Pomalý notebok

[honzikuh]

Dobrý den . Mám prosbu s pracovním notebokem. Je zpomalený a když otvřu správce úloh, tak jetam nějaká aktivita , viz obrázek AVG nic nenašlo, vyčištěno cleaner , log přikládám .

Logfile of random's system information tool 1.06 (written by random/random)
Run by jrihacek at 2010-03-04 14:27:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (55%) free of 31 GB
Total RAM: 502 MB (42% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-02-22 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Hotkey"=C:\WINDOWS\system32\hkeyman.exe [2003-03-14 851968]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-10-06 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-10-06 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-10-06 94208]
"scroller"=C:\WINDOWS\system32\fpapli.exe [2006-08-01 69780]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-10-12 139264]
"HPlsKey"=C:\Program Files\Panasonic\HPLSMAN\hplskey.exe [2005-06-01 61440]
"Disprot"=C:\Program Files\Panasonic\DispRot\IDRot.exe [2006-09-06 192512]
"PRunOnce"=C:\util\prunonce\PRunOnce.exe [2004-08-06 110592]
"PCinfo"=C:\Program Files\Panasonic\PCINFO\SetDiag.exe [2006-04-22 45056]
"WSwitch"=C:\Program Files\Panasonic\WSwitch\WSwitch.exe [2006-09-25 462848]
"Panasonic HotKey Manager"=C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE [2006-08-04 983040]
"FTMSFLT(USB)"=C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE [2005-06-23 82063]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-08-13 536576]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-02-22 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Panasonic Hand Writing.lnk - C:\Program Files\Panasonic\WRITING\Writing.exe
Software Keyboard.lnk - C:\Program Files\Panasonic\MEISKB\meiskb.exe
WlanSet.lnk - C:\GVci\WLanset.exe

C:\Documents and Settings\jrihacek\Start Menu\Programs\Startup
Shortcut to WLanSet.lnk - C:\GVCI\WLanSet.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-02-22 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\HPLSNTF]
C:\WINDOWS\system32\HPLSNtf.dll [2005-06-01 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-06 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\GVCI\bin\BackgroundDTC.exe"="C:\GVCI\bin\BackgroundDTC.exe:*:Enabled:FCS - Unicode, MDB"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Portable Skype\Phone\Skype.exe"="E:\Portable Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.2.1#servis#Samsung-driver]
shell\AutoRun\command - Z:\Autorun.exe


======List of files/folders created in the last 1 months======

2010-03-04 14:27:45 ----D---- C:\Program Files\trend micro
2010-03-04 14:27:38 ----D---- C:\rsit
2010-03-04 13:21:03 ----D---- C:\Program Files\CCleaner
2010-02-24 13:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-22 13:34:09 ----HD---- C:\$AVG
2010-02-22 13:30:27 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-02-10 13:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 13:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 13:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 13:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 13:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 13:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 13:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 13:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 13:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-04 14:27:45 ----RD---- C:\Program Files
2010-03-04 14:20:47 ----D---- C:\temp
2010-03-04 14:12:52 ----D---- C:\WINDOWS\Prefetch
2010-03-04 14:08:56 ----D---- C:\WINDOWS
2010-03-04 13:58:31 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-04 13:55:38 ----D---- C:\WINDOWS\Registration
2010-03-04 13:55:09 ----A---- C:\WINDOWS\system32\GDSFWIJ.exe
2010-03-04 13:55:09 ----A---- C:\WINDOWS\system32\GDSFWH.dll
2010-03-04 13:53:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 13:51:14 ----D---- C:\WINDOWS\Debug
2010-03-04 13:51:00 ----D---- C:\WINDOWS\Temp
2010-03-04 13:20:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-04 13:12:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-04 06:40:53 ----D---- C:\WINDOWS\system32
2010-03-04 06:40:51 ----A---- C:\WINDOWS\system32\gdsfwubl.txt
2010-03-04 06:40:49 ----A---- C:\WINDOWS\system32\hosti.dll
2010-03-02 15:12:08 ----HD---- C:\WINDOWS\inf
2010-03-02 13:08:09 ----D---- C:\WINDOWS\system32\Macromed
2010-02-22 13:34:02 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-22 13:31:15 ----D---- C:\WINDOWS\system32\drivers
2010-02-22 13:30:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-02-22 13:30:27 ----D---- C:\Program Files\AVG
2010-02-22 13:30:13 ----SHD---- C:\WINDOWS\Installer
2010-02-22 13:30:12 ----D---- C:\WINDOWS\WinSxS
2010-02-22 13:26:01 ----SD---- C:\Documents and Settings\jrihacek\Application Data\Microsoft
2010-02-10 13:05:07 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-02-22 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-22 28424]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-22 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sar;SAR; \??\C:\Program Files\Panasonic\DispRot\sar.sys []
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-02 64896]
R1 VRVD302;VRVD302; C:\WINDOWS\system32\DRIVERS\VRVD302.sys [2008-12-11 11296]
R1 WSwitch;Panasonic PC Wireless Switch Driver; \??\C:\Program Files\Panasonic\WSwitch\WSwitch.SYS []
R2 brecal;Panasonic Battery Recalibration Driver; \??\C:\Program Files\Panasonic\BRECAL\Brecal.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 pcinfo;Panasonic PC Info. Viewer Driver; \??\C:\Program Files\Panasonic\PCINFO\pcinfo.sys []
R2 SDKEY;Panasonic SD Misc. Function Driver; \??\C:\Program Files\Panasonic\SDKEY\SDKEY.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 Etm;Etm; C:\WINDOWS\system32\DRIVERS\EtmDrvMgr.sys [2006-08-21 35840]
R3 EtmCpu;EtmCpu; C:\WINDOWS\system32\DRIVERS\EtmDevCpu.sys [2006-08-21 17664]
R3 EtmTempSense;EtmTempSense; C:\WINDOWS\system32\DRIVERS\EtmTempSense.sys [2006-08-21 11008]
R3 FIDMOU;Fujitsu touchpad; C:\WINDOWS\system32\DRIVERS\Fidmou.sys [2005-07-26 23463]
R3 FIDTPU;Fujitsu Touch Panel (USB); C:\WINDOWS\system32\DRIVERS\FIDTPU.sys [2005-06-23 27031]
R3 FwHookDrv;FwHookDrv; \??\c:\gvci\bin\FwHookDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HOTKEY;Panasonic Hotkey Driver; C:\WINDOWS\system32\DRIVERS\HOTKEY.SYS [2005-11-25 10112]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-11-08 997376]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-11-08 202240]
R3 HTKPLUS;Panasonic Hotkey PLUS Driver; C:\WINDOWS\system32\DRIVERS\HTKPLUS.SYS [2006-01-16 7936]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-06 1181824]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTProcDrv;Process creation detector for NT.; \??\C:\WINDOWS\system32\NTProcDrv.sys []
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-10-25 17664]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-10 82176]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-06-15 1179784]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-02-10 47488]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-04-14 108928]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-09 62848]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-11-08 723712]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 cy2410B;HiVciUSB.sys, USB Driver for Hi-Diagnosis VCI; C:\WINDOWS\System32\Drivers\HiVciUSB.sys [2007-02-09 16768]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2006-05-18 61067]
S3 HIVMIUSB;HiVmiUSB.sys, USB Driver for Hi-Diagnosis VMI; C:\WINDOWS\System32\Drivers\HiVmiUSB.sys [2007-02-09 16032]
S3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
S3 MOSUMAC;USB-Ethernet Driver; C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS [2004-08-30 31375]
S3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-25 2236032]
S3 NONDEVICEDRV;NONDEVICEDRV; C:\WINDOWS\system32\drivers\nondevicedrv.sys [2007-02-09 23488]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-12 3712]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-02-26 1428480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-02-22 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-02-22 285392]
R2 ETMService;Intel Extended Thermal Model Service Application; C:\WINDOWS\system32\etmservice.exe [2006-10-05 163840]
R2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 86140]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 PcInfoSV;Panasonic PC Information Viewer; C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe [2006-09-06 90112]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[honzikuh]

Děkuji

[Caroprd111]

Takové mírné zatížení je normální.


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

[honzikuh]

Takže je vše v pořádku ???

[Caroprd111]

Něco se mi nezdá, pokračujte krokem v předchozím příspěvku.

[honzikuh]

ComboFix 10-03-03.07 - jrihacek 04.03.2010 14:50:55.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.502.188 [GMT 1:00]
Spuštěný z: c:\documents and settings\jrihacek\Desktop\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1383879250-3759055173-1987722090-500
c:\recycler\S-1-5-21-1801674531-606747145-725345543-500
c:\recycler\S-1-5-21-266151642-358567416-1284263196-500
c:\windows\system32\Cache
c:\windows\system32\VB6KO.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 14:01 . 2010-03-04 14:01 53248 ----a-w- c:\temp\catchme.dll
2010-03-04 13:27 . 2010-03-04 13:27 -------- d-----w- c:\program files\trend micro
2010-03-04 13:27 . 2010-03-04 13:27 -------- d-----w- C:\rsit
2010-03-04 12:21 . 2010-03-04 12:21 -------- d-----w- c:\program files\CCleaner
2010-02-22 12:34 . 2010-02-22 12:34 -------- d-----w- C:\$AVG
2010-02-22 12:30 . 2010-02-22 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 12:55 . 2007-02-09 06:09 61440 ----a-w- c:\windows\system32\GDSFWIJ.exe
2010-03-04 12:55 . 2007-02-09 06:09 32768 ----a-w- c:\windows\system32\GDSFWH.dll
2010-03-04 12:55 . 2007-02-09 06:09 2688 ----a-w- c:\windows\system32\NTProcDrv.sys
2010-03-04 05:40 . 2007-02-09 06:03 6650 ----a-w- c:\windows\system32\hosti.dll
2010-02-22 12:31 . 2009-06-01 07:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-22 12:31 . 2009-06-01 07:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-22 12:31 . 2009-06-01 07:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-22 12:30 . 2009-06-01 07:59 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-22 12:30 . 2009-06-01 07:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-22 12:30 . 2009-06-01 07:59 -------- d-----w- c:\program files\AVG
2009-12-31 16:50 . 2006-10-24 14:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2006-10-24 14:08 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2006-10-24 14:06 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 18:43 . 2006-10-24 23:10 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-10-24 14:05 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-03 23:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-10-24 14:07 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"scroller"="fpapli.exe" [2006-08-01 69780]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"HPlsKey"="c:\program files\Panasonic\HPLSMAN\hplskey.exe" [2005-06-01 61440]
"Disprot"="c:\program files\Panasonic\DispRot\IDRot.exe" [2006-09-06 192512]
"PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2004-08-06 110592]
"PCinfo"="c:\program files\Panasonic\PCINFO\SetDiag.exe" [2006-04-22 45056]
"WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2006-09-25 462848]
"Panasonic HotKey Manager"="c:\program files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2006-08-04 983040]
"FTMSFLT(USB)"="c:\program files\FIDTPU\WIN2K\FTMSFLTU.EXE" [2005-06-23 82063]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-13 536576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Shortcut to WLanSet.lnk - c:\gvci\WLanSet.exe [2007-2-9 61440]

c:\documents and settings\jrihacek\Start Menu\Programs\Startup\
Shortcut to WLanSet.lnk - c:\gvci\WLanSet.exe [2007-2-9 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Panasonic Hand Writing.lnk - c:\program files\Panasonic\WRITING\Writing.exe [2006-10-25 278528]
Software Keyboard.lnk - c:\program files\Panasonic\MEISKB\meiskb.exe [2006-10-25 139264]
WlanSet.lnk - c:\gvci\WLanset.exe [2007-2-9 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-22 12:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\HPLSNTF]
2005-06-01 20:02 53248 ----a-w- c:\windows\system32\HPLSNTF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\AhnlabAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\GVCI\\bin\\BackgroundDTC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1.6.2009 8:59 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1.6.2009 8:59 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1.6.2009 8:59 360584]
R1 sar;SAR;c:\program files\Panasonic\DispRot\SAR.sys [25.10.2006 1:06 6144]
R1 VRVD302;VRVD302;c:\windows\system32\drivers\VRVD302.sys [11.12.2008 14:50 11296]
R1 WSwitch;Panasonic PC Wireless Switch Driver;c:\program files\Panasonic\WSwitch\WSwitch.sys [25.10.2006 1:11 7680]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.2.2010 13:30 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.2.2010 13:30 285392]
R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [25.10.2006 0:58 7168]
R2 ETMService;Intel Extended Thermal Model Service Application;c:\windows\system32\etmservice.exe [25.10.2006 4:50 163840]
R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\Panasonic\PCINFO\PCINFO.sys [25.10.2006 1:08 8192]
R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\PCINFO\PCInfoSV.exe [25.10.2006 1:08 90112]
R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [25.10.2006 1:10 8192]
R3 Etm;Etm;c:\windows\system32\drivers\EtmDrvMgr.sys [25.10.2006 4:50 35840]
R3 EtmCpu;EtmCpu;c:\windows\system32\drivers\EtmDevCpu.sys [25.10.2006 4:50 17664]
R3 EtmTempSense;EtmTempSense;c:\windows\system32\drivers\EtmTempSense.sys [25.10.2006 4:50 11008]
R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [24.10.2006 15:15 23463]
R3 FIDTPU;Fujitsu Touch Panel (USB);c:\windows\system32\drivers\FIDTPU.sys [24.10.2006 15:17 27031]
R3 FwHookDrv;FwHookDrv;c:\gvci\bin\FwHookDrv.sys [28.3.2008 10:41 7680]
R3 HTKPLUS;Panasonic Hotkey PLUS Driver;c:\windows\system32\drivers\HTKPLUS.SYS [24.10.2006 15:15 7936]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\system32\NTProcDrv.sys [9.2.2007 7:09 2688]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 cy2410B;HiVciUSB.sys, USB Driver for Hi-Diagnosis VCI;c:\windows\system32\drivers\HiVciUSB.sys [9.2.2007 7:03 16768]
S3 HIVMIUSB;HiVmiUSB.sys, USB Driver for Hi-Diagnosis VMI;c:\windows\system32\drivers\HiVmiUSB.sys [9.2.2007 7:03 16032]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [24.10.2006 15:15 36352]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [26.10.2004 23:15 31375]
S3 NONDEVICEDRV;NONDEVICEDRV;c:\windows\system32\drivers\nondevicedrv.sys [9.2.2007 7:03 23488]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: {2CB0A8B6-1796-4DF8-99DF-184C4E9145C7} = 192.168.2.1,212.111.0.10
DPF: {09910C34-59D2-4ED7-BFC3-59295B51918D} - hxxp://rsup.net/cab/rsupcomn.cab
DPF: {1E81B1B9-0245-4E6F-AAA7-0BCA975F7B4C} - hxxp://www.kia-hotline.com/Namo/NamoWec.cab
DPF: {46EB3F93-4BA5-48D8-8D89-91F52449FC8F} - hxxp://www.kia-hotline.com/Include/LookMe.cab
DPF: {674161FD-469E-4DB6-93DC-41250B73B4B3} - hxxp://www.kia-hotline.com/cab/JwEditorPro_THL.cab
DPF: {77AB1CE3-41B3-49B5-8836-1FBC07FE452D} - hxxp://www.kia-hotline.com/ocx/mlreport.cab
DPF: {A6E9C8C6-B76B-4069-8C5F-8A945BF973C9} - hxxp://wpc.mobis.co.kr/SmImage.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 15:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FTMSFLT(USB) = c:\program files\FIDTPU\WIN2K\FTMSFLTU.EXE?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\HPLSNtf.dll
.
Celkový čas: 2010-03-04 15:06:05
ComboFix-quarantined-files.txt 2010-03-04 14:06

Před spuštěním: 17 560 641 536 bytes free
Po spuštění: 17 566 437 376 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FA53FD18229D57FDEF5914FBB3BC9CCE

[Caroprd111]

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\GDSFWIJ.exe
c:\windows\system32\drivers\nondevicedrv.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

[honzikuh]

Gds je program na diagnostiku aut .
Po skenu tato diagnostika přestala fungovat, musel jsewm vrátit nastavení zpět v čase .

[Caroprd111]

OK, ještě ten druhý soubor.

[honzikuh]

Musel jsem to přerušit, protože testovací software GDS přestal fungovat , a musel jsem vrátit vše v nástroji obnovení, protože by to byl průůůůůůšvich největší. Zkusím odebrat vzorky na otestování a nechám to otestovat, protože notebok je nastavený tak, že se nelze s ním připojit jinde než na linku Kia,takže to nepřipojím na otestování.

[Caroprd111]

OK