsUn0405.exe
g:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-11 do 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 13:01 . 2011-07-06 17:52 41272 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2011-08-11 13:01 . 2011-08-11 13:04 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware
2011-08-11 13:01 . 2011-07-06 17:52 22712 ----a-w- g:\windows\system32\drivers\mbam.sys
2011-08-10 18:18 . 2011-08-10 18:19 -------- d-----w- g:\documents and settings\Vit\Data aplikací\vlc
2011-08-10 18:14 . 2011-08-10 18:14 -------- d-----w- g:\program files\VideoLAN
2011-08-09 13:06 . 2011-08-09 13:06 -------- d-----w- g:\program files\AMD APP
2011-08-09 13:05 . 2011-08-09 13:05 -------- d-----w- g:\program files\ATI
2011-08-09 11:46 . 2011-08-09 11:46 -------- d-----w- g:\program files\Defraggler
2011-08-09 11:30 . 2011-08-09 11:30 -------- d-----w- g:\program files\CCleaner
2011-07-28 20:48 . 2011-07-28 20:48 -------- d-----w- g:\documents and settings\Vit\Data aplikací\Malwarebytes
2011-07-28 20:48 . 2011-07-28 20:48 -------- d-----w- g:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-28 16:13 . 2011-07-28 16:13 -------- d-----w- g:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-28 16:13 . 2011-07-28 20:34 -------- d-----w- g:\documents and settings\Vit\Data aplikací\SUPERAntiSpyware.com
2011-07-28 16:13 . 2011-07-28 20:34 -------- d-----w- g:\program files\SUPERAntiSpyware
2011-07-27 22:03 . 2011-08-02 09:53 404640 ----a-w- g:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-25 15:44 . 2011-07-25 15:49 -------- d-----w- g:\program files\CodeStuff
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- g:\windows\system32\OVDecode.dll
2011-07-07 21:37 . 2011-07-07 21:37 43520 ----a-w- g:\windows\system32\OpenCL.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- g:\windows\system32\amdocl.dll
2011-07-04 11:43 . 2011-05-22 23:28 40112 ----a-w- g:\windows\avastSS.scr
2011-07-04 11:43 . 2007-08-27 17:14 199304 ----a-w- g:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-22 23:28 441176 ----a-w- g:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2008-03-31 18:07 309848 ----a-w- g:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2007-08-27 17:14 43608 ----a-w- g:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2007-08-27 17:14 102616 ----a-w- g:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2007-08-27 17:14 96344 ----a-w- g:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2007-08-27 17:14 25432 ----a-w- g:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2007-08-27 17:14 30808 ----a-w- g:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2008-03-31 18:07 19544 ----a-w- g:\windows\system32\drivers\aswFsBlk.sys
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- g:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- g:\windows\system32\SlotMaximizerBe.dll
2004-10-01 13:00 . 2006-06-29 05:58 40960 ----a-w- g:\program files\Uninstall_CDS.exe
2011-06-26 12:24 . 2011-05-22 22:58 142296 ----a-w- g:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- g:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="g:\windows\vsnpstd.exe" [2004-06-10 286720]
"avast"="g:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"g:\\WINDOWS\\system32\\dpvsetup.exe"=
"g:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\ICQ6.5\\ICQ.exe"=
"g:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8174:TCP"= 8174:TCP:BitComet 8174 TCP
"8174:UDP"= 8174:UDP:BitComet 8174 UDP
.
R4 gupdate;Služba Google Update (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
R4 gupdatem;Služba Google Update (gupdatem);g:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-11 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 12:14]
.
2011-08-11 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 12:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
IE: &ICQ Toolbar Search - g:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
TCP: DhcpNameServer = 172.16.1.1 192.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - g:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - g:\documents and settings\Vit\Data aplikací\Mozilla\Firefox\Profiles\n19xuzxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-PowerBar - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 16:25
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ?Z?????????????????????????????????????????????????????????? ??|`??|????]??|?`?w?????????Z????@?8?@??????Z??c"?s???s??????@?????N'?sdX7?L|?s????????????u??s????????c"?s???s??????@?8?@?N'?s?{7??$@?8?@?8?@??????????{7? D7????s???s?W7??C7? D7?0i?s????????pX7????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
g:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-08-11 16:35:15
ComboFix-quarantined-files.txt 2011-08-11 14:35
ComboFix2.txt 2010-07-22 20:31
.
Před spuštěním: Volných bajtů: 78 417 137 664
Po spuštění: Volných bajtů: 78 435 143 680
.
- - End Of File - - EA469FF79E5D81A9AA0EF8D7A0D2C269

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj ICQToolbar, pokud tam nebude

najdi a smaž :

g:\program files\ICQToolbar


Pak dej vědět jaký je stav PC.

[mantisa]

Vše provedeno. Moc děkuju za rady. Bohužel se mi zdá, že se to vytížení moc nezměnilo a stále je PC šíleně pomalý :/ Nemůže to být hardwarový problém?

[Roli]

Ještě spusť skener Cure It podle TOHOTO návodu

po skončení skenu chci sem výsledky.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)


Pokud nic nenajde kouknem se na ten hardware.

[Plazzer]

nechcem sa nejako montovat panovi radcovi do prace ale odporucal by som pozret tento topic: http://www.viry.cz/forum/viewtopic.php?f=24&t=9250 tam je ten problem akotak rozobraty a potom uz len za pomoci navodu postupovat.. hadam to nejako pomoze

[Roli]

nechcem sa nejako montovat panovi radcovi do prace ale odporucal by som pozret tento topic: http://www.viry.cz/forum/viewtopic.php?f=24&t=9250 tam je ten problem akotak rozobraty a potom uz len za pomoci navodu postupovat.. hadam to nejako pomoze

Zdravím, tvoje připomínka by byla v pohodě kdyby tam tebou uvádění šmejdi byli

(je však docela možné že jsem už slepý)

[Plazzer]

ou.. pardon.. som si nevsimol.. tak potom sa ospravedlnujem

[Roli]

ou.. pardon.. som si nevsimol.. tak potom sa ospravedlnujem

V pohodě, snaha byla

[mantisa]

Tak ten poslední prográmek nic nenašel (i když jsem dal jen "expresní" kontrolu - než proběhla (něco přes 3 hodiny), ani jinou zvolit nešlo..Každopádně počítač po delším pozorování beze změny :/

[Roli]

Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
g:\*.tmp
g:\WINDOWS\System32\*.tmp
g:\WINDOWS\*.tmp
g:\windows\system32\FlashPlayerCPLApp.cpl
c:\\Program Files\\BearShare

:reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BearShare\\BearShare.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[mantisa]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder g:\*.tmp not found.
File/Folder g:\WINDOWS\System32\*.tmp not found.
File/Folder g:\WINDOWS\*.tmp not found.
g:\windows\system32\FlashPlayerCPLApp.cpl moved successfully.
Folder move failed. c:\\Program Files\\BearShare\Logs scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Playlists scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\db scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Extras scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Webstats scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Installer scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Temp scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\sounds scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: dan

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: TEMP

User: Vit
->Temp folder emptied: 1506 bytes
->Temporary Internet Files folder emptied: 671878 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55332571 bytes
->Flash cache emptied: 500 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 08122011_124956

Files moved on Reboot...
Folder move failed. c:\\Program Files\\BearShare\Logs scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Playlists scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\db scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Extras scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Webstats scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Installer scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Temp scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\sounds scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Logs scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Playlists scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\db scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Extras scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Webstats scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Installer scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\Temp scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare\sounds scheduled to be moved on reboot.
Folder move failed. c:\\Program Files\\BearShare scheduled to be moved on reboot.
File move failed. G:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...