Opet csrss.exe

[krumph]

Dobry den, prosel jsem forum a vim ye se tu tohle opakuje vickrat,ale zadny popis mi neprisel uplne pouzitelny. Mohl by nekdo prosim kouknout na log z meho pocitace?

Problem je obcasne totalni seknuti pocitace, kterz se treba po minute opet rozebehne, ale mnohdy to konci smrti a restartem. V seznamu tasku jsem objevil tri procesz u kterzch neni jasne co je spustilo csrss.exe, ati2evxx.exe a winlogon.exe. Spoustel jsem kompletni scan antivirem i Spyware S&D a nic to nenaslo. Budu vdecen za jakoukoliv radu.

S pozdravem Ales

Logfile of random's system information tool 1.08 (written by random/random)
Run by Lenka at 2011-03-06 14:12:24
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 188 GB (62%) free of 305 GB
Total RAM: 2047 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:12:37, on 6.3.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\OVISLINK\Common\TurboG-UI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\work\film\RSIT.exe
C:\Program Files\trend micro\Lenka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\OVISLINK\Common\TurboG-UI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MotionSD STUDIO - SD Browser auto start -.lnk = C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8196 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{8117A887-DC69-4D67-B895-0358D40D7C0E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-01-30 64928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2004-03-25 1732608]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"Device Detector"=DevDetect.exe -autorun []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AirLive Turbo-G Wireless Utility.lnk - C:\Program Files\OVISLINK\Common\TurboG-UI.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
MotionSD STUDIO - SD Browser auto start -.lnk - C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe

C:\Users\Lenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-06 14:03:41 ----D---- C:\Program Files\trend micro
2011-03-06 14:03:40 ----D---- C:\rsit
2011-03-05 23:13:58 ----D---- C:\ProgramData\Preventon
2011-03-05 22:18:01 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-03-05 22:18:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-03-05 22:02:29 ----D---- C:\Windows\Minidump
2011-03-05 21:56:37 ----D---- C:\ProgramData\IObit
2011-03-05 21:56:30 ----D---- C:\Program Files\IObit
2011-03-05 07:46:46 ----D---- C:\ProgramData\Fighters
2011-03-05 07:45:02 ----D---- C:\Users\Lenka\AppData\Roaming\Common Toolkit Suite
2011-03-05 07:44:52 ----D---- C:\ProgramData\clp
2011-03-05 07:44:24 ----D---- C:\ProgramData\Common Toolkit Suite
2011-03-05 07:42:39 ----D---- C:\Users\Lenka\AppData\Roaming\Fighters
2011-03-05 07:14:03 ----D---- C:\Program Files\Enigma Software Group
2011-03-05 07:13:06 ----D---- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-02-24 19:36:40 ----D---- C:\Windows\system32\WindowsPowerShell
2011-02-24 19:35:14 ----A---- C:\Windows\system32\winrsmgr.dll
2011-02-24 19:34:55 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-02-24 19:34:55 ----A---- C:\Windows\system32\winrshost.exe
2011-02-24 19:34:55 ----A---- C:\Windows\system32\winrs.exe
2011-02-24 19:34:54 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-02-24 19:34:54 ----A---- C:\Windows\system32\winrssrv.dll
2011-02-24 19:34:52 ----A---- C:\Windows\system32\WsmRes.dll
2011-02-24 19:34:52 ----A---- C:\Windows\system32\wevtfwd.dll
2011-02-24 19:34:52 ----A---- C:\Windows\system32\wecutil.exe
2011-02-24 19:34:52 ----A---- C:\Windows\system32\wecsvc.dll
2011-02-24 19:34:52 ----A---- C:\Windows\system32\wecapi.dll
2011-02-24 19:34:51 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-02-24 19:34:47 ----A---- C:\Windows\system32\winrm.vbs
2011-02-24 19:34:40 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-02-24 19:34:40 ----A---- C:\Windows\system32\WsmAuto.dll
2011-02-24 19:34:40 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-02-24 19:34:40 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-02-24 19:34:40 ----A---- C:\Windows\system32\winrscmd.dll
2011-02-24 19:34:39 ----A---- C:\Windows\system32\WsmSvc.dll
2011-02-10 16:49:16 ----A---- C:\Windows\system32\win32k.sys
2011-02-10 16:49:13 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-10 16:49:13 ----A---- C:\Windows\system32\ntdll.dll
2011-02-10 16:49:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-10 16:48:14 ----A---- C:\Windows\system32\FntCache.dll
2011-02-10 16:48:14 ----A---- C:\Windows\system32\DWrite.dll
2011-02-10 16:48:14 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-10 16:48:13 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-10 16:48:13 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-10 16:48:13 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-10 16:48:13 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-10 16:48:13 ----A---- C:\Windows\system32\d2d1.dll
2011-02-10 16:48:12 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-10 16:48:12 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-10 16:48:12 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-10 16:48:12 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-10 16:48:12 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-10 16:48:12 ----A---- C:\Windows\system32\dxgi.dll
2011-02-10 16:48:12 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-10 16:48:11 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-10 16:48:11 ----A---- C:\Windows\system32\mf.dll
2011-02-10 16:48:11 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-10 16:48:11 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-10 16:48:11 ----A---- C:\Windows\system32\d3d10.dll
2011-02-10 16:48:10 ----A---- C:\Windows\system32\stobject.dll
2011-02-10 16:48:10 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-10 16:48:10 ----A---- C:\Windows\system32\mfplat.dll
2011-02-10 16:48:10 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-10 16:48:10 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-10 16:48:09 ----A---- C:\Windows\system32\cdd.dll
2011-02-10 16:48:08 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-10 16:48:08 ----A---- C:\Windows\system32\mfps.dll
2011-02-10 16:46:21 ----A---- C:\Windows\system32\mshtml.dll
2011-02-10 16:46:20 ----A---- C:\Windows\system32\ieframe.dll
2011-02-10 16:46:19 ----A---- C:\Windows\system32\wininet.dll
2011-02-10 16:46:19 ----A---- C:\Windows\system32\urlmon.dll
2011-02-10 16:46:19 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-10 16:46:19 ----A---- C:\Windows\system32\iertutil.dll
2011-02-10 16:46:18 ----A---- C:\Windows\system32\occache.dll
2011-02-10 16:46:18 ----A---- C:\Windows\system32\mstime.dll
2011-02-10 16:46:18 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-10 16:46:18 ----A---- C:\Windows\system32\ieui.dll
2011-02-10 16:46:18 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-10 16:46:18 ----A---- C:\Windows\system32\iepeers.dll
2011-02-10 16:46:18 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-10 16:46:17 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-10 16:46:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-10 16:46:17 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-10 16:46:17 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-10 16:46:17 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-10 16:46:17 ----A---- C:\Windows\system32\iesetup.dll
2011-02-10 16:46:17 ----A---- C:\Windows\system32\iernonce.dll
2011-02-10 16:46:17 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-10 16:46:14 ----A---- C:\Windows\system32\shell32.dll
2011-02-10 16:46:13 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-10 16:46:11 ----A---- C:\Windows\system32\atmfd.dll
2011-02-10 16:46:10 ----A---- C:\Windows\system32\atmlib.dll

======List of files/folders modified in the last 1 months======

2011-03-06 14:12:21 ----D---- C:\Windows\Temp
2011-03-06 14:10:46 ----D---- C:\Windows\Prefetch
2011-03-06 14:03:41 ----RD---- C:\Program Files
2011-03-06 08:48:31 ----HD---- C:\ProgramData
2011-03-06 08:48:31 ----HD---- C:\Config.Msi
2011-03-06 03:01:21 ----SHD---- C:\System Volume Information
2011-03-05 23:14:12 ----SHD---- C:\Windows\Installer
2011-03-05 23:14:10 ----D---- C:\Program Files\Common Files
2011-03-05 23:13:55 ----D---- C:\Windows\system32\drivers
2011-03-05 22:22:41 ----SD---- C:\ProgramData\Microsoft
2011-03-05 22:02:29 ----D---- C:\Windows
2011-03-05 07:47:40 ----D---- C:\Windows\system32\catroot
2011-03-05 07:44:12 ----SD---- C:\Users\Lenka\AppData\Roaming\Microsoft
2011-03-05 07:14:12 ----D---- C:\Windows\system32\Tasks
2011-03-05 07:13:04 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-03-05 06:50:19 ----D---- C:\work
2011-03-04 18:24:06 ----D---- C:\Windows\inf
2011-03-03 18:47:20 ----D---- C:\Windows\System32
2011-03-03 18:47:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-24 20:28:46 ----D---- C:\Windows\rescache
2011-02-24 19:36:42 ----D---- C:\Windows\winsxs
2011-02-24 19:36:42 ----D---- C:\Windows\system32\cs-CZ
2011-02-24 19:36:42 ----D---- C:\Windows\PolicyDefinitions
2011-02-24 19:36:31 ----D---- C:\Windows\system32\catroot2
2011-02-19 19:16:07 ----D---- C:\Users\Lenka\AppData\Roaming\Adobe
2011-02-19 19:16:07 ----D---- C:\ProgramData\Adobe
2011-02-13 08:06:41 ----D---- C:\Garmin
2011-02-10 20:23:16 ----D---- C:\Program Files\Windows Mail
2011-02-10 20:23:13 ----D---- C:\Windows\system32\migration
2011-02-10 20:23:13 ----D---- C:\Program Files\Internet Explorer
2011-02-10 18:39:28 ----A---- C:\Windows\system32\mrt.exe
2011-02-08 20:01:32 ----D---- C:\Program Files\rajce

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl2955f189;MpKsl2955f189; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85DCA5B6-1CB5-413E-8C94-B07EF5282656}\MpKsl2955f189.sys [2011-03-06 28752]
R1 MpKsle3ef293e;MpKsle3ef293e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85DCA5B6-1CB5-413E-8C94-B07EF5282656}\MpKsle3ef293e.sys [2011-03-06 28752]
R1 MpKslf0b2e022;MpKslf0b2e022; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85DCA5B6-1CB5-413E-8C94-B07EF5282656}\MpKslf0b2e022.sys [2011-03-06 28752]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 3520512]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2008-04-27 10368]
R3 rt61x86;AirLive WT-2000PCI; C:\Windows\system32\DRIVERS\netr61.sys [2006-12-13 286208]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S1 MpKsla55168f1;MpKsla55168f1; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F172EBED-8582-4944-BD08-119A0E0A7B50}\MpKsla55168f1.sys []
S3 AVFSFilter;AVFSFilter; C:\Windows\system32\DRIVERS\avfsfilter.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-02-26 655360]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\System32\bgsvcgen.exe [2006-12-28 122512]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-02 72704]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2004-03-25 61440]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[krumph]

Omlouvam se za ty preklepy z a y

[krumph]

Jeste bych doplnil, ze jsem zkousel MBAM rychly test a nic nebylo nalezeno. Ted jsem spustil kompletni tak se uvidi.

[vyosek]

Zdravim a pekny vecer preji

Priste si prosim sam neodpovidejte, jinak nam zapadnete (thx Marty84)

Vami zminene soubory jsou legitimni soucasti OS

Pockam na log z MBAMu (kompletni test) a pak uvidime

[krumph]

Dekuji za odpoved a preji pekny vecer.

Odpovidam pozdeji, protoze az ted probehl kompletni scan. Jinak to zatim vzdy spadlo pred dokoncenim. Ani kompletni test nic nenasel. Takze to nam asi moc nepomuze

[vyosek]

Zkontrolujte zda-li nemate vetraky a vetraci pruduchy ucpane prachem

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[krumph]

Tak jsem vyluxoval prach z pocitace (hlavne z zeber chladice) a odstavil ho dal od skrine. Otvor odkud nasaval vetrak vzduch byl nalepen skoro na stenu skrine. Zatim OK, ale nerad bych to zakriknul. Se mi nechce verit, ze by to bylo neco az takhle trapne banalniho i kdyz bych byl rad kdyby to bylo opravdu OK.

[vyosek]

ComboFix tedy zatim nespoustejte, PC sledujte a dejte vedet...