strasne pomaly pc

[baguvix7]

dobrý den, můj přítel za mnou přišel že má strašně pomalý notebook, normálně to do windowsu najede ale než otevřu třeba tento počítač, trvá to cca 5 minut, takže píšu z nouzového režimu který funguje normálně log : Logfile of random's system information tool 1.08 (written by random/random)
Run by vlastik at 2010-10-31 18:01:41
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 35 GB (23%) free of 152 GB
Total RAM: 3069 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:48, on 31.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\vlastik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31U8A9AR\RSIT[1].exe
C:\Program Files\trend micro\vlastik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com/?o=15709&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/ ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8174 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{0AFC04D5-CA49-4869-A71E-A69787AF385B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-10-13 1252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-05-05 1736472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-10-13 1252304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-07-31 417792]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"CollaborationHost"=C:\Windows\system32\p2phost.exe [2008-01-21 192000]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-09-26 328056]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

C:\Users\vlastik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-10-31 18:01:41 ----D---- C:\Program Files\trend micro
2010-10-31 18:01:40 ----D---- C:\rsit
2010-10-31 14:26:09 ----D---- C:\Program Files\Crawler
2010-10-31 12:03:59 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-10-27 19:06:37 ----D---- C:\Program Files\Seznam.cz
2010-10-17 12:33:30 ----A---- C:\Windows\system32\msshsq.dll
2010-10-15 06:15:15 ----A---- C:\Windows\system32\wmp.dll
2010-10-15 06:15:10 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-15 06:14:52 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-15 06:14:52 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-15 06:14:52 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-15 06:14:52 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-15 06:14:51 ----A---- C:\Windows\system32\netevent.dll
2010-10-15 06:14:42 ----A---- C:\Windows\system32\schannel.dll
2010-10-15 06:14:39 ----A---- C:\Windows\system32\ole32.dll
2010-10-15 06:14:37 ----A---- C:\Windows\system32\t2embed.dll
2010-10-15 06:14:35 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-15 06:14:35 ----A---- C:\Windows\system32\mfc40.dll
2010-10-15 06:14:32 ----A---- C:\Windows\system32\win32k.sys
2010-10-15 06:14:30 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-15 06:14:26 ----A---- C:\Windows\system32\comctl32.dll
2010-10-15 06:14:20 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-15 06:14:20 ----A---- C:\Windows\system32\ieframe.dll
2010-10-15 06:14:19 ----A---- C:\Windows\system32\mshtml.dll
2010-10-15 06:14:17 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-15 06:14:17 ----A---- C:\Windows\system32\ieapfltr.dll
2010-10-15 06:14:16 ----A---- C:\Windows\system32\wininet.dll
2010-10-15 06:14:16 ----A---- C:\Windows\system32\urlmon.dll
2010-10-15 06:14:16 ----A---- C:\Windows\system32\mstime.dll
2010-10-15 06:14:16 ----A---- C:\Windows\system32\ieaksie.dll
2010-10-15 06:14:15 ----A---- C:\Windows\system32\occache.dll
2010-10-15 06:14:15 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-15 06:14:15 ----A---- C:\Windows\system32\iertutil.dll
2010-10-15 06:14:15 ----A---- C:\Windows\system32\iepeers.dll
2010-10-15 06:14:15 ----A---- C:\Windows\system32\ieencode.dll
2010-10-15 06:14:15 ----A---- C:\Windows\system32\iedkcs32.dll

======List of files/folders modified in the last 1 months======

2010-10-31 18:01:41 ----RD---- C:\Program Files
2010-10-31 16:44:45 ----D---- C:\Windows\inf
2010-10-31 16:44:45 ----AD---- C:\Windows\System32
2010-10-31 16:44:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-31 16:38:53 ----A---- C:\Windows\ntbtlog.txt
2010-10-31 16:36:13 ----D---- C:\Windows\Temp
2010-10-31 16:35:45 ----D---- C:\Users\vlastik\AppData\Roaming\Skype
2010-10-31 16:35:40 ----D---- C:\Users\vlastik\AppData\Roaming\uTorrent
2010-10-31 16:29:37 ----HD---- C:\ProgramData
2010-10-31 16:29:37 ----D---- C:\Windows\system32\drivers
2010-10-31 11:31:41 ----D---- C:\Windows\system32\drivers\UMDF
2010-10-31 11:09:35 ----D---- C:\Windows\Prefetch
2010-10-31 08:43:10 ----D---- C:\Windows\Logs
2010-10-27 19:11:51 ----HD---- C:\Windows\msdownld.tmp
2010-10-27 19:01:06 ----D---- C:\Windows
2010-10-27 15:57:04 ----D---- C:\Windows\SoftwareDistribution
2010-10-27 09:15:06 ----D---- C:\Users\vlastik\AppData\Roaming\skypePM
2010-10-24 11:00:21 ----SHD---- C:\System Volume Information
2010-10-23 16:14:00 ----SD---- C:\Users\vlastik\AppData\Roaming\Microsoft
2010-10-22 15:27:43 ----D---- C:\Windows\system32\catroot2
2010-10-21 15:57:56 ----SHD---- C:\Windows\Installer
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-18 15:40:36 ----D---- C:\Windows\rescache
2010-10-18 15:21:42 ----D---- C:\Windows\system32\cs-CZ
2010-10-18 15:21:42 ----D---- C:\Program Files\Windows Media Player
2010-10-18 15:21:40 ----D---- C:\Program Files\Internet Explorer
2010-10-18 15:00:42 ----D---- C:\Windows\system32\LogFiles
2010-10-17 12:38:20 ----D---- C:\Windows\winsxs
2010-10-17 12:33:39 ----D---- C:\Windows\system32\catroot
2010-10-07 20:18:02 ----D---- C:\Windows\Microsoft.NET
2010-10-07 20:17:53 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-08-08 14352]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-08-19 279376]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 jswpslwf;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwf.sys [2007-08-31 20352]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-28 919552]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2007-12-14 24200]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-08 3885568]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-02-27 141408]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-08-08 700416]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-04 135664]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-04-11 124264]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[baguvix7]

testoval jsem to se spyware terminator, i s superantispyware oba něco našli (ne cookies) tak jsem to smazal, bohůžel beze změny takže prosím o pomoc

[Rudy]

Log vypadá čistý. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[baguvix7]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

1.11.2010 0:39:30
mbam-log-2010-11-01 (00-39-30).txt

Typ skenu: Úplný sken (C:\|E:\|)
Skenované objekty: 239231
Uplynulý čas: 6 hodina(y), 27 minuta(y), 35 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[baguvix7]

čím bych to mohl teda ještě scanovat?

[baguvix7]

teď jsem to scanoval avastem a v 3% (za hodinu) se mi tu ukazala tabulka ze se stala kriticka chyba a system se musi restartovat, tak ja to zkusim znovu....


c:/program files/adobe/reader 8.0/reader/tracker chyba: zadost nebylo mozno provest z duvodu chyby zarizeni I/O (1117)

[baguvix7]

to byl dukladny test, ted delam rychly a uz tam mam 17% a zatim nic

[Rudy]

Uvidíme, problém nemusí způsobovat virus.

[baguvix7]

taky jsem na to myslel, jestli by to nemohl být nedostatek místa ale to je asi hloupost

[Rudy]

Místem to není. Je tam 35GB volných.

[baguvix7]

obavam se ze scanem avastu to nepujde, mel jsem 19%, sel jsem spat , rano jsem se probudil a test se posunul o 2% a rychlost scanu se rapidne zmensila na ubohych 100-122 kb/S.
mate prosim jeste nejake napady? nerad bych za nim prisel ze to neslo

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[baguvix7]

spustil jsem combo fix a ve fazi 50 se mi obevila modra smrt, zkusim to jeste jednou

[Rudy]

Zkuste to v nouz. režimu.

[baguvix7]

vse delam v Nouzovem rezimu protoze nez otevru jednu slozku v standardnim rezimu tak to trva nespocetne dlouho CF log:


ComboFix 10-11-02.01 - vlastik 02.11.2010 20:35:00.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3069.2549 [GMT 1:00]
Spuštěný z: c:\users\vlastik\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-02 do 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-11-02 19:45 . 2010-11-02 19:45 -------- d-----w- c:\users\vlastik\AppData\Local\temp
2010-11-02 19:45 . 2010-11-02 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-31 17:11 . 2010-10-31 17:11 -------- d-----w- c:\users\vlastik\AppData\Roaming\Malwarebytes
2010-10-31 17:11 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 17:11 . 2010-10-31 17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 17:11 . 2010-10-31 17:11 -------- d-----w- c:\programdata\Malwarebytes
2010-10-31 17:11 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 17:01 . 2010-10-31 17:01 -------- d-----w- c:\program files\trend micro
2010-10-31 17:01 . 2010-10-31 17:01 -------- d-----w- C:\rsit
2010-10-31 13:26 . 2010-10-31 13:26 -------- d-----w- c:\program files\Crawler
2010-10-31 11:03 . 2010-10-31 11:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-27 18:06 . 2010-10-27 18:11 -------- d-----w- c:\program files\Seznam.cz
2010-10-26 18:07 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87CF9372-85D1-4C4C-AC0F-95D905D1AFAD}\mpengine.dll
2010-10-17 11:33 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 05:15 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 05:15 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-04-12 13:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-07 15:12 . 2010-08-07 09:26 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-04-11 12:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-04-11 12:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-04-11 12:03 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-04-11 12:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-04-11 12:03 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-04-11 12:03 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-17 13:32 . 2010-09-15 10:07 126464 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-26 328056]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\users\vlastik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-29 937984]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-08-31 20352]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

.
Obsah adresáře 'Naplánované úlohy'

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 09:36]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 09:36]

2010-10-31 c:\windows\Tasks\User_Feed_Synchronization-{0AFC04D5-CA49-4869-A71E-A69787AF385B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-02 20:45
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-11-02 20:47:58
ComboFix-quarantined-files.txt 2010-11-02 19:47

Před spuštěním: Volných bajtů: 48 009 949 184
Po spuštění: Volných bajtů: 47 915 536 384

- - End Of File - - A1E6D624A5A8075C3DEDA69F8840F4F0