svchost.exe vyuziva 100% cpu po napadniti virusom

[Cruiser]

Dobrý deň,

dúfam že nevadí, že som slovák a píšem po slovensky. Raz dávno ste mi už poradilo a tak idem za osvedcenou kvalitou.

Problem:
- proces svchost.exe chce 100% vyuzitia procesora
- den predtym mi Microsoft essencials na 1 stranke detekoval nejake virusy, nasledne som PC dal kompletne preskenovat, nieco pomazalo a zda sa ze uz nic nevie najst.
- PC niekolko krat restartovane, chyba sa prejavy len ked sa pripojim na siet, pokial som offline, PC ide normalne. Skusal som vypnut automaticke aktualizacie (presiel som asi 20 stranok s radami aj v EN) ale to nepomohlo
- najvacsia sranda je ze ten virus asi napadol aj vsetky FTP na ktore som mal ulozeny pristup, zatial som neskusal nove hesla ak sa virus este neodstranil aby sa dalej nesiril.

- CCcleaner som tak isto pouzil, nakolko som sa docital ze ak antivir nasiel subor a zmazal ho, moze sa svchost.exe zaseknut na nejakom nefunkcnom odkaze. Ale nepomoho

- mam pocit ze narastol aj pocet procesov, cez 50 som nemaval.

Zbehol som RSIT, tu je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Miki at 2010-04-26 14:36:19
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (11%) free of 27 GB
Total RAM: 1014 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:39, on 26. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Miki\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Miki.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ui.skype.com/ui/0/3.0.0.216/cs/myaccount/cruiser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Miki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: monxga32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: monxga32.exe (User 'Default user')
O4 - Startup: monxga32.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://icq.oberon-media.com/gameshell/g ... er_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 10729 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3772451962-228191613-339432073-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3772451962-228191613-339432073-1004UA.job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [10].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [11].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [12].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [13].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [14].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [15].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [16].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [2].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [3].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [4].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [5].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [6].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [7].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [8].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default) [9].job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Default).job
C:\WINDOWS\tasks\KLS Backup Professional Task - Bakalarka (Incremental).job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C00EFB8A-18F7-4C33-8809-BE3D14F563C5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=C:\Windows\RUNXMLPL.exe [2005-05-19 32768]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-04 102490]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-04 708698]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-06-01 192512]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-07-15 32768]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2005-07-25 32768]
"PowerKey"=C:\Program Files\Launch Manager\PowerKey.exe [2002-08-30 94208]
"LManager"=C:\Program Files\Launch Manager\HotkeyApp.exe [2005-06-06 69632]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2003-09-16 20480]
"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2005-07-25 241664]
"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2005-07-25 81920]
"eRecoveryService"=C:\Program Files\Acer\eRecovery\Monitor.exe [2005-06-29 352256]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-01-23 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-23 126976]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-12 20480]
"tsnp2std"=C:\WINDOWS\tsnp2std.exe [2006-11-29 258048]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2006-09-15 675840]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-02-21 1093208]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Google Update"=C:\Documents and Settings\Miki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-11-02 135664]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-03-28 133368]

C:\Documents and Settings\Miki\Nabídka Start\Programy\Po spuštění
monxga32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"D:\Hry\Strategie\Age of Empire 2\age2_x1\age2_x1.exe"="D:\Hry\Strategie\Age of Empire 2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Canon\Color Network ScanGear\SgTool.exe"="C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:SGTOOL"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe"="C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Czech\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
"C:\Program Files\TightVNC\vncviewer.exe"="C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:vncviewer"
"C:\Documents and Settings\Miki\Local Settings\Temp\bulanci.tmp"="C:\Documents and Settings\Miki\Local Settings\Temp\bulanci.tmp:*:Enabled:bulanci"
"D:\Hry\Strategie\CaC Generals\Command and Conquer Generals\game.dat"="D:\Hry\Strategie\CaC Generals\Command and Conquer Generals\game.dat:*:Enabled:game"
"D:\Hry\3D Akcne\Battlefield 1942\BF1942.exe"="D:\Hry\3D Akcne\Battlefield 1942\BF1942.exe:*:Enabled:Battlefield 1942"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Hry\Strategie\Age of Empire 2\empires2.exe"="D:\Hry\Strategie\Age of Empire 2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041ba681-ed15-11dd-a23f-0014a4627ec1}]
shell\AutoRun\command - G:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a4ddffd-2cf8-11df-814c-000ae4ee032a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ReOujIf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9384fd00-c82e-11dd-a235-0014a4627ec1}]
shell\AutoRun\command - ij.bat
shell\explore\command - ij.bat
shell\open\command - ij.bat


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2010-04-26 14:36:27 ----D---- C:\Program Files\trend micro
2010-04-26 14:36:19 ----D---- C:\rsit
2010-04-26 09:54:42 ----D---- C:\Program Files\CCleaner
2010-04-18 10:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-18 10:16:42 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-18 10:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-18 10:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-18 10:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-18 10:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-02 10:54:10 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-27 20:36:06 ----D---- C:\Documents and Settings\Miki\Data aplikací\HP
2010-03-27 20:36:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\WEBREG
2010-03-27 20:34:36 ----A---- C:\WINDOWS\system32\hpf3l70v.dll
2010-03-27 20:34:35 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2010-03-27 20:29:17 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-03-27 20:28:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-03-27 20:26:17 ----D---- C:\Program Files\HP

======List of files/folders modified in the last 1 months======

2010-04-26 14:36:27 ----RD---- C:\Program Files
2010-04-26 14:36:15 ----D---- C:\WINDOWS\Prefetch
2010-04-26 12:38:20 ----SD---- C:\WINDOWS\Tasks
2010-04-26 12:33:44 ----D---- C:\WINDOWS\Temp
2010-04-26 12:33:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-26 12:33:04 ----N---- C:\WINDOWS\system32\eRLog.ini
2010-04-26 12:33:04 ----D---- C:\WINDOWS\system32
2010-04-26 12:32:44 ----A---- C:\WINDOWS\ModemLog_Standardní modem.txt
2010-04-26 12:32:38 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt
2010-04-26 12:30:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-26 12:30:20 ----D---- C:\Documents and Settings\Miki\Data aplikací\ICQ
2010-04-26 12:20:51 ----D---- C:\WINDOWS
2010-04-26 10:07:55 ----D---- C:\WINDOWS\Debug
2010-04-26 10:07:51 ----D---- C:\WINDOWS\Minidump
2010-04-24 17:16:09 ----D---- C:\WINDOWS\system32\drivers
2010-04-24 17:10:32 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-23 13:26:46 ----D---- C:\Program Files\PrimoPDF
2010-04-22 14:23:16 ----D---- C:\Downloads
2010-04-20 15:55:27 ----HD---- C:\WINDOWS\inf
2010-04-18 10:17:01 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-18 10:10:31 ----SHD---- C:\WINDOWS\Installer
2010-04-17 12:26:48 ----D---- C:\Documents and Settings\Miki\Data aplikací\Adobe
2010-04-17 12:26:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-04-16 15:17:32 ----D---- C:\Program Files\Google
2010-04-09 12:59:53 ----A---- C:\WINDOWS\wdict32.INI
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-02 11:12:10 ----D---- C:\Program Files\ICQ7.0
2010-04-02 10:55:52 ----D---- C:\WINDOWS\WinSxS
2010-04-02 10:55:25 ----D---- C:\Program Files\Common Files
2010-04-02 10:51:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-02 10:49:03 ----D---- C:\WINDOWS\twain_32
2010-03-31 10:02:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-31 10:01:31 ----D---- C:\Program Files\Launch Manager
2010-03-31 09:57:55 ----D---- C:\Program Files\Internet Explorer
2010-03-27 20:35:45 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-12-02 149040]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Program Files\Acer\eRecovery\int15.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-10 449888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-15 207232]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-08-02 6144]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 POWERKEY;POWERKEY; \??\C:\Program Files\Launch Manager\POWERKEY.sys []
R3 PTSimBus;PenTablet Bus Enumerator; C:\WINDOWS\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-04 193216]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 flash;flash; \??\C:\WINDOWS\system32\drivers\flash.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-13 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
S3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\WINDOWS\system32\DRIVERS\PTSimHid.sys [2007-04-23 10752]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-01-26 12028032]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2007-04-23 17920]
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2007-04-23 18432]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2007-05-31 12800]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2005-06-06 1273344]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17904]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2007-05-31 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23 1010424]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zatial dakujem

[cernohous13]

Zdravím,

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[Cruiser]

- len by som k tomu dodal ze combofix sa spustil az po restarte (pytal si ho) a vtedy procak spomaleny nebol. Ked siel este pred restartom tak zahajil test a este pred vypisanim dokoncenia 1 fazy vyhodil okno nieco okolo root procesu a ze sa chce restartovat a spustit hned po restarte.

LOG:

ComboFix 10-04-21.01 - Miki . 04. 2010 16:06:13.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.568 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miki\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-26 do 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 12:36 . 2010-04-26 12:47 -------- d-----w- c:\program files\trend micro
2010-04-26 12:36 . 2010-04-26 12:49 -------- d-----w- C:\rsit
2010-04-26 07:54 . 2010-04-26 07:55 -------- d-----w- c:\program files\CCleaner
2010-04-02 08:54 . 2010-04-02 09:10 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-27 18:35 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-03-27 18:35 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-03-27 18:34 . 2009-04-16 13:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-03-27 18:34 . 2009-04-16 13:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-03-27 18:34 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-03-27 18:34 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-03-27 18:29 . 2010-03-27 18:29 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-27 18:26 . 2010-04-02 08:55 -------- d-----w- c:\program files\HP
2010-03-27 18:26 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-27 18:26 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 15:09 . 2004-08-03 20:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-23 11:26 . 2008-08-17 10:34 -------- d-----w- c:\program files\PrimoPDF
2010-04-16 13:17 . 2008-08-02 11:51 -------- d-----w- c:\program files\Google
2010-04-02 09:12 . 2010-02-24 11:54 -------- d-----w- c:\program files\ICQ7.0
2010-03-31 08:02 . 1979-12-31 22:00 83676 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 08:02 . 1979-12-31 22:00 438894 ----a-w- c:\windows\system32\perfh005.dat
2010-03-31 08:01 . 2008-08-01 22:01 -------- d-----w- c:\program files\Launch Manager
2010-03-27 20:50 . 2010-03-01 19:19 25 ----a-w- c:\windows\popcinfot.dat
2010-03-11 10:12 . 2008-08-02 11:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-11 08:57 . 2009-12-14 17:28 -------- d-----w- c:\program files\Logitech
2010-03-11 08:57 . 2009-12-14 17:29 -------- d-----w- c:\program files\Common Files\Logitech
2010-03-11 08:56 . 2008-11-27 17:15 -------- d-----w- c:\program files\Canon
2010-03-11 08:56 . 2005-07-19 08:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 08:25 . 2009-12-14 16:42 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-10 06:17 . 1979-12-31 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 17:28 . 2009-01-16 13:04 256 ----a-w- c:\windows\system32\pool.bin
2010-02-27 13:16 . 2008-10-04 09:22 -------- d-----w- c:\program files\Opera
2010-02-25 06:18 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 08:16 . 2009-12-14 16:47 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 12:09 . 1979-12-31 22:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 13:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 08:50 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 1979-12-31 22:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1979-12-31 22:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Miki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\Miki\Nabˇdka Start\Programy\Po spuçtŘnˇ\
monxga32.exe [2008-4-14 33280]

c:\documents and settings\Miki\Nabˇdka Start\Programy\Po spuçtŘnˇ\
monxga32.exe [2008-4-14 33280]

c:\documents and settings\Miki\Nabˇdka Start\Programy\Po spuçtŘnˇ\
monxga32.exe [2008-4-14 33280]

c:\documents and settings\Miki\Nabˇdka Start\Programy\Po spuçtŘnˇ\
monxga32.exe [2008-4-14 33280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"d:\\Hry\\Strategie\\Age of Empire 2\\age2_x1\\age2_x1.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Czech\\setup.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"d:\\Hry\\3D Akcne\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Hry\\Strategie\\Age of Empire 2\\empires2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2. 8. 2008 14:18 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2. 8. 2008 14:18 5248]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [7. 6. 2007 19:16 18944]
S1 mailKmd;mailKmd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22. 8. 2009 15:52 133104]
S3 flash;flash;c:\windows\system32\drivers\flash.sys [8. 10. 2009 16:33 7040]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6. 11. 2007 22:22 34064]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2. 8. 2008 0:01 2343]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23. 4. 2007 17:28 10752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 13:52]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 13:52]

2009-05-15 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [10].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [11].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [12].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [13].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-13 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [14].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [15].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [16].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [2].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [3].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-13 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [4].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [5].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [6].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [7].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [8].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [9].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default).job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Incremental).job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2010-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]

2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{C00EFB8A-18F7-4C33-8809-BE3D14F563C5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/3.0.0.216/cs/myaccount/cruiser
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\Miki\Data aplikací\Mozilla\Firefox\Profiles\4ykaf4xt.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-{8C3727F2-8E37-49E4-820C-03B1677F53B6} - c:\program files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 16:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A1A458]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75e0f28
\Driver\ACPI -> ACPI.sys @ 0xf73adcb8
\Driver\atapi -> 0x86a1a458
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa
NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf71bebd4
PacketIndicateHandler -> NDIS.sys @ 0xf71caa21
SendHandler -> NDIS.sys @ 0xf71bed44
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
Celkový čas: 2010-04-26 16:18:11
ComboFix-quarantined-files.txt 2010-04-26 14:17

Před spuštěním: 2 953 510 912
Po spuštění: 3 022 159 872

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A123782CDE81EF8129DEC28087B688BC

[cernohous13]

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Driver::
mailKmd
gupdate

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a4ddffd-2cf8-11df-814c-000ae4ee032a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9384fd00-c82e-11dd-a235-0014a4627ec1}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4788DE0A-3552-49EA-AC8C-233DA52523B9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]

File::
C:\Documents and Settings\Miki\Nabídka Start\Programy\Po spuštění\monxga32.exe

[Cruiser]

- hadam to preslo, posielam vypis, chyba sa zatial neprejavila, ak sa objavy, dam vediet.


LOG:

ComboFix 10-04-21.01 - Miki . 04. 2010 18:54:37.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.578 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miki\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Miki\Plocha\CFscript.txt
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\documents and settings\Miki\Nabídka Start\Programy\Po spuštění\monxga32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Miki\Nabídka Start\Programy\Po spuštění\monxga32.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_mailKmd


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-26 do 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 12:36 . 2010-04-26 12:47 -------- d-----w- c:\program files\trend micro
2010-04-26 12:36 . 2010-04-26 12:49 -------- d-----w- C:\rsit
2010-04-26 07:54 . 2010-04-26 07:55 -------- d-----w- c:\program files\CCleaner
2010-04-02 08:54 . 2010-04-02 09:10 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-27 18:35 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-03-27 18:35 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-03-27 18:34 . 2009-04-16 13:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-03-27 18:34 . 2009-04-16 13:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-03-27 18:34 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-03-27 18:34 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-03-27 18:29 . 2010-03-27 18:29 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-27 18:26 . 2010-04-02 08:55 -------- d-----w- c:\program files\HP
2010-03-27 18:26 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-27 18:26 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 15:09 . 2004-08-03 20:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-23 11:26 . 2008-08-17 10:34 -------- d-----w- c:\program files\PrimoPDF
2010-04-16 13:17 . 2008-08-02 11:51 -------- d-----w- c:\program files\Google
2010-04-02 09:12 . 2010-02-24 11:54 -------- d-----w- c:\program files\ICQ7.0
2010-03-31 08:02 . 1979-12-31 22:00 83676 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 08:02 . 1979-12-31 22:00 438894 ----a-w- c:\windows\system32\perfh005.dat
2010-03-31 08:01 . 2008-08-01 22:01 -------- d-----w- c:\program files\Launch Manager
2010-03-27 20:50 . 2010-03-01 19:19 25 ----a-w- c:\windows\popcinfot.dat
2010-03-11 10:12 . 2008-08-02 11:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-11 08:57 . 2009-12-14 17:28 -------- d-----w- c:\program files\Logitech
2010-03-11 08:57 . 2009-12-14 17:29 -------- d-----w- c:\program files\Common Files\Logitech
2010-03-11 08:56 . 2008-11-27 17:15 -------- d-----w- c:\program files\Canon
2010-03-11 08:56 . 2005-07-19 08:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 08:25 . 2009-12-14 16:42 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-10 06:17 . 1979-12-31 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 17:28 . 2009-01-16 13:04 256 ----a-w- c:\windows\system32\pool.bin
2010-02-27 13:16 . 2008-10-04 09:22 -------- d-----w- c:\program files\Opera
2010-02-25 06:18 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 08:16 . 2009-12-14 16:47 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 12:09 . 1979-12-31 22:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 13:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 08:50 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 1979-12-31 22:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1979-12-31 22:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Miki\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"d:\\Hry\\Strategie\\Age of Empire 2\\age2_x1\\age2_x1.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Czech\\setup.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"d:\\Hry\\3D Akcne\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Hry\\Strategie\\Age of Empire 2\\empires2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2. 8. 2008 14:18 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2. 8. 2008 14:18 5248]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2. 8. 2008 0:01 2343]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [7. 6. 2007 19:16 18944]
S3 flash;flash;c:\windows\system32\drivers\flash.sys [8. 10. 2009 16:33 7040]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6. 11. 2007 22:22 34064]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23. 4. 2007 17:28 10752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 13:52]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 13:52]

2009-05-15 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [10].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [11].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [12].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [13].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-13 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [14].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [15].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [16].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [2].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [3].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-13 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [4].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [5].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [6].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [7].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [8].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default) [9].job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Default).job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2009-05-14 c:\windows\Tasks\KLS Backup Professional Task - Bakalarka (Incremental).job
- c:\program files\KLS Soft\KLS Backup 2008 Professional\klsbsched.exe [2009-01-14 19:40]

2010-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]

2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{C00EFB8A-18F7-4C33-8809-BE3D14F563C5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/3.0.0.216/cs/myaccount/cruiser
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\Miki\Data aplikací\Mozilla\Firefox\Profiles\4ykaf4xt.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 19:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x869D3F00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75ebf28
\Driver\ACPI -> ACPI.sys @ 0xf73b8cb8
\Driver\atapi -> 0x869d3f00
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa
NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf71c9bd4
PacketIndicateHandler -> NDIS.sys @ 0xf71d5a21
SendHandler -> NDIS.sys @ 0xf71c9d44
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\acer\eManager\anbmServ.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\WTClient.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\WISPTIS.EXE
.
**************************************************************************
.
Celkový čas: 2010-04-26 19:13:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-26 17:13
ComboFix2.txt 2010-04-26 14:18

Před spuštěním: 3 015 155 712
Po spuštění: 2 875 797 504

- - End Of File - - D6DF0F88B74ABFC3DFEA6FAE50C4296F

[cernohous13]

Jak vypadá využití procesoru?

Jaké jsou problémy po čištění?

[Cruiser]

Chyba sa zatial po cistení znova neprejavila, procesor ide normalne. Na 90% vyriesene, do 100 chyba uz len čas na testovanie.

[cernohous13]

Vypnout driver virtuálních mechanik takto:
stáhni http://jpshortstuff.247fixes.com/beta/Defogger.exe
spusť - klik "Disable" - potvrď hlášku "Continue" - dej sem log který se vytvoří - samozřejmě nech restartovat PC
Až spolu skončíme si ho zase spustíš "Re-enable"

stáhni MBR
http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu
klik Start -> Spustit... - do okna zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj

Pro kontrolu ještě

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení