VIRY.CZ

Dobrý den,
potřebovala bych poradit, začal mi zlobit PC, padala mi Mozilla a věčně vyskakovala okna od SCREEN OCR s chybovými hláškami.
Včera bylo SCREEN OCR odstraněno, nešlo to přes uninstal, ale natvrdo vymazat z programu files, start ...atd.
Mozilla při spuštění ale stále hlásí pád uvnitř aplikace a celý PC je nezvykle pomalý (byl zformátovaný před 3mi měsíci a donedávna fungoval výborně).

Ještě chci doplnit, co my vymazal Nod32
C:\Documents and Settings\Administrator\Local Settings\Temp\miaA6.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster aplikace vylé?en smazáním - ulo?en do karantény
C:\Documents and Settings\Administrator\Local Settings\Temp\miaA6.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster aplikace vylé?en smazáním - ulo?en do karantény
C:\Documents and Settings\Administrator\Local Settings\Temp\miaA6.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster aplikace vylé?en smazáním - ulo?en do karantény
C:\Documents and Settings\Administrator\Local Settings\Temp\miaA6.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster aplikace vylé?en smazáním - ulo?en do karantény
C:\Documents and Settings\Administrator\Local Settings\Temp\miaA6.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster aplikace vylé?en smazáním - ulo?en do karantény
C:\Documents and Settings\Administrator\Local Settings\Temp\miaA6.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster aplikace vylé?en smazáním - ulo?en do karantény
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q86XR5KC\index-functions[1].js Win32/RegistryBooster aplikace vylé?en smazáním - ulo?en do karantény
C:\RECYCLER\S-1-5-21-1078081533-1343024091-1417001333-500\Dc28.exe Win32/Adware.Toolbar.Dealio aplikace smazán - ulo?en do karantény
C:\RECYCLER\S-1-5-21-1078081533-1343024091-1417001333-500\Dc33\RegistryBooster\rbmonitor.exe.0 Win32/RegistryBooster aplikace vylé?en smazáním - ulo?en do karantény

Prosím tedy o radu a kontrolu Logu.
P.S. Můžete mi doporučit nějaký free spyware program? Mám Avast.
Předem děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-01-14 14:59:19
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (72%) free of 30 GB
Total RAM: 958 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:59:39, on 14.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\Sweex Wireless LAN\LW057V2 Wireless LAN PCI Card 54 Mbps\RtWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=012812 serial=DR12CNF-5606747-EXW lang=CZ
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [4-Day Forecast] "C:\Program Files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized
O4 - HKCU\..\Run: [Screen OCR] C:\PROGRA~1\SCREEN~1\OCR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Sweex Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6330 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\2erucfxf.default

prefs.js - "browser.startup.homepage" - "www.google.com"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-08-03 53248]
"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2006-07-10 176128]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [2004-06-23 729088]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]
"4-Day Forecast"=C:\Program Files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe [2008-07-02 1064960]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-11-09 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17762440]
"Screen OCR"=C:\PROGRA~1\SCREEN~1\OCR.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
Sweex Wireless LAN Utility.lnk - C:\Program Files\Sweex Wireless LAN\LW057V2 Wireless LAN PCI Card 54 Mbps\RtWlan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-11-10 192512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\StepMania\Program\StepMania-SSE2.exe"="C:\Program Files\StepMania\Program\StepMania-SSE2.exe:*:Enabled:StepMania"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.scr - open - "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-01-14 14:59:21 ----D---- C:\Program Files\trend micro
2012-01-14 14:59:19 ----D---- C:\rsit
2012-01-14 09:16:53 ----A---- C:\WINDOWS\NirCmd.exe
2012-01-13 21:54:21 ----D---- C:\Program Files\CCleaner
2012-01-11 13:18:56 ----D---- C:\WINDOWS\Minidump
2012-01-10 01:05:06 ----A---- C:\WINDOWS\system32\drivers\AtihdXP3.sys
2012-01-10 00:49:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2012-01-10 00:49:32 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ATI
2012-01-10 00:45:46 ----D---- C:\Program Files\AMD APP
2012-01-10 00:44:28 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2012-01-10 00:44:28 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2012-01-10 00:44:28 ----A---- C:\WINDOWS\system32\ativva6x.dat
2012-01-10 00:44:28 ----A---- C:\WINDOWS\system32\atitvo32.dll
2012-01-10 00:44:28 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2012-01-10 00:44:28 ----A---- C:\WINDOWS\system32\aticalrt.dll
2012-01-10 00:44:28 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2012-01-10 00:44:28 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\drivers\ati2erec.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ativvamv.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ativva5x.dat
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atioglxx.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ATIODE.exe
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atimpc32.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atikvmag.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atiicdxx.dat
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\aticaldd.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\aticalcl.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atibtmon.exe
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ati3duag.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2012-01-10 00:44:27 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2012-01-10 00:44:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-01-10 00:43:57 ----D---- C:\Program Files\ATI Technologies
2012-01-10 00:43:53 ----D---- C:\Program Files\ATI
2012-01-10 00:42:48 ----D---- C:\ATI
2012-01-10 00:06:36 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2011-12-30 15:50:39 ----D---- C:\Program Files\StepMania
2011-12-30 14:45:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\StepMania 5
2011-12-30 14:45:49 ----D---- C:\Documents and Settings\Administrator\Data aplikací\StepMania 5
2011-12-25 17:12:43 ----D---- C:\Program Files\4-Day Forecast
2011-12-25 17:12:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\4-Day Forecast

======List of files/folders modified in the last 1 month======

2012-01-14 14:59:21 ----RD---- C:\Program Files
2012-01-14 14:55:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2012-01-14 13:44:25 ----D---- C:\WINDOWS\Temp
2012-01-14 09:39:36 ----D---- C:\WINDOWS
2012-01-14 09:39:34 ----SHD---- C:\System Volume Information
2012-01-14 09:39:34 ----D---- C:\WINDOWS\system32\Restore
2012-01-14 09:39:31 ----A---- C:\WINDOWS\RTacDbg.txt
2012-01-14 09:39:06 ----D---- C:\WINDOWS\system32
2012-01-14 09:34:58 ----D---- C:\WINDOWS\Debug
2012-01-14 09:16:43 ----D---- C:\WINDOWS\Prefetch
2012-01-14 08:11:46 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2012-01-13 22:23:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-01-13 22:03:55 ----A---- C:\WINDOWS\OCR.Ini
2012-01-13 14:28:54 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-13 08:08:10 ----A---- C:\WINDOWS\win.ini
2012-01-13 01:30:48 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-01-11 14:10:10 ----HD---- C:\WINDOWS\inf
2012-01-10 01:07:05 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-10 01:05:31 ----SHD---- C:\WINDOWS\Installer
2012-01-10 01:05:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-10 01:05:17 ----D---- C:\WINDOWS\system32\drivers
2012-01-10 00:49:34 ----D---- C:\WINDOWS\system32\config
2012-01-02 16:09:06 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-11-14 21035]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys []
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2008-05-14 308992]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-08-14 654848]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-11-10 7493120]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2011-10-17 100368]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-11-10 643072]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-11-14 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []

-----------------EOF-----------------

Zdravím!
Jak vám to mohl vymazat NOD, když máte Avast.....? Dejte log z ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Tak to konecne mam. Mam nod32 z on-line scaneru

ComboFix 12-01-13.05 - Administrator 14.01.2012 19:48:35.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.958.515 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-14 do 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 13:59 . 2012-01-14 13:59 -------- d-----w- c:\program files\trend micro
2012-01-14 13:59 . 2012-01-14 13:59 -------- d-----w- C:\rsit
2012-01-13 20:54 . 2012-01-13 20:54 -------- d-----w- c:\program files\CCleaner
2012-01-10 00:05 . 2011-10-17 17:40 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-01-09 23:53 . 2008-07-03 20:05 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-01-09 23:49 . 2012-01-09 23:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-01-09 23:49 . 2012-01-09 23:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ATI
2012-01-09 23:49 . 2012-01-09 23:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\ATI
2012-01-09 23:45 . 2012-01-09 23:45 -------- d-----w- c:\program files\AMD APP
2012-01-09 23:43 . 2012-01-09 23:45 -------- d-----w- c:\program files\ATI Technologies
2012-01-09 23:43 . 2012-01-10 00:05 -------- d-----w- c:\program files\ATI
2012-01-09 23:42 . 2012-01-09 23:42 -------- d-----w- C:\ATI
2012-01-02 15:08 . 2012-01-02 15:08 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-02 15:08 . 2012-01-02 15:08 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-02 15:08 . 2012-01-02 15:08 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-02 15:08 . 2012-01-02 15:08 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-30 14:50 . 2012-01-08 10:36 -------- d-----w- c:\program files\StepMania
2011-12-30 13:45 . 2011-12-30 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\StepMania 5
2011-12-30 13:45 . 2011-12-30 13:45 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\StepMania 5
2011-12-25 16:12 . 2012-01-14 12:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\4-Day Forecast
2011-12-25 16:12 . 2011-12-25 16:12 -------- d-----w- c:\program files\4-Day Forecast
2011-12-25 16:12 . 2011-12-25 16:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\4-Day Forecast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-11-14 00:02 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-11-14 00:02 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-11-14 00:02 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-11-14 00:02 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-11-14 00:02 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-11-14 00:02 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-11-14 00:02 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-11-14 00:02 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-11-14 00:02 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-11-14 00:02 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-15 07:25 . 2011-11-15 07:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 00:06 . 2011-11-14 00:06 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-09 21:39 . 2011-11-09 21:39 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-11-09 21:38 . 2011-11-09 21:38 14375936 ----a-w- c:\windows\system32\amdocl.dll
2011-11-09 21:37 . 2011-11-09 21:37 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-21 19:16 . 2011-10-21 19:16 1843200 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-21 19:15 . 2011-10-21 19:15 104448 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2012-01-02 15:08 . 2011-11-15 07:03 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17762440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" [2006-07-10 176128]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"4-Day Forecast"="c:\program files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" [2008-07-02 1064960]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.11.2011 1:02 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.11.2011 1:02 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.11.2011 1:02 20568]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [14.11.2011 1:05 38144]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [10.1.2012 1:05 100368]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\2erucfxf.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Screen OCR - c:\progra~1\SCREEN~1\OCR.exe
AddRemove-Screen OCR 3.9 - c:\program files\Screen OCR\OCR.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Data aplikací\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 19:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\midimap.dll
.
- - - - - - - > 'explorer.exe'(3444)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
.
Celkový čas: 2012-01-14 20:00:23
ComboFix-quarantined-files.txt 2012-01-14 19:00
.
Před spuštěním: Volných bajtů: 22 581 194 752
Po spuštění: Volných bajtů: 22 543 060 992
.
- - End Of File - - B468AA6A349374C73C115F2E48FC8EE8

Jen pár neplatných položek, zbytek je čistý. Pokud stále PC běží pomalu, zkuste obnovu systému k datu, kdy korektně fungoval.