Procesy svchost.exe, services.exe

[Snyf]

Dobrý den, chtěl bych se zeptat jestli něco nejde udělat s procesy svchost.exe a services.exe. Tyto dva odebírají cca. po dvou hodinách věškerou RAM, což se nikdy nestávalo. Nyní je jakákoliv práce na PC, po uplynutí této doby, nemožná, neboť procesy užírají i procesor (využití CPU v Task Masteru 98-100%). dnes se dokonce objevilo na liště systémové oznámení "Hodnota systémové paměti je příliš malá!". Sledoval jsem procesy od spouštění počítače, oba roustou a postupně se po těch 2 hodinách dostávají do stavu, enormního zatížení computeru. Je na to řešení? Děkuji Snyf.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-04-27 15:09:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (7%) free of 238 GB
Total RAM: 3070 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:09:12, on 27.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Torrent\uTorrent\utorrent.exe
C:\Program Files\DAEMON Tools\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\hry\GamePark\GamePark.cz Klient\gpcl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\hry\Mozilla Firefox\firefox.exe
C:\hry\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: TBSB01731 - {BBD30691-DA35-45D3-98E3-82626702295F} - C:\Program Files\Medio\mediaspector_16.9(1).dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Medio - {8ED663E8-FE06-47C5-A68C-C2E893A36FE0} - C:\Program Files\Medio\mediaspector_16.9(1).dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\Torrent\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GameParkKlient.lnk = C:\hry\GamePark\GamePark.cz Klient\gpcl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\hry\ICQ 6\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\hry\ICQ 6\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12068 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AB4723559180A22D.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-01-11 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-29 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBD30691-DA35-45D3-98E3-82626702295F}]
TBSB01731 Class - C:\Program Files\Medio\mediaspector_16.9(1).dll [2008-08-07 2484224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-11 2403392]
{8ED663E8-FE06-47C5-A68C-C2E893A36FE0} - Medio - C:\Program Files\Medio\mediaspector_16.9(1).dll [2008-08-07 2484224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-29 16859648]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192]
"NPSStartup"= []
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-03-28 1910152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-11 68856]
"uTorrent"=C:\Program Files\Torrent\uTorrent\utorrent.exe [2011-04-21 399736]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2008-03-25 1130496]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"AdobeBridge"= []
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-07-15 102400]
"DriverScanner"=C:\Program Files\Uniblue\DriverScanner\launcher.exe delay 20000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-03-28 1910152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2011-03-01 16949128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\hry\steam\steam.exe [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-17 149280]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
GameParkKlient.lnk - C:\hry\GamePark\GamePark.cz Klient\gpcl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\hry\ICQ 6\ICQ6\ICQ.exe"="C:\hry\ICQ 6\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\hry\Activision\HLSW\hlsw.exe"="C:\hry\Activision\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Czech\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\hry\World of Warcraft\Launcher.exe"="C:\hry\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\hry\HLSW\HLSW\hlsw.exe"="C:\hry\HLSW\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials"
"C:\hry\ICQ 6\ICQ6.5\ICQ.exe"="C:\hry\ICQ 6\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\hry\Blood Bowl\BB.exe"="C:\hry\Blood Bowl\BB.exe:*:Enabled:Blood Bowl"
"C:\hry\Blood Bowl\Autorun\Exe\Autorun.exe"="C:\hry\Blood Bowl\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl - AutoRun"
"C:\hry\Call of duty4\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\hry\Call of duty4\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Torrent\uTorrent\utorrent.exe"="C:\Program Files\Torrent\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\hry\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\hry\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\hry\Borderlands\Binaries\Borderlands.exe"="C:\hry\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\hry\Garena\Garena.exe"="C:\hry\Garena\Garena.exe:*:Enabled:Garena"
"C:\hry\Anno 1404\tools\Anno4Web.exe"="C:\hry\Anno 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web"
"G:\The Misadventures Of P.B. Winterbottom\Winterbottom.exe"="G:\The Misadventures Of P.B. Winterbottom\Winterbottom.exe:*:Disabled:Winterbottom"
"C:\Documents and Settings\Administrator\Local Settings\temp\_tc\Assassins Creed 2 full crack\Emulator\server.exe"="C:\Documents and Settings\Administrator\Local Settings\temp\_tc\Assassins Creed 2 full crack\Emulator\server.exe:*:Enabled:server"
"C:\Documents and Settings\Administrator\Local Settings\temp\_tc16\Assassins Creed 2 full crack\Emulator\server.exe"="C:\Documents and Settings\Administrator\Local Settings\temp\_tc16\Assassins Creed 2 full crack\Emulator\server.exe:*:Enabled:server"
"C:\Documents and Settings\Administrator\Local Settings\temp\_tc17\Assassins Creed 2 full crack\Emulator\server.exe"="C:\Documents and Settings\Administrator\Local Settings\temp\_tc17\Assassins Creed 2 full crack\Emulator\server.exe:*:Enabled:server"
"C:\Program Files\Ubisoft\Emulator\server.exe"="C:\Program Files\Ubisoft\Emulator\server.exe:*:Enabled:server"
"C:\hry\Warcraft III\Warcraft III.exe"="C:\hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\hry\Warcraft III\War3.exe"="C:\hry\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\launch4j-tmp\Free Rapid Downloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\Free Rapid Downloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\hry\Stranglehold\Binaries\Retail-Stranglehold.exe"="C:\hry\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Disabled:Stranglehold"
"C:\hry\Steam\steam.exe"="C:\hry\Steam\steam.exe:*:Enabled:Steam"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\hry\Call of Duty 2\CoD2MP_s.exe"="C:\hry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\hry\Titan Quest IT\Titan Quest IT\Tqit.exe"="C:\hry\Titan Quest IT\Titan Quest IT\Tqit.exe:*:Enabled:Tqit"
"C:\hry\Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="C:\hry\Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\hry\League of Legends\air\LolClient.exe"="C:\hry\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\hry\League of Legends\game\League of Legends.exe"="C:\hry\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\hry\Call of Duty 8 Black Ops\BlackOps.exe"="C:\hry\Call of Duty 8 Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\hry\StarCraft II\StarCraft II.exe"="C:\hry\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"C:\hry\StarCraft II\Versions\Base16939\SC2.exe"="C:\hry\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II"
"C:\hry\StarCraft II\Versions\Base15405\SC2.exe"="C:\hry\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"C:\hry\r.u.s.e\Ruse.exe"="C:\hry\r.u.s.e\Ruse.exe:*:Enabled:R.U.S.E."
"C:\hry\Counter-Strike\hl.exe"="C:\hry\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\hry\World of Warcraft\World of Warcraft\Launcher.exe"="C:\hry\World of Warcraft\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\hry\World of Warcraft\World of Warcraft\Launcher.patch.exe"="C:\hry\World of Warcraft\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\hry\Far Cry\Bin32\FarCry.exe"="C:\hry\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\hry\World of Warcraft\World of Warcraft\Blizzard Downloader.exe"="C:\hry\World of Warcraft\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\hry\Medal Of Honor\MoHMPGame.exe"="C:\hry\Medal Of Honor\MoHMPGame.exe:*:Disabled:Medal of Honor: Multiplayer"
"C:\hry\Medal Of Honor\MoHMPUpdater.exe"="C:\hry\Medal Of Honor\MoHMPUpdater.exe:*:Disabled:Medal of Honor™ MP Beta"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\hry\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\hry\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\hry\Need for Speed(TM) Hot Pursuit\NFS11.exe"="C:\hry\Need for Speed(TM) Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"C:\hry\LoL\air\LolClient.exe"="C:\hry\LoL\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\hry\LoL\game\League of Legends.exe"="C:\hry\LoL\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\hry\League of Legends orig\lol.launcher.exe"="C:\hry\League of Legends orig\lol.launcher.exe:*:Enabled:League of Legends Launcher"
"C:\hry\League of Legends orig\air\LolClient.exe"="C:\hry\League of Legends orig\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\hry\League of Legends orig\game\League of Legends.exe"="C:\hry\League of Legends orig\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\hry\Magic The Gathering\DotP.exe"="C:\hry\Magic The Gathering\DotP.exe:*:Enabled:DotP"
"C:\hry\Crysis 2 Demo\bin32\Crysis2Launcher.exe"="C:\hry\Crysis 2 Demo\bin32\Crysis2Launcher.exe:*:Enabled:Crysis® 2 Demo"
"C:\hry\Crysis 2 Demo\bin32\Crysis2Demo.exe"="C:\hry\Crysis 2 Demo\bin32\Crysis2Demo.exe:*:Enabled:Crysis2Demo"
"C:\hry\Sacred 2 - Fallen Angel\system\s2gs.exe"="C:\hry\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"C:\hry\Sacred 2 - Fallen Angel\system\sacred2.exe"="C:\hry\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\hry\Assassin's Creed Brotherhood\ACBSP.exe"="C:\hry\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"C:\hry\Assassin's Creed Brotherhood\ACBMP.exe"="C:\hry\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"C:\hry\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe"="C:\hry\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"C:\hry\Assassin's Creed Brotherhood\UPlayBrowser.exe"="C:\hry\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"
"C:\hry\Steam\SteamApps\common\zero gear\ZeroGear.bat"="C:\hry\Steam\SteamApps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-04-27 15:09:09 ----D---- C:\Program Files\trend micro
2011-04-24 18:51:03 ----D---- C:\Program Files\Cool Record Edit Pro
2011-04-24 13:25:26 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Import Audio from Video
2011-04-22 21:24:09 ----A---- C:\mbam-error.txt
2011-04-06 19:40:29 ----A---- C:\WINDOWS\system32\ptpusd.dll
2011-04-06 19:40:29 ----A---- C:\WINDOWS\system32\ptpusb.dll
2011-04-06 19:40:28 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-03-29 20:13:58 ----D---- C:\Program Files\LogMeIn Hamachi

======List of files/folders modified in the last 1 months======

2011-04-27 15:09:09 ----RD---- C:\Program Files
2011-04-27 15:09:09 ----D---- C:\RSIT
2011-04-27 15:09:05 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2011-04-27 14:45:16 ----D---- C:\WINDOWS\temp
2011-04-27 14:42:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-25 22:11:20 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-25 18:44:53 ----A---- C:\WINDOWS\wincmd.ini
2011-04-25 18:41:45 ----D---- C:\hry
2011-04-25 18:38:28 ----D---- C:\Filmy
2011-04-25 18:10:15 ----D---- C:\WINDOWS\Prefetch
2011-04-25 17:36:19 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-04-25 01:27:28 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2011-04-25 00:07:00 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2011-04-24 19:25:02 ----D---- C:\WINDOWS
2011-04-24 18:54:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Cool Record Edit Pro
2011-04-24 18:53:10 ----D---- C:\Temp
2011-04-24 18:51:00 ----D---- C:\WINDOWS\system32
2011-04-24 18:42:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Vso
2011-04-24 18:35:13 ----A---- C:\WINDOWS\NeroDigital.ini
2011-04-24 18:21:11 ----A---- C:\WINDOWS\win.ini
2011-04-24 18:21:11 ----A---- C:\WINDOWS\system.ini
2011-04-24 17:32:50 ----HD---- C:\WINDOWS\inf
2011-04-23 12:06:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2011-04-23 11:06:06 ----SHD---- C:\WINDOWS\Installer
2011-04-23 11:06:05 ----D---- C:\Config.Msi
2011-04-23 11:04:34 ----D---- C:\Program Files\Adobe
2011-04-23 11:01:02 ----D---- C:\Program Files\Common Files\Adobe
2011-04-23 10:07:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-23 10:07:06 ----D---- C:\WINDOWS\system32\drivers
2011-04-23 10:07:06 ----D---- C:\WINDOWS\NV560960.TMP
2011-04-22 10:01:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\HLSW
2011-04-21 09:29:42 ----D---- C:\Program Files\uTorrent
2011-04-10 14:49:09 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-10 12:51:55 ----D---- C:\WINDOWS\Debug
2011-04-10 12:51:53 ----D---- C:\WINDOWS\Minidump
2011-04-10 10:31:32 ----HD---- C:\WINDOWS\PIF
2011-04-06 19:40:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-09-29 66048]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-01-06 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-12-05 12032]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-21 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-21 25888]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-16 9623680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-23 47360]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
S1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-09-11 110592]
S3 {cmote;{cmote; C:\WINDOWS\system32\drivers\{cmote.sys []
S3 anh4ir24;anh4ir24; C:\WINDOWS\system32\drivers\anh4ir24.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CYJC8.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\hry\Garena\safedrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-09-14 25280]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-06-03 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-06-03 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-06-03 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-06-03 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-06-03 79488]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-11 172032]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-07-15 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -k runservice []
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-03-19 75136]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2011-04-25 214520]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-09-09 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-10 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-11 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\hry\Sony path\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-02-24 3432444]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\hry\Sony path\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Snyf]

během skenu Combofixem jsem nainstaloval konzoli pro zotavení, pak probíhal sken. Byl ukončen modrou smrtí. Po zapnutí PC sem se dostal na obrazovku s výběrem: 1. Spustit konzoli pro zotavení 2. Spustit Microsoft Windows 3. Spustit Microsoft Windows - instalace (tato položka se zde nachází od doby kdy se mi nepodařilo napoprvé nainstalovat SP3). Doba na výběr je 2 sekundy, takže když se monitor rozsvítil, stěží sem přečetl co je tam napsáno, pokud do 2 sec nic nezvolím PC se restartuje. Po vybrání možnosti 2. jsem se dostal do Windows, ale Combofix nevytvořil žádný log. Co dál?

[Rudy]

Vy jste v návodu četl něco o konzoli pro zotavení? To jsem po vás nežádal, kdyby byla třeba, upozornil bych na to. Použijte T-Cleaner: http://www.uloz.to/1075769/t-cleaner-exe s tlačítkem R, podle kolegova návodu:

R: Odebere Konzolu pro zotavení nainstalovanou ComboFixem. Ten zálohuje původní boot.ini na disku jako boot.bak -> T-Cleaner zkontroluje, zda tento soubor existuje a pokud ano, přejmenuje boot.ini na boot.old a boot.bak na boot.ini. Vyzve k restartu počítače a upozorní uživatele na to, aby spustil T-Cleaner znovu po restartu. Při restartu zmizí nabídka výběru OS a když uživatel spustí T-Cleaner podruhé, smaže boot.old a složku cmdcons

[Snyf]

omlouvám se za konzoli, netušil jsem že je to takový problém... nechápu pořádně vaši větu použitjte "T-Cleaner (odkaz) s tlačítkem r". Co je tlačítko "r"? použil jsem T-Cleaner zeptal se me jestli chci vymazat dva soubory pravdepodobne vytvorene Combofixem - dal jsem ano oba. Napsalo se: "DisableSD=dword:000000" a pak že smazání souborů proběhlo úspěšně. postup jsem zopakoval jak bylo v návodu jenž ste citoval (použít T-Cleaner -> restart -> znovu T-cleaner -> restart) nebyl jsem T-Cleanerem ani jednou vyzván k restatování PC ani se neodrstanila možnost při startu PC k přechodu do konzole pro zotavení...

[Rudy]

T-C uložte na plochu a do přík řádku zkuste napsat:

C:\documents and settings\administrator\plocha\t-cleaner.exe -r

Také je možné editovat ručně soubor c:\boot.ini do takovéhoto tvaru:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

[Snyf]

T-C je na ploše je uložený už od začátku, pouze vypíše: Záložní soubory byly úspěšně smazány. Stisknutím libovolné klávesy ukončíte program. soubor boot jsem editoval. žádné změny konzole pro zotavení tu stále je.

[Rudy]

To není možné. Z tohoto souboru se konzola startuje a jeho editací do výše uvedeného tvaru vrátíte startování win do stavu po instalaci systému, což znamená, že se volba startu nezobrazí. Zkuste obnovu systému k datu před instalací konzoly.

[Snyf]

netušíte jak spustit např. příkazem obnovení systému? přes nabídku start-programy-příslušenství-systémové nástroje-obnovení systému se totiž nic neděje

[cernohous13]

Zdravím a omlouvám se za vstup

Spusť T-cleaner -> klikni klávesu r -> Enter

[Snyf]

stisknu r -> enter -> "Tato volba není podporovaná. Stiskněte libovolnou klavesu pro návrat do hlavniho menu, kde zadejte A pro spusteni programu, nebo N pro jeho ukonceni." Editoval jsem soubor podle návodu boot.bak a ne boot.ini. Soubor boot.bak tam není, všimnul jsem si toho až nyní...

[cernohous13]

tenhle to umí

T-Cleaner.rar

(90.01 KiB) Staženo 46 x

Editoval jsem soubor podle návodu boot.bak a ne boot.ini. Soubor boot.bak tam není

kam jsi ho zašantročil tou editací?

[Snyf]

Tenhle to opravdu umí, konzoli pro zotavení vymazal, ten předtím to neuměl. Zmizela nabídka OS při spouštění PC. Soubor Boot.ini ani boot.bak už na své disku nemám, včera tu byl teď se vypařil mám poslat teda log z CF?

[cernohous13]

Předávám tě zpátky do Rudyho péče - pokračuj podle jeho návodů - zkus znovu ComboFix (bez instal. RecoveryConsole)

[Snyf]

CF vyzkoušen, vypisuje fáze: dokončena fáze 1, dokončena dáze 2, atd atd atd. Po fázi 50 nastává modrá smrt. log se nevytvoří