VIRY.CZ

Prosím o kontrolu, počítač se několik minut po spuštění systému začne zpomalovat.Kopírování souborů neběží rychlostí průměrně 30-50 MB/s, ale třeba jen 2-3 MB/s.Ve správci procesů je vidět, ze proces běží skoro na 100 procent.Např. explorer,totalcmd nebo media player.Děkuji za pomoc....

Logfile of random's system information tool 1.06 (written by random/random)
Run by M@RPET at 2010-01-02 15:20:33
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (27%) free of 25 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:48, on 2.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WebServer\Prog\APACHE\Apache2\bin\Apache.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WebServer\Prog\APACHE\Apache2\bin\Apache.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\OSCAR Editor\OscarEditor.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WebServer\Prog\APACHE\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\OSCAR Editor\OscarData\Tools\MyShowMessage.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Install\System utilities\Anti Spyware\RSIT.exe
C:\Program Files\trend micro\M@RPET.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\WebServer\Prog\APACHE\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DE94BB3-7076-4EB8-84B1-718082583599}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6DE94BB3-7076-4EB8-84B1-718082583599}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6DE94BB3-7076-4EB8-84B1-718082583599}: NameServer = 192.168.2.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\WebServer\Prog\APACHE\Apache2\bin\Apache.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7545 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-05-04 282624]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Nero DriveSpeed"=C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE [2004-06-28 585728]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-03-29 949376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-06-22 133576]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"OscarEditor"=C:\Program Files\OSCAR Editor\OscarEditor.exe [2008-07-30 2865152]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
HPAiODevice(hp psc 900 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
Monitor Apache Servers.lnk - C:\WebServer\Prog\APACHE\Apache2\bin\ApacheMonitor.exe

C:\Documents and Settings\M@RPET\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Curious Labs\Poser 6\Poser.exe"="C:\Program Files\Curious Labs\Poser 6\Poser.exe:*:Enabled:Poser executable file"
"D:\Hry\CoD1\CoDMP.exe"="D:\Hry\CoD1\CoDMP.exe:*:Enabled:CoDMP"
"D:\Download\_Programy\StrongDC_2.03\StrongDC.exe"="D:\Download\_Programy\StrongDC_2.03\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Hry\CS\hl.exe"="D:\Hry\CS\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Download\_Programy\U_Torrent\utorrent.exe"="D:\Download\_Programy\U_Torrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:hlsw"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\CoD2\CoD2MP_s.exe"="D:\Hry\CoD2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\CS_BOTs\hl.exe"="D:\Hry\CS_BOTs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\lsass.exe"="C:\lsass.exe:*:Enabled:TCPOM"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"D:\Hry\CS\hlds.exe"="D:\Hry\CS\hlds.exe:*:Enabled:HLDS Launcher"
"D:\Hry\CoD2_1.0\CoD2MP_s.exe"="D:\Hry\CoD2_1.0\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Multi-screen Remote Desktop(Client)\MSRD.exe"="C:\Program Files\Multi-screen Remote Desktop(Client)\MSRD.exe:*:Enabled:MSRD"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WebServer\Prog\APACHE\Apache2\bin\Apache.exe"="C:\WebServer\Prog\APACHE\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Games\!_New\WarSoW 0.42\warsow_x86.exe"="D:\Games\!_New\WarSoW 0.42\warsow_x86.exe:*:Enabled:Warsow"
"D:\Install\Internet\IRC\mIRC\mirc.exe"="D:\Install\Internet\IRC\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Hry\STEAM\steamapps\k3nob1\day of defeat\hl.exe"="D:\Hry\STEAM\steamapps\k3nob1\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\Need for Speed Underground 2\speed2.exe"="D:\Hry\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Program Files\DAP Premium\DAP.exe"="C:\Program Files\DAP Premium\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\VPN Anonymizer\privoxy\VPN_Anonymizer_webfilter.exe"="C:\Program Files\VPN Anonymizer\privoxy\VPN_Anonymizer_webfilter.exe:*:Enabled:VPN_Anonymizer_webfilter"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"D:\Temp\Portable software\SizePopup.exe"="D:\Temp\Portable software\SizePopup.exe:*:Enabled:SizePopup"
"D:\Hry\rFactor\rFactor.exe"="D:\Hry\rFactor\rFactor.exe:*:Enabled:rFactor"
"D:\Hry\STEAM\steamapps\k3nob1\half-life 2 deathmatch\hl2.exe"="D:\Hry\STEAM\steamapps\k3nob1\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\STEAM\steamapps\k3nob1\deathmatch classic\hl.exe"="D:\Hry\STEAM\steamapps\k3nob1\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\STEAM\steamapps\k3nob1\counter-strike\hl.exe"="D:\Hry\STEAM\steamapps\k3nob1\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Games\!_New\QUAKE\WINQUAKE.EXE"="D:\Games\!_New\QUAKE\WINQUAKE.EXE:*:Enabled:WINQUAKE"
"D:\Hry\Quake 3\quake3.exe"="D:\Hry\Quake 3\quake3.exe:*:Enabled:quake3"
"D:\Hry\Quake\ezquake-gl.exe"="D:\Hry\Quake\ezquake-gl.exe:*:Enabled:ezquake-gl"
"D:\Download\_Programy\U_Torrent\DL\arc\darkplaces.exe"="D:\Download\_Programy\U_Torrent\DL\arc\darkplaces.exe:*:Enabled:DarkPlaces Game Engine"
"D:\Hry\Paintball2\paintball2.exe"="D:\Hry\Paintball2\paintball2.exe:*:Enabled:paintball2"
"D:\Download\_Programy\U_Torrent\DL\Nexuiz\nexuiz.exe"="D:\Download\_Programy\U_Torrent\DL\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz"
"D:\Games\!_New\Nexuiz\nexuiz.exe"="D:\Games\!_New\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz"
"C:\Documents and Settings\M@RPET\Local Settings\Temp\RarSFX0\hl.exe"="C:\Documents and Settings\M@RPET\Local Settings\Temp\RarSFX0\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Games\!_New\QUAKE\GLQUAKE.EXE"="D:\Games\!_New\QUAKE\GLQUAKE.EXE:*:Enabled:GLQUAKE"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Hry\Hidden & Dangerous 2\hd2.exe"="D:\Hry\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2"
"D:\Temp\-\C&C - Red Alert 2\Install\GAME.EXE"="D:\Temp\-\C&C - Red Alert 2\Install\GAME.EXE:*:Enabled:Main executable for Red Alert 2"
"D:\Hry\Quake 4\quake4.exe"="D:\Hry\Quake 4\quake4.exe:*:Enabled:Quake 4"
"D:\Hry\Red Alert 2\GAME.EXE"="D:\Hry\Red Alert 2\GAME.EXE:*:Enabled:Main executable for Red Alert 2"
"D:\Hry\AoE 3\Age3.exe"="D:\Hry\AoE 3\Age3.exe:*:Enabled:Age of Empires 3"
"C:\Documents and Settings\M@RPET\Local Settings\Temp\RarSFX1\hl.exe"="C:\Documents and Settings\M@RPET\Local Settings\Temp\RarSFX1\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\STEAM\steamapps\common\peggle extreme\PeggleExtreme.exe"="D:\Hry\STEAM\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme"
"D:\Games\!_New\Bulanci\bulanci.exe"="D:\Games\!_New\Bulanci\bulanci.exe:*:Enabled:bulanci"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\Hry\Outbreak\Outbreak.exe"="D:\Hry\Outbreak\Outbreak.exe:*:Enabled:Codename: Outbrake"
"D:\Hry\Battlefield 2\BF2.exe"="D:\Hry\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"D:\Games\_Neinstaluji_se\Bulánci\bulanci.exe"="D:\Games\_Neinstaluji_se\Bulánci\bulanci.exe:*:Enabled:bulanci"
"D:\Temp\Total Commander Ultima Prime v4.7\Total Commander Ultima Prime\400000a800002i\utorrent.exe"="D:\Temp\Total Commander Ultima Prime v4.7\Total Commander Ultima Prime\400000a800002i\utorrent.exe:*:Enabled:utorrent"
"C:\Program Files\TC PowerPack\TOTALCMD.EXE"="C:\Program Files\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Games\!_New\WarSoW 0.5\warsow_x86.exe"="D:\Games\!_New\WarSoW 0.5\warsow_x86.exe:*:Enabled:Warsow"
"C:\Program Files\Alias\Maya8.0\bin\maya.exe"="C:\Program Files\Alias\Maya8.0\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\Poser 7\Poser.exe"="C:\Program Files\Poser 7\Poser.exe:*:Enabled:Poser executable file"
"C:\Program Files\Corel\DVD9\WinDVD.exe"="C:\Program Files\Corel\DVD9\WinDVD.exe:*:Enabled:WinDVD"
"D:\Hry\Halo 1\HALO.EXE"="D:\Hry\Halo 1\HALO.EXE:*:Enabled:Halo"
"D:\Download\Gang Garrison 2\Gang Garrison 2.exe"="D:\Download\Gang Garrison 2\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2"
"D:\Hry\Battlefield 2\Bf2_w32ded.exe"="D:\Hry\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"D:\Hry\FlatOut2\FlatOut2.exe"="D:\Hry\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"D:\Hry\FlatOut1\flatout.exe"="D:\Hry\FlatOut1\flatout.exe:*:Enabled:flatout"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4868528c-cf5d-11dd-ba97-0011d8c30f00}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ipse32.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ipse32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59182ed8-cdcf-11de-97ae-0011d8c30f00}]
shell\verb\command - explorer http://www.p4c.philips.com/files/s/sa1m ... al_eng.zip

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fbb53e-d204-11de-97ba-0011d8c30f00}]
shell\verb\command - explorer http://www.p4c.philips.com/files/s/sa1m ... al_eng.zip


======File associations======

.js - edit -
.js - open - "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1"
.txt - open - "C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1"

======List of files/folders created in the last 1 months======

2010-01-02 15:20:34 ----D---- C:\Program Files\trend micro
2010-01-02 15:20:33 ----D---- C:\rsit
2009-12-30 16:42:55 ----A---- C:\WINDOWS\imsins.BAK
2009-12-30 16:14:43 ----D---- C:\Program Files\MSBuild
2009-12-30 09:53:32 ----D---- C:\Documents and Settings\M@RPET\Data aplikací\MACiOZO
2009-12-30 09:53:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MACiOZO

======List of files/folders modified in the last 1 months======

2010-01-02 15:20:34 ----RD---- C:\Program Files
2010-01-02 15:20:33 ----D---- C:\WINDOWS\Prefetch
2010-01-02 15:00:33 ----D---- C:\WINDOWS\Temp
2010-01-02 12:18:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-01 23:19:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-01 23:19:34 ----HD---- C:\WINDOWS\inf
2010-01-01 19:54:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DVD Shrink
2009-12-31 19:51:39 ----A---- C:\WINDOWS\winamp.ini
2009-12-31 09:00:37 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-31 09:00:03 ----RSD---- C:\WINDOWS\assembly
2009-12-30 17:44:53 ----D---- C:\WINDOWS\system32
2009-12-30 17:22:55 ----D---- C:\WINDOWS
2009-12-30 17:22:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-30 16:42:31 ----SHD---- C:\WINDOWS\Installer
2009-12-30 16:41:26 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft
2009-12-30 16:39:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-30 16:14:48 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-30 16:14:44 ----D---- C:\WINDOWS\system32\en-us
2009-12-30 16:14:36 ----RSD---- C:\WINDOWS\Fonts
2009-12-30 16:11:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-30 16:11:04 ----D---- C:\WINDOWS\WinSxS
2009-12-30 16:05:13 ----D---- C:\WINDOWS\system32\DirectX
2009-12-30 16:04:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-30 16:03:48 ----D---- C:\Program Files\AGEIA Technologies
2009-12-30 16:01:23 ----D---- C:\WINDOWS\Logs
2009-12-29 21:17:23 ----D---- C:\Documents and Settings\M@RPET\Data aplikací\Skype
2009-12-29 14:28:43 ----D---- C:\Program Files\Eset
2009-12-29 14:28:26 ----D---- C:\Program Files\NetMeter
2009-12-27 23:55:02 ----D---- C:\WINDOWS\system32\drivers
2009-12-23 11:15:21 ----D---- C:\Documents and Settings\M@RPET\Data aplikací\Wildfire
2009-12-21 23:32:40 ----D---- C:\WINDOWS\system32\wbem
2009-12-16 23:47:55 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-12-09 23:49:20 ----D---- C:\WINDOWS\system32\oodag

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2009-04-25 33408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-03-29 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-03-29 512096]
R2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL); C:\WINDOWS\system32\drivers\wfpvrenc.sys [2005-05-12 298496]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner; C:\WINDOWS\system32\drivers\wfpvrtun.sys [2005-05-12 32640]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture; C:\WINDOWS\system32\drivers\wfpvrcap.sys [2005-05-12 163968]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-03-02 10368]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar; C:\WINDOWS\system32\drivers\WFPVRBAR.sys [2005-05-12 9600]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 a34ommad;a34ommad; C:\WINDOWS\system32\drivers\a34ommad.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-01-29 370382]
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-31 17480]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 p17filt;p17filt; C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-01-30 25216]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2;Apache2; C:\WebServer\Prog\APACHE\Apache2\bin\Apache.exe [2006-07-27 20541]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2009-04-25 122512]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2008-07-04 512000]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-03-29 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-08-25 75064]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-09-12 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-19 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dejte log z Combofix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Zde je log.Jen zmíním, že se mi nepovedlo ani ze Zprávce úloh v procesech vypnout NOD32, pokaždé když jsem ho chtěl ručně ukončit, objevil se tam znovu.Snad to nemělo nějaký negativní vliv na činnost Combofixu.

ComboFix 10-01-01.05 - M@RPET 02.01.2010 17:18:47.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.695 [GMT 1:00]
Spuštěný z: c:\documents and settings\M@RPET\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2000478354-884357618-682003330-1003
c:\windows\system32\Data
c:\windows\system32\ieuinit.inf
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-02 do 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-02 14:20 . 2010-01-02 14:20 -------- d-----w- c:\program files\trend micro
2010-01-02 14:20 . 2010-01-02 14:20 -------- d-----w- C:\rsit
2009-12-30 15:14 . 2009-12-30 15:14 -------- d-----w- c:\program files\MSBuild
2009-12-30 15:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 15:39 . 2006-08-20 19:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 15:11 . 2001-10-25 14:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2009-12-30 15:11 . 2001-10-25 14:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2009-12-30 15:04 . 2008-10-27 19:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 15:03 . 2009-02-21 21:54 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-29 13:28 . 2006-07-24 21:01 -------- d-----w- c:\program files\Eset
2009-12-29 13:28 . 2008-02-06 21:25 -------- d-----w- c:\program files\NetMeter
2009-12-28 16:06 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-12-16 22:48 . 2008-05-30 20:15 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-16 22:47 . 2008-05-30 20:15 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-02 08:38 . 2008-02-06 21:06 43 ----a-w- c:\windows\popcinfo.dat
2009-11-25 20:26 . 2009-11-21 10:45 -------- d-----w- c:\program files\ICQToolbar
2009-11-25 17:19 . 2008-12-15 17:32 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-24 19:22 . 2009-11-12 16:39 -------- d-----w- c:\program files\Pro Pinball
2009-11-21 10:45 . 2008-06-14 16:46 -------- d-----w- c:\program files\Oberon Media
2009-11-12 16:35 . 2009-11-12 16:35 -------- d-----w- c:\program files\TopWare
2009-10-17 21:42 . 2009-10-17 21:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2005-09-09 17:55 . 2006-08-02 17:25 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-09 17:55 . 2006-08-02 17:25 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-09 17:55 . 2006-08-02 17:25 37766164 ----a-w- c:\program files\Data1.cab
2009-09-19 11:46 . 2009-09-19 11:43 88 --sh--r- c:\windows\system32\88AC6D02C0.sys
2009-09-19 11:46 . 2009-09-19 11:43 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2008-07-30 2865152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-01-28 1228800]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-05-04 282624]
"P17Helper"="P17.dll" [2005-05-03 64512]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-29 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\M@RPET\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HPAiODevice(hp psc 900 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe [2002-9-26 487484]
Monitor Apache Servers.lnk - c:\webserver\Prog\APACHE\Apache2\bin\ApacheMonitor.exe [2008-2-6 41042]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Hry\\CoD1\\CoDMP.exe"=
"d:\\Download\\_Programy\\U_Torrent\\utorrent.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Hry\\CoD2\\CoD2MP_s.exe"=
"d:\\Hry\\CoD2_1.0\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WebServer\\Prog\\APACHE\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"d:\\Games\\!_New\\WarSoW 0.42\\warsow_x86.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\day of defeat\\hl.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\deathmatch classic\\hl.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\counter-strike\\hl.exe"=
"d:\\Hry\\Quake\\ezquake-gl.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\STEAM\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\Battlefield 2\\BF2.exe"=
"d:\\Games\\_Neinstaluji_se\\Bulánci\\bulanci.exe"=
"c:\\Program Files\\TC PowerPack\\TOTALCMD.EXE"=
"d:\\Games\\!_New\\WarSoW 0.5\\warsow_x86.exe"=
"d:\\Hry\\Battlefield 2\\Bf2_w32ded.exe"=
"d:\\Hry\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [13.9.2006 23:01 76160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [29.3.2008 8:12 15424]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL);c:\windows\system32\drivers\wfpvrenc.sys [28.7.2006 10:09 298496]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;c:\windows\system32\drivers\wfpvrtun.sys [28.7.2006 10:09 32640]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;c:\windows\system32\drivers\wfpvrcap.sys [28.7.2006 10:09 163968]
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;c:\windows\system32\drivers\WFPVRBAR.sys [28.7.2006 10:09 9600]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.3.2007 20:31 715248]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20.3.2006 18:34 1452032]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [21.8.2006 0:17 9446]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
LSP: c:\windows\system32\imon.dll
TCP: {6DE94BB3-7076-4EB8-84B1-718082583599} = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-GLOBEtrotter FLEXid Drivers - c:\program files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu
AddRemove-HijackThis - d:\install\System utilities\Anti Spyware\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 17:27
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="6EF4F8505546C23D30D89E7E2A617E5C627028559EA33AED7F5A1A25A31270637A51F3DBA448262AADF9CD327B2FC700C7F97E2EEA801F9DD96CDAF32C9D55B16A187D6294B083A39C7E1F0ABBA057AFE5BA07653EDB46CFD42700F30C644C74E9E0E58F45BB4309FA113EA4AA11C052AA87652F1D4C8B8F6FADC48EA5DA9DFCA93BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D679406B496870B75B618544936E23ABC0D8B14C874A027F32CB58764BF5F9A45FA1D7264913C35E41C244D7D74A775070447126A270442A321289A63CBA394170EED84D72203A904DCEBB106DCE741906B26CED3F5B9F26ACA94EE85284311A233C5373CE5AA19550FC919456CCF3AA10B6F183B5D6B6073444EAEF6F383DE19F7A5ACD1BA341F2FCD893AB0E33F62572FDBE06A20731540A91CA1F6105F3200E882A56BC3D636BB3AEBF350C74A9E9E29993D4142E37E259D3939D62483A2B298C20CF1687EBF7BF7A745C3DE3738BD4DCBE8300C00EF4B455486019950A9DC9E43EBE253C67E3F2DE3D43A35025D4CF307403E8B4220AE4B91C1ED9EDCA8019554734D74841D2F863EEA799DDA9F347AD5468612D528215C86C52E2672E2F49B39F856FEBDA64533C8745BA9A4F2B6C0379F35359A86C7AA3E11E4E40EFE6354A9F2B5E82D0C51E707024DB1F7B2E7AC9B180F4D279F196B3846C8566288C8E453FBB6EDC021F4DB7248CED29D1AAEA5699CE8F742386458682CA637D3EE787955D63B8D9A9E27C9F721F76C18CCC719FBBE2D9669F9C92FB4AE5C8BFB06963FC2E5378B1221B3717988EFA319CE41F69FB35A4DCCF43D31F85B5D1728859CE9A431B26D322AB8174B9F74DF0A0980B417570205D01B87258266B1665B87DAB0F664C87F381B298337ABD64D844ABCC918264C6C0EC2C65316A674C5498B714C2ACFAC5097BECA007816FB5CD8430234CDC2F17450256A8AEA9553C85CF6557D22E620B3764139DDC16ADDC00B893073D4F341511A62B81C2BD293C5B28E51053642FBC0AFB1E3EFB8D90B735016FA8DC0A01D7C1EFBC75D75A28BD49C00832B321D2D52D0868C0F733A223098C6E88A95597B3346D808A85D69275620585D39D658B2871E16CA950283D9F6FE5D5776CECEE5F62E44375AEAB465EA778DA3FE58F5A2430D9E08E3E4D37A0B59FD7562DAD7FC8D26E96A551632D9F90F75714E5E9F242C473F055D0FEA63F5AE3447E2996D70FD335E0C7E52332A2C09CA357F842173AFADFCD2E86BAD83043AEA2391632E87960E9658407EB113F03B2F2FE95C6A617BD03F59F356A461446C74B709025B1DE8A26F5F0874C6647A2DA474EE688DD181F6D3D16C227E168BE78782"
"OODEFRAG10.00.00.01WORKSTATION"="08C3C21C953ED78CF8217516A60058D18AAB0CF0753E53AD59BD53B61FDFD4AA35B26218A6A7AC1F4ECF6A1274C236C77AFA056FD7AA3D2706441F92AA52663E18BD6E92F62C338F25A27AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407FEBC9E127BECC74CFEBC9E127BECC74C6B64312572191A97BFC9C1023897FDEFDD6733B0FB51D9E173E4FA05A8DF61F48F1B9391EDD94D65BCB67C33C54E0E256E7E0810C4423BF3BE9180C1C541E207FBCA957E58869D3D012A9BD906A97CE663C7210FE963389FF368CA6613E0452C0790841E392221FB8E3583E9BFF383A40F7017830EEBD30352CEC648307A6DD77B2AC3E5CE1540856092AB1BEDDE33D2344A178589F2DEC30AD0F6FE7332147D99F94C108A293940DF1DA2E73FFD6C680FC96170E778818AC19BF169640FC6981287271B130F9D966E54858F164AE7E04908CDE368DBB984947F6228BE7AE4268E7D764940D95477DFDA8A94899F2F3B86C243457EE3D4618F74061E7442A5A829AA6A20A1019655FCFBF940E2BFA17CD95840BCD1B9F856B493AF78291A0F23F0834C6AF560F1A70021AE1C214DF1AC4D4FD5B53EE91C9B791BC421B597FE22681CF5B6B43647E71ADA1A7676D026D55E50A8E052658A6EC9EBC04BA6B5A63206B0D8D50826CE94EEDC4164CAB81A88FCA9F2B153046310020DB06ABB520AE4B621F5DD4B398FB217803B3B3752FBD78EC981E0367D1C43F42937396BAF83CF58EE65AA125869C51E3FB3180B55CEDCEC47356AA96FFA51678B8AB3DBF4BD0CBD4253D921550CDA84B9EC59C8576932E3D9848E0ADB1C8795A7F59BEBABBAB92F64FDCCF062007F3DB43A2126D6F5F635DFF6526D27EF37AC1456752AC2CE7766C5B82AB0959CC5319803D70E3374CF16D82C7C1A9AB933CC099E0C5B0EA36C12F86BDCC0EC90C53DEEC4281FB03663AEEA53990B6411558E6655E9F9C0344257339011B7C65E992F6A0F81AC7763DE9C5E32F97196627A7B2C946230F6D2A64B5238B95EE5DA5FCC5C06173C15F4EF71202332AF25EC828F810B0A5F30254AF853850E3272B0BA4E3F635F8979BBCBB14192195D6A44D13F3079B91DCCA1636059AE0865F65CD0DD2D711502F8D829557601CB46A2D0D170A4B78EB015952D74AB80645BE3304E1DE612B8C74C45C44A18852B6AF0CD6F7BF2AFEA963223629BB459A6B00C52DF9F4FB88DB10FC8DD7224C75AFBD8CB9AAF505F710032BD47B183AC14B1273C39ED6EED994BC1843722BA06C1E3C5AD484E95590E5188AE20844B02B75F513C918371CE295249EA1AA221908CBC832BF08E4243EBA20C92365863F35F6F87F2225027094AB96E41502F41CEAB56C4519199F6D87D41755B58E345339C4B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-01-02 17:30:53
ComboFix-quarantined-files.txt 2010-01-02 16:30

Před spuštěním: 7 080 128 512
Po spuštění: 7 160 864 768

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 90E33552B1C8410E3647A653447AE12D

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\88AC6D02C0.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4868528c-cf5d-11dd-ba97-0011d8c30f00}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Tady je výsledný log.
Combofix po vyčištění nahrál nejaký obsah na server.

ComboFix 10-01-01.05 - M@RPET 02.01.2010 18:48:47.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.618 [GMT 1:00]
Spuštěný z: c:\documents and settings\M@RPET\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\M@RPET\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


file zipped: c:\windows\system32\88AC6D02C0.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\88AC6D02C0.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-02 do 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-02 14:20 . 2010-01-02 14:20 -------- d-----w- c:\program files\trend micro
2009-12-30 15:14 . 2009-12-30 15:14 -------- d-----w- c:\program files\MSBuild
2009-12-30 15:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 15:39 . 2006-08-20 19:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 15:11 . 2001-10-25 14:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2009-12-30 15:11 . 2001-10-25 14:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2009-12-30 15:04 . 2008-10-27 19:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 15:03 . 2009-02-21 21:54 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-29 13:28 . 2006-07-24 21:01 -------- d-----w- c:\program files\Eset
2009-12-29 13:28 . 2008-02-06 21:25 -------- d-----w- c:\program files\NetMeter
2009-12-28 16:06 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-12-16 22:48 . 2008-05-30 20:15 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-16 22:47 . 2008-05-30 20:15 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-02 08:38 . 2008-02-06 21:06 43 ----a-w- c:\windows\popcinfo.dat
2009-11-25 20:26 . 2009-11-21 10:45 -------- d-----w- c:\program files\ICQToolbar
2009-11-25 17:19 . 2008-12-15 17:32 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-24 19:22 . 2009-11-12 16:39 -------- d-----w- c:\program files\Pro Pinball
2009-11-21 10:45 . 2008-06-14 16:46 -------- d-----w- c:\program files\Oberon Media
2009-11-12 16:35 . 2009-11-12 16:35 -------- d-----w- c:\program files\TopWare
2009-10-17 21:42 . 2009-10-17 21:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2005-09-09 17:55 . 2006-08-02 17:25 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-09 17:55 . 2006-08-02 17:25 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-09 17:55 . 2006-08-02 17:25 37766164 ----a-w- c:\program files\Data1.cab
2009-09-19 11:46 . 2009-09-19 11:43 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2008-07-30 2865152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-01-28 1228800]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-05-04 282624]
"P17Helper"="P17.dll" [2005-05-03 64512]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-29 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\M@RPET\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HPAiODevice(hp psc 900 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe [2002-9-26 487484]
Monitor Apache Servers.lnk - c:\webserver\Prog\APACHE\Apache2\bin\ApacheMonitor.exe [2008-2-6 41042]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Hry\\CoD1\\CoDMP.exe"=
"d:\\Download\\_Programy\\U_Torrent\\utorrent.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Hry\\CoD2\\CoD2MP_s.exe"=
"d:\\Hry\\CoD2_1.0\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WebServer\\Prog\\APACHE\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"d:\\Games\\!_New\\WarSoW 0.42\\warsow_x86.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\day of defeat\\hl.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\deathmatch classic\\hl.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\counter-strike\\hl.exe"=
"d:\\Hry\\Quake\\ezquake-gl.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\STEAM\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\Battlefield 2\\BF2.exe"=
"d:\\Games\\_Neinstaluji_se\\Bulánci\\bulanci.exe"=
"c:\\Program Files\\TC PowerPack\\TOTALCMD.EXE"=
"d:\\Games\\!_New\\WarSoW 0.5\\warsow_x86.exe"=
"d:\\Hry\\Battlefield 2\\Bf2_w32ded.exe"=
"d:\\Hry\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [13.9.2006 23:01 76160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [29.3.2008 8:12 15424]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL);c:\windows\system32\drivers\wfpvrenc.sys [28.7.2006 10:09 298496]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;c:\windows\system32\drivers\wfpvrtun.sys [28.7.2006 10:09 32640]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;c:\windows\system32\drivers\wfpvrcap.sys [28.7.2006 10:09 163968]
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;c:\windows\system32\drivers\WFPVRBAR.sys [28.7.2006 10:09 9600]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.3.2007 20:31 715248]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20.3.2006 18:34 1452032]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [21.8.2006 0:17 9446]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
LSP: c:\windows\system32\imon.dll
TCP: {6DE94BB3-7076-4EB8-84B1-718082583599} = 192.168.2.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 18:56
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="6EF4F8505546C23D30D89E7E2A617E5C627028559EA33AED7F5A1A25A31270637A51F3DBA448262AADF9CD327B2FC700C7F97E2EEA801F9DD96CDAF32C9D55B16A187D6294B083A39C7E1F0ABBA057AFE5BA07653EDB46CFD42700F30C644C74E9E0E58F45BB4309FA113EA4AA11C052AA87652F1D4C8B8F6FADC48EA5DA9DFCA93BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D679406B496870B75B618544936E23ABC0D8B14C874A027F32CB58764BF5F9A45FA1D7264913C35E41C244D7D74A775070447126A270442A321289A63CBA394170EED84D72203A904DCEBB106DCE741906B26CED3F5B9F26ACA94EE85284311A233C5373CE5AA19550FC919456CCF3AA10B6F183B5D6B6073444EAEF6F383DE19F7A5ACD1BA341F2FCD893AB0E33F62572FDBE06A20731540A91CA1F6105F3200E882A56BC3D636BB3AEBF350C74A9E9E29993D4142E37E259D3939D62483A2B298C20CF1687EBF7BF7A745C3DE3738BD4DCBE8300C00EF4B455486019950A9DC9E43EBE253C67E3F2DE3D43A35025D4CF307403E8B4220AE4B91C1ED9EDCA8019554734D74841D2F863EEA799DDA9F347AD5468612D528215C86C52E2672E2F49B39F856FEBDA64533C8745BA9A4F2B6C0379F35359A86C7AA3E11E4E40EFE6354A9F2B5E82D0C51E707024DB1F7B2E7AC9B180F4D279F196B3846C8566288C8E453FBB6EDC021F4DB7248CED29D1AAEA5699CE8F742386458682CA637D3EE787955D63B8D9A9E27C9F721F76C18CCC719FBBE2D9669F9C92FB4AE5C8BFB06963FC2E5378B1221B3717988EFA319CE41F69FB35A4DCCF43D31F85B5D1728859CE9A431B26D322AB8174B9F74DF0A0980B417570205D01B87258266B1665B87DAB0F664C87F381B298337ABD64D844ABCC918264C6C0EC2C65316A674C5498B714C2ACFAC5097BECA007816FB5CD8430234CDC2F17450256A8AEA9553C85CF6557D22E620B3764139DDC16ADDC00B893073D4F341511A62B81C2BD293C5B28E51053642FBC0AFB1E3EFB8D90B735016FA8DC0A01D7C1EFBC75D75A28BD49C00832B321D2D52D0868C0F733A223098C6E88A95597B3346D808A85D69275620585D39D658B2871E16CA950283D9F6FE5D5776CECEE5F62E44375AEAB465EA778DA3FE58F5A2430D9E08E3E4D37A0B59FD7562DAD7FC8D26E96A551632D9F90F75714E5E9F242C473F055D0FEA63F5AE3447E2996D70FD335E0C7E52332A2C09CA357F842173AFADFCD2E86BAD83043AEA2391632E87960E9658407EB113F03B2F2FE95C6A617BD03F59F356A461446C74B709025B1DE8A26F5F0874C6647A2DA474EE688DD181F6D3D16C227E168BE78782"
"OODEFRAG10.00.00.01WORKSTATION"="08C3C21C953ED78CF8217516A60058D18AAB0CF0753E53AD59BD53B61FDFD4AA35B26218A6A7AC1F4ECF6A1274C236C77AFA056FD7AA3D2706441F92AA52663E18BD6E92F62C338F25A27AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407FEBC9E127BECC74CFEBC9E127BECC74C6B64312572191A97BFC9C1023897FDEFDD6733B0FB51D9E173E4FA05A8DF61F48F1B9391EDD94D65BCB67C33C54E0E256E7E0810C4423BF3BE9180C1C541E207FBCA957E58869D3D012A9BD906A97CE663C7210FE963389FF368CA6613E0452C0790841E392221FB8E3583E9BFF383A40F7017830EEBD30352CEC648307A6DD77B2AC3E5CE1540856092AB1BEDDE33D2344A178589F2DEC30AD0F6FE7332147D99F94C108A293940DF1DA2E73FFD6C680FC96170E778818AC19BF169640FC6981287271B130F9D966E54858F164AE7E04908CDE368DBB984947F6228BE7AE4268E7D764940D95477DFDA8A94899F2F3B86C243457EE3D4618F74061E7442A5A829AA6A20A1019655FCFBF940E2BFA17CD95840BCD1B9F856B493AF78291A0F23F0834C6AF560F1A70021AE1C214DF1AC4D4FD5B53EE91C9B791BC421B597FE22681CF5B6B43647E71ADA1A7676D026D55E50A8E052658A6EC9EBC04BA6B5A63206B0D8D50826CE94EEDC4164CAB81A88FCA9F2B153046310020DB06ABB520AE4B621F5DD4B398FB217803B3B3752FBD78EC981E0367D1C43F42937396BAF83CF58EE65AA125869C51E3FB3180B55CEDCEC47356AA96FFA51678B8AB3DBF4BD0CBD4253D921550CDA84B9EC59C8576932E3D9848E0ADB1C8795A7F59BEBABBAB92F64FDCCF062007F3DB43A2126D6F5F635DFF6526D27EF37AC1456752AC2CE7766C5B82AB0959CC5319803D70E3374CF16D82C7C1A9AB933CC099E0C5B0EA36C12F86BDCC0EC90C53DEEC4281FB03663AEEA53990B6411558E6655E9F9C0344257339011B7C65E992F6A0F81AC7763DE9C5E32F97196627A7B2C946230F6D2A64B5238B95EE5DA5FCC5C06173C15F4EF71202332AF25EC828F810B0A5F30254AF853850E3272B0BA4E3F635F8979BBCBB14192195D6A44D13F3079B91DCCA1636059AE0865F65CD0DD2D711502F8D829557601CB46A2D0D170A4B78EB015952D74AB80645BE3304E1DE612B8C74C45C44A18852B6AF0CD6F7BF2AFEA963223629BB459A6B00C52DF9F4FB88DB10FC8DD7224C75AFBD8CB9AAF505F710032BD47B183AC14B1273C39ED6EED994BC1843722BA06C1E3C5AD484E95590E5188AE20844B02B75F513C918371CE295249EA1AA221908CBC832BF08E4243EBA20C92365863F35F6F87F2225027094AB96E41502F41CEAB56C4519199F6D87D41755B58E345339C4B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-01-02 18:59:32
ComboFix-quarantined-files.txt 2010-01-02 17:59
ComboFix2.txt 2010-01-02 16:30

Před spuštěním: 7 173 308 416
Po spuštění: 7 162 421 248

- - End Of File - - 0EBCE232CAE887707094C0CCD0A08384
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý. Byl nahrán smazaný soubor pro potřeby autora utility. Nastala nějaká změna?

Tak to vypadá v pořádku.Vše funguje OK.Zatížení procesů je v normě...
Mockrát děkuji za pomoc.

Rádo se stalo!

Dobrý večer.
Tak problém se objevil znovu.Zpomalení počítače, procesy vytížené na 100 procent......
Přikládám log z RSIT.
Prosím o pomoc....Kdyby se dalo zjistit čím to je, mohl bych se postarat, aby se to neopakovalo.
Bohužel k PC mají přístup i jiní uživatelé....

Logfile of random's system information tool 1.06 (written by random/random)
Run by M@RPET at 2010-01-06 22:07:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (29%) free of 25 GB
Total RAM: 1023 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:56, on 6.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Windows NT\Aquapixel\aquapixel.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\OSCAR Editor\OscarEditor.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\OSCAR Editor\OscarData\Tools\MyShowMessage.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Install\System utilities\Anti Spyware\RSIT.exe
C:\Program Files\trend micro\M@RPET.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DE94BB3-7076-4EB8-84B1-718082583599}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6DE94BB3-7076-4EB8-84B1-718082583599}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6DE94BB3-7076-4EB8-84B1-718082583599}: NameServer = 192.168.2.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 6861 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-05-04 282624]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Nero DriveSpeed"=C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE [2004-06-28 585728]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-03-29 949376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-06-22 133576]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"OscarEditor"=C:\Program Files\OSCAR Editor\OscarEditor.exe [2008-07-30 2865152]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
HPAiODevice(hp psc 900 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Hry\CoD1\CoDMP.exe"="D:\Hry\CoD1\CoDMP.exe:*:Enabled:CoDMP"
"D:\Download\_Programy\U_Torrent\utorrent.exe"="D:\Download\_Programy\U_Torrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:hlsw"
"D:\Hry\CoD2\CoD2MP_s.exe"="D:\Hry\CoD2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\CoD2_1.0\CoD2MP_s.exe"="D:\Hry\CoD2_1.0\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WebServer\Prog\APACHE\Apache2\bin\Apache.exe"="C:\WebServer\Prog\APACHE\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD"
"D:\Games\!_New\WarSoW 0.42\warsow_x86.exe"="D:\Games\!_New\WarSoW 0.42\warsow_x86.exe:*:Enabled:Warsow"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Hry\STEAM\steamapps\k3nob1\day of defeat\hl.exe"="D:\Hry\STEAM\steamapps\k3nob1\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"D:\Hry\STEAM\steamapps\k3nob1\half-life 2 deathmatch\hl2.exe"="D:\Hry\STEAM\steamapps\k3nob1\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"D:\Hry\STEAM\steamapps\k3nob1\deathmatch classic\hl.exe"="D:\Hry\STEAM\steamapps\k3nob1\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\STEAM\steamapps\k3nob1\counter-strike\hl.exe"="D:\Hry\STEAM\steamapps\k3nob1\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\Quake\ezquake-gl.exe"="D:\Hry\Quake\ezquake-gl.exe:*:Enabled:ezquake-gl"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Hry\STEAM\steamapps\common\peggle extreme\PeggleExtreme.exe"="D:\Hry\STEAM\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\Hry\Battlefield 2\BF2.exe"="D:\Hry\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"D:\Games\_Neinstaluji_se\Bulánci\bulanci.exe"="D:\Games\_Neinstaluji_se\Bulánci\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\TC PowerPack\TOTALCMD.EXE"="C:\Program Files\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Games\!_New\WarSoW 0.5\warsow_x86.exe"="D:\Games\!_New\WarSoW 0.5\warsow_x86.exe:*:Enabled:Warsow"
"D:\Hry\Battlefield 2\Bf2_w32ded.exe"="D:\Hry\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"D:\Hry\FlatOut2\FlatOut2.exe"="D:\Hry\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-06 22:07:26 ----D---- C:\rsit
2010-01-06 21:32:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-05 23:22:26 ----D---- C:\Documents and Settings\M@RPET\Data aplikací\GlarySoft
2010-01-05 23:12:26 ----A---- C:\WINDOWS\WRUninstall.dll
2010-01-05 23:12:26 ----A---- C:\WINDOWS\ssleay32.dll
2010-01-05 23:12:26 ----A---- C:\WINDOWS\libeay32.dll
2010-01-05 23:09:42 ----A---- C:\avenger.txt
2010-01-05 22:40:53 ----AD---- C:\WINDOWS\VDLL.DLL
2010-01-05 22:40:53 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-01-05 22:40:53 ----AD---- C:\WINDOWS\rundll16.exe
2010-01-05 22:40:53 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-01-05 22:40:53 ----AD---- C:\WINDOWS\logo1_.exe
2010-01-05 22:40:53 ----AD---- C:\WINDOWS\logo_1.exe
2010-01-05 22:35:42 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-01-05 22:35:41 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-01-05 22:35:39 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-01-05 22:35:34 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-01-05 22:35:34 ----A---- C:\WINDOWS\system32\T.COM
2010-01-05 22:35:34 ----A---- C:\WINDOWS\REGEDIT.COM
2010-01-05 22:35:34 ----A---- C:\WINDOWS\R.COM
2010-01-05 22:35:29 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-05 22:35:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MicroWorld
2010-01-05 22:02:03 ----A---- C:\WINDOWS\pro.INI
2010-01-05 21:56:39 ----SHD---- C:\Config.Msi
2010-01-05 21:45:11 ----A---- C:\WINDOWS\system32\RBDELDRV.BAT
2010-01-02 19:51:27 ----SHD---- C:\RECYCLER
2010-01-02 18:59:33 ----A---- C:\ComboFix.txt
2010-01-02 17:17:47 ----A---- C:\Boot.bak
2010-01-02 17:17:42 ----RASHD---- C:\cmdcons
2010-01-02 15:20:34 ----D---- C:\Program Files\trend micro
2009-12-30 16:42:55 ----A---- C:\WINDOWS\imsins.BAK
2009-12-30 16:14:43 ----D---- C:\Program Files\MSBuild
2009-12-30 09:53:32 ----D---- C:\Documents and Settings\M@RPET\Data aplikací\MACiOZO
2009-12-30 09:53:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MACiOZO

======List of files/folders modified in the last 1 months======

2010-01-06 21:47:56 ----D---- C:\WINDOWS\Temp
2010-01-06 21:39:02 ----D---- C:\WINDOWS
2010-01-06 21:37:41 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2010-01-06 21:32:54 ----RD---- C:\Program Files
2010-01-06 21:31:37 ----D---- C:\WINDOWS\system32\drivers
2010-01-06 21:26:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 17:39:21 ----D---- C:\Program Files\ICQ6.5
2010-01-05 23:36:41 ----D---- C:\WINDOWS\system32\config
2010-01-05 23:24:45 ----SHD---- C:\WINDOWS\Installer
2010-01-05 23:18:19 ----D---- C:\WINDOWS\system32
2010-01-05 23:18:17 ----D---- C:\Documents and Settings
2010-01-05 23:12:37 ----A---- C:\WINDOWS\win.ini
2010-01-05 22:35:29 ----D---- C:\Program Files\Common Files
2010-01-05 22:30:03 ----D---- C:\WINDOWS\Prefetch
2010-01-05 22:24:50 ----D---- C:\Program Files\Corel
2010-01-05 22:24:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ulead Systems
2010-01-05 21:57:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-05 21:57:55 ----D---- C:\Temp
2010-01-05 21:55:32 ----D---- C:\Program Files\VSTplugins
2010-01-05 21:52:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-05 21:51:24 ----D---- C:\Program Files\AGEIA Technologies
2010-01-05 21:45:11 ----D---- C:\WINDOWS\system32\RNBOSENT
2010-01-04 20:06:12 ----A---- C:\WINDOWS\winamp.ini
2010-01-03 17:21:54 ----D---- C:\Program Files\Seznam DVD
2010-01-03 14:24:35 ----SD---- C:\Documents and Settings\M@RPET\Data aplikací\Microsoft
2010-01-03 14:22:41 ----D---- C:\Documents and Settings\M@RPET\Data aplikací\Corel
2010-01-02 20:16:19 ----D---- C:\WINDOWS\ERDNT
2010-01-02 18:56:24 ----A---- C:\WINDOWS\system.ini
2010-01-02 18:53:15 ----D---- C:\WINDOWS\AppPatch
2010-01-02 17:17:47 ----RASH---- C:\boot.ini
2010-01-01 23:19:34 ----HD---- C:\WINDOWS\inf
2010-01-01 19:54:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DVD Shrink
2009-12-31 09:00:37 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-31 09:00:03 ----RSD---- C:\WINDOWS\assembly
2009-12-30 17:22:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-30 16:41:26 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft
2009-12-30 16:39:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-30 16:14:48 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-30 16:14:44 ----D---- C:\WINDOWS\system32\en-us
2009-12-30 16:14:36 ----RSD---- C:\WINDOWS\Fonts
2009-12-30 16:11:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-30 16:11:04 ----D---- C:\WINDOWS\WinSxS
2009-12-30 16:05:22 ----D---- C:\WINDOWS\system32\DirectX
2009-12-30 16:01:23 ----D---- C:\WINDOWS\Logs
2009-12-29 21:17:23 ----D---- C:\Documents and Settings\M@RPET\Data aplikací\Skype
2009-12-29 14:28:43 ----D---- C:\Program Files\Eset
2009-12-29 14:28:26 ----D---- C:\Program Files\NetMeter
2009-12-23 11:15:21 ----D---- C:\Documents and Settings\M@RPET\Data aplikací\Wildfire
2009-12-21 23:32:40 ----D---- C:\WINDOWS\system32\wbem
2009-12-16 23:47:55 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-12-09 23:49:20 ----D---- C:\WINDOWS\system32\oodag

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2009-04-25 33408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-03-29 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-03-29 512096]
R2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL); C:\WINDOWS\system32\drivers\wfpvrenc.sys [2005-05-12 298496]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner; C:\WINDOWS\system32\drivers\wfpvrtun.sys [2005-05-12 32640]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture; C:\WINDOWS\system32\drivers\wfpvrcap.sys [2005-05-12 163968]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-03-02 10368]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar; C:\WINDOWS\system32\drivers\WFPVRBAR.sys [2005-05-12 9600]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
R4 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 aod66k2a;aod66k2a; C:\WINDOWS\system32\drivers\aod66k2a.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-01-29 370382]
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-31 17480]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 p17filt;p17filt; C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-01-30 25216]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2009-04-25 122512]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-03-29 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-08-25 75064]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-09-12 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-19 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dejte opět log z ComboFix.

Všiml jsem si, že byl mimo jiné smazán soubor od icq.
Dáte po vyčištění nějaké doporučení, podle toho odkud pochází ta nákaza, čeho se následně vyvarovat?

Tady je log:

ComboFix 10-01-04.01 - M@RPET 07.01.2010 18:24:33.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.650 [GMT 1:00]
Spuštěný z: c:\documents and settings\M@RPET\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-07 do 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-06 21:07 . 2010-01-06 21:07 -------- d-----w- C:\rsit
2010-01-06 20:32 . 2010-01-07 10:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 23:39 . 2010-01-05 23:39 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-05 21:40 . 2010-01-05 21:40 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-05 21:40 . 2010-01-05 21:40 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-05 21:40 . 2010-01-05 21:40 -------- d---a-w- c:\windows\rundll16.exe
2010-01-05 21:40 . 2010-01-05 21:40 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-05 21:40 . 2010-01-05 21:40 -------- d---a-w- c:\windows\logo1_.exe
2010-01-05 21:40 . 2010-01-05 21:40 -------- d---a-w- c:\windows\logo_1.exe
2010-01-05 21:35 . 2010-01-05 21:35 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-05 21:35 . 2010-01-05 21:35 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-05 21:35 . 2010-01-05 21:35 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-05 21:35 . 2004-08-17 13:49 147968 ----a-w- c:\windows\R.COM
2010-01-05 21:35 . 2004-08-17 13:49 137216 ----a-w- c:\windows\system32\T.COM
2010-01-05 21:35 . 2010-01-05 21:35 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-05 20:45 . 2010-01-05 20:45 194 ----a-w- c:\windows\system32\RBDELDRV.BAT
2010-01-02 14:20 . 2010-01-06 21:07 -------- d-----w- c:\program files\trend micro
2009-12-30 15:14 . 2009-12-30 15:14 -------- d-----w- c:\program files\MSBuild
2009-12-30 15:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 17:29 . 2008-12-10 19:17 -------- d-----w- c:\program files\ICQ6.5
2010-01-05 21:24 . 2006-07-28 19:58 -------- d-----w- c:\program files\Corel
2010-01-05 20:55 . 2006-07-28 21:19 -------- d-----w- c:\program files\VSTplugins
2010-01-05 20:52 . 2008-10-27 19:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 20:51 . 2009-02-21 21:54 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-03 16:21 . 2009-07-04 06:58 -------- d-----w- c:\program files\Seznam DVD
2010-01-02 19:23 . 2007-03-05 19:31 685816 ----a-w- c:\windows\system32\drivers\sptd.sys.13390369
2009-12-30 15:39 . 2006-08-20 19:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 15:11 . 2001-10-25 14:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2009-12-30 15:11 . 2001-10-25 14:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2009-12-29 13:28 . 2006-07-24 21:01 -------- d-----w- c:\program files\Eset
2009-12-29 13:28 . 2008-02-06 21:25 -------- d-----w- c:\program files\NetMeter
2009-12-28 16:06 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-12-16 22:48 . 2008-05-30 20:15 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-16 22:47 . 2008-05-30 20:15 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-02 08:38 . 2008-02-06 21:06 43 ----a-w- c:\windows\popcinfo.dat
2009-11-25 17:19 . 2008-12-15 17:32 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-24 19:22 . 2009-11-12 16:39 -------- d-----w- c:\program files\Pro Pinball
2009-11-21 10:45 . 2008-06-14 16:46 -------- d-----w- c:\program files\Oberon Media
2009-11-12 16:35 . 2009-11-12 16:35 -------- d-----w- c:\program files\TopWare
2009-10-17 21:42 . 2009-10-17 21:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2005-09-09 17:55 . 2006-08-02 17:25 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-09 17:55 . 2006-08-02 17:25 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-09 17:55 . 2006-08-02 17:25 37766164 ----a-w- c:\program files\Data1.cab
2009-09-19 11:46 . 2009-09-19 11:43 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2008-07-30 2865152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-01-28 1228800]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-05-04 282624]
"P17Helper"="P17.dll" [2005-05-03 64512]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-29 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HPAiODevice(hp psc 900 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe [2002-9-26 487484]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SsiEfr.ex

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Hry\\CoD1\\CoDMP.exe"=
"d:\\Download\\_Programy\\U_Torrent\\utorrent.exe"=
"d:\\Hry\\CoD2\\CoD2MP_s.exe"=
"d:\\Hry\\CoD2_1.0\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"d:\\Games\\!_New\\WarSoW 0.42\\warsow_x86.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\day of defeat\\hl.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\deathmatch classic\\hl.exe"=
"d:\\Hry\\STEAM\\steamapps\\k3nob1\\counter-strike\\hl.exe"=
"d:\\Hry\\Quake\\ezquake-gl.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\STEAM\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Hry\\Battlefield 2\\BF2.exe"=
"d:\\Games\\_Neinstaluji_se\\Bulánci\\bulanci.exe"=
"c:\\Program Files\\TC PowerPack\\TOTALCMD.EXE"=
"d:\\Games\\!_New\\WarSoW 0.5\\warsow_x86.exe"=
"d:\\Hry\\Battlefield 2\\Bf2_w32ded.exe"=
"d:\\Hry\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [29.3.2008 8:12 15424]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL);c:\windows\system32\drivers\wfpvrenc.sys [28.7.2006 10:09 298496]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;c:\windows\system32\drivers\wfpvrtun.sys [28.7.2006 10:09 32640]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;c:\windows\system32\drivers\wfpvrcap.sys [28.7.2006 10:09 163968]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [21.8.2006 0:17 9446]
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;c:\windows\system32\drivers\WFPVRBAR.sys [28.7.2006 10:09 9600]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.1.2010 0:39 685816]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20.3.2006 18:34 1452032]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
LSP: c:\windows\system32\imon.dll
TCP: {6DE94BB3-7076-4EB8-84B1-718082583599} = 192.168.2.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 18:29
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="6EF4F8505546C23D30D89E7E2A617E5C627028559EA33AED7F5A1A25A31270637A51F3DBA448262AADF9CD327B2FC700C7F97E2EEA801F9DD96CDAF32C9D55B16A187D6294B083A39C7E1F0ABBA057AFE5BA07653EDB46CFD42700F30C644C74E9E0E58F45BB4309FA113EA4AA11C052AA87652F1D4C8B8F6FADC48EA5DA9DFCA93BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D679406B496870B75B618544936E23ABC0D8B14C874A027F32CB58764BF5F9A45FA1D7264913C35E41C244D7D74A775070447126A270442A321289A63CBA394170EED84D72203A904DCEBB106DCE741906B26CED3F5B9F26ACA94EE85284311A233C5373CE5AA19550FC919456CCF3AA10B6F183B5D6B6073444EAEF6F383DE19F7A5ACD1BA341F2FCD893AB0E33F62572FDBE06A20731540A91CA1F6105F3200E882A56BC3D636BB3AEBF350C74A9E9E29993D4142E37E259D3939D62483A2B298C20CF1687EBF7BF7A745C3DE3738BD4DCBE8300C00EF4B455486019950A9DC9E43EBE253C67E3F2DE3D43A35025D4CF307403E8B4220AE4B91C1ED9EDCA8019554734D74841D2F863EEA799DDA9F347AD5468612D528215C86C52E2672E2F49B39F856FEBDA64533C8745BA9A4F2B6C0379F35359A86C7AA3E11E4E40EFE6354A9F2B5E82D0C51E707024DB1F7B2E7AC9B180F4D279F196B3846C8566288C8E453FBB6EDC021F4DB7248CED29D1AAEA5699CE8F742386458682CA637D3EE787955D63B8D9A9E27C9F721F76C18CCC719FBBE2D9669F9C92FB4AE5C8BFB06963FC2E5378B1221B3717988EFA319CE41F69FB35A4DCCF43D31F85B5D1728859CE9A431B26D322AB8174B9F74DF0A0980B417570205D01B87258266B1665B87DAB0F664C87F381B298337ABD64D844ABCC918264C6C0EC2C65316A674C5498B714C2ACFAC5097BECA007816FB5CD8430234CDC2F17450256A8AEA9553C85CF6557D22E620B3764139DDC16ADDC00B893073D4F341511A62B81C2BD293C5B28E51053642FBC0AFB1E3EFB8D90B735016FA8DC0A01D7C1EFBC75D75A28BD49C00832B321D2D52D0868C0F733A223098C6E88A95597B3346D808A85D69275620585D39D658B2871E16CA950283D9F6FE5D5776CECEE5F62E44375AEAB465EA778DA3FE58F5A2430D9E08E3E4D37A0B59FD7562DAD7FC8D26E96A551632D9F90F75714E5E9F242C473F055D0FEA63F5AE3447E2996D70FD335E0C7E52332A2C09CA357F842173AFADFCD2E86BAD83043AEA2391632E87960E9658407EB113F03B2F2FE95C6A617BD03F59F356A461446C74B709025B1DE8A26F5F0874C6647A2DA474EE688DD181F6D3D16C227E168BE78782"
"OODEFRAG10.00.00.01WORKSTATION"="08C3C21C953ED78CF8217516A60058D18AAB0CF0753E53AD59BD53B61FDFD4AA35B26218A6A7AC1F4ECF6A1274C236C77AFA056FD7AA3D2706441F92AA52663E18BD6E92F62C338F25A27AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407FEBC9E127BECC74CFEBC9E127BECC74C6B64312572191A97BFC9C1023897FDEFDD6733B0FB51D9E173E4FA05A8DF61F48F1B9391EDD94D65BCB67C33C54E0E256E7E0810C4423BF3BE9180C1C541E207FBCA957E58869D3D012A9BD906A97CE663C7210FE963389FF368CA6613E0452C0790841E392221FB8E3583E9BFF383A40F7017830EEBD30352CEC648307A6DD77B2AC3E5CE1540856092AB1BEDDE33D2344A178589F2DEC30AD0F6FE7332147D99F94C108A293940DF1DA2E73FFD6C680FC96170E778818AC19BF169640FC6981287271B130F9D966E54858F164AE7E04908CDE368DBB984947F6228BE7AE4268E7D764940D95477DFDA8A94899F2F3B86C243457EE3D4618F74061E7442A5A829AA6A20A1019655FCFBF940E2BFA17CD95840BCD1B9F856B493AF78291A0F23F0834C6AF560F1A70021AE1C214DF1AC4D4FD5B53EE91C9B791BC421B597FE22681CF5B6B43647E71ADA1A7676D026D55E50A8E052658A6EC9EBC04BA6B5A63206B0D8D50826CE94EEDC4164CAB81A88FCA9F2B153046310020DB06ABB520AE4B621F5DD4B398FB217803B3B3752FBD78EC981E0367D1C43F42937396BAF83CF58EE65AA125869C51E3FB3180B55CEDCEC47356AA96FFA51678B8AB3DBF4BD0CBD4253D921550CDA84B9EC59C8576932E3D9848E0ADB1C8795A7F59BEBABBAB92F64FDCCF062007F3DB43A2126D6F5F635DFF6526D27EF37AC1456752AC2CE7766C5B82AB0959CC5319803D70E3374CF16D82C7C1A9AB933CC099E0C5B0EA36C12F86BDCC0EC90C53DEEC4281FB03663AEEA53990B6411558E6655E9F9C0344257339011B7C65E992F6A0F81AC7763DE9C5E32F97196627A7B2C946230F6D2A64B5238B95EE5DA5FCC5C06173C15F4EF71202332AF25EC828F810B0A5F30254AF853850E3272B0BA4E3F635F8979BBCBB14192195D6A44D13F3079B91DCCA1636059AE0865F65CD0DD2D711502F8D829557601CB46A2D0D170A4B78EB015952D74AB80645BE3304E1DE612B8C74C45C44A18852B6AF0CD6F7BF2AFEA963223629BB459A6B00C52DF9F4FB88DB10FC8DD7224C75AFBD8CB9AAF505F710032BD47B183AC14B1273C39ED6EED994BC1843722BA06C1E3C5AD484E95590E5188AE20844B02B75F513C918371CE295249EA1AA221908CBC832BF08E4243EBA20C92365863F35F6F87F2225027094AB96E41502F41CEAB56C4519199F6D87D41755B58E345339C4B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-01-07 18:32:39
ComboFix-quarantined-files.txt 2010-01-07 17:32
ComboFix2.txt 2010-01-02 18:01

Před spuštěním: 7 589 576 704
Po spuštění: 7 558 316 032

- - End Of File - - 70EBB5398A42081C43C66DF2B87E12B7

3 položky byly smazány, zbytek logu vypadá čistý. Nastala nějaká změna?

Spouštění aplikací se výrazně zlepšilo.
Stále to však není ono.
Iprohlížeče jsou pomalé(i když rychlejší) a například při přehrávání streamovaného videa (video bylo nastreamováno celé, ale přehrávání trhané) je proces všech prohlížečů(každý jsem zkoušel zvlášt) vytížen na 85-99 procent.
Prohlížeče jsem zkoušel tyto: IE6,Opera 9,64, Firefox Portable 3.0.6

Ještě dodám, že přetrvává problém s nemožností ukončit pres task manager nod32.Ani ručně každý proces zvlášt.Kdyz se o to pokusím, prosec se tam objeví znovu.Je možné, že by byl nod "nakopnutý" a špatně pracoval a způsobovat ty problémy?

I to se někdy může stát. Zkuste ho přeinstalovat.