PC-HELP.CZ

Log urobený v núdzovom režime.
Pri zapnutí PC nenaskočí Win ale rôzne farebné pruhy, čiary zhora dole. Ak sa ho podarí zapnúť na x krát, po chvílke naskočí modrá obrazovka. Niekedy sa pri pohybe myšou po ploche urobí štvorec z farebných čiarok - pri kurzore.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:16, on 6. 8. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Gretech Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S162.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Rychlý začátek s aplikací HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate1ca566aa9edd09c) (gupdate1ca566aa9edd09c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6319 bytes

Ahoj,

Prosím tě, podívej se do této složky C:\WINDOWS\minidump, jestli se tam při Modré smrti vytvořily dmp soubory. Pokud ano, dej je do raru a přilož sem jako přílohu.

Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde


*********************

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

Snažím sa, ale pri inštalovaní a aktualizácii Mbam vyskočilo okno s chybovou hláškou, lebo cez núdzový režim mi nejde internet. Stlačil som ok a vyplo pc. Teraz som ho zapol, naskočil na prvý krát, tak sa to pokúsim dokončiť.
Ako to tu teraz píšem, zase modrá obrazovka, nič som na ňom nerobil a znovu sa zapol.
Ja píšem na druhom pc, hodím sem aspoň log z Rsit.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-06 20:51:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (39%) free of 143 GB
Total RAM: 2046 MB (87% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\FileCure Startup.job
C:\WINDOWS\tasks\FileCure.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Janik.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Gretech Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-20 86016]
"nwiz"=nwiz.exe /installquiet /nodetect []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-19 102400]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 237568]
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 131072]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-02-21 131072]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"NPSStartup"= []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
Rychlý začátek s aplikací HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Janik\Desktop\Plugin Manager\skypePM.exe"="C:\Documents and Settings\Janik\Desktop\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Janik\Desktop\Skype.exe"="C:\Documents and Settings\Janik\Desktop\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\NPSMediaManager.exe"="C:\Program Files\Samsung\Samsung New PC Studio\NPSMediaManager.exe:*:Enabled:TODO: <?? ??>"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-08-07 15:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-06 20:51:21 ----D---- C:\rsit
2010-08-06 20:21:14 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-06 20:15:37 ----SHD---- C:\found.000
2010-07-15 10:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-15 10:41:32 ----D---- C:\06af77fff2e4aac2a1a81d2b8f27ca

======List of files/folders modified in the last 1 months======

2010-08-07 17:58:11 ----HD---- C:\WINDOWS\inf
2010-08-07 17:58:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-07 16:35:41 ----D---- C:\WINDOWS\system32
2010-08-07 15:46:53 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-08-06 20:21:21 ----D---- C:\WINDOWS\Minidump
2010-08-06 20:21:21 ----D---- C:\WINDOWS
2010-08-06 20:19:16 ----D---- C:\WINDOWS\Temp
2010-08-06 20:19:11 ----A---- C:\hpqp.ini
2010-08-06 20:18:42 ----A---- C:\XP_TV.ini
2010-08-06 20:11:16 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2010-08-06 20:11:09 ----D---- C:\WINDOWS\Registration
2010-08-06 20:06:30 ----D---- C:\Program Files\Mozilla Firefox
2010-08-06 19:59:01 ----SHD---- C:\WINDOWS\Installer
2010-08-05 23:52:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-05 22:18:35 ----RD---- C:\Program Files
2010-08-05 22:14:38 ----D---- C:\WINDOWS\Prefetch
2010-08-05 22:06:53 ----D---- C:\WINDOWS\Debug
2010-08-05 21:53:39 ----D---- C:\7f755b6315504b2606ae2805ebcaf780
2010-08-05 21:17:57 ----A---- C:\WINDOWS\DUMP6496.tmp
2010-08-05 13:02:02 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-05 12:45:30 ----A---- C:\WINDOWS\DUMP6cf2.tmp
2010-07-27 08:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 20:56:47 ----A---- C:\WINDOWS\DUMP6f82.tmp
2010-07-23 21:41:59 ----A---- C:\WINDOWS\DUMP6dbd.tmp
2010-07-23 21:36:48 ----A---- C:\WINDOWS\DUMP6e0b.tmp
2010-07-23 21:34:49 ----A---- C:\WINDOWS\DUMP6d40.tmp
2010-07-17 19:24:42 ----A---- C:\WINDOWS\DUMP6f44.tmp
2010-07-15 10:32:31 ----A---- C:\WINDOWS\DUMPb2f4.tmp
2010-07-10 21:01:49 ----D---- C:\WINDOWS\system32\drivers
2010-07-10 20:39:09 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-07-10 20:38:54 ----D---- C:\Program Files\DivX
2010-07-10 20:33:51 ----D---- C:\Documents and Settings\All Users\Application Data\ESET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-13 874240]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-05-13 111808]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2003-09-06 6944]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-08-13 721904]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
S3 aadqvr16;aadqvr16; C:\WINDOWS\system32\drivers\aadqvr16.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2007-08-16 220672]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-20 995712]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-20 208000]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-28 1709696]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2009-06-10 14080]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2009-06-10 36992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 47744]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-20 727296]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 CardBusService;CardBusService; C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-24 188416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
S2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
S2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-08-14 237984]
S2 gupdate1ca566aa9edd09c;Služba Google Update (gupdate1ca566aa9edd09c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-26 133104]
S2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-22 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-12 66872]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S3 WMConnectCDS;Služba Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Fajn, zatím nic nedělej, než rozluštíme ty minidumpy, chvilku to potrvá.
Ulož je prosím tě třeba na www.ulozto.cz a vlož mi sem link.

Ani sa nedá nič robiť, síce sa mi podarilo dať rýchly sken v Malwarebytes´ale hneď to aj "zdochlo". Do dvoch minút a stále dookola.
http://www.ulozto.cz/5515592/minidump.rar

Já nejsem odborník na minidumpy, takže počkej na kolegu Milinesse, během dneška nebo zítřka se tu ukáže.
Jen při zběžném mrknutí by mohl být problém s Esetem.

Zatím jsem na to jen tak rychle juknul, zítra se tomu budu věnovat více.
Je možné, že se potýkáte se dvěma problomy zároveň. Jeden vypadá na chybu grafického subsystému, druhý problém se týká přístupu k disku.

1) Odinstalujte ovladače ochrany proti kopírování StarForce http://onlinesecurity-on.com/downloads/sfcdrvrem.zip
Máte tam tu nejhorší verzi a jelikož dochází k chybě vstupně/výstupní operace směřované k disku, může to být příčina.
2) Nainstalujte Intel(R) Rapid Storage http://downloadcenter.intel.com/Detail_ ... 9&lang=eng
Váš ovladač miniportu řadiče disku IaStor.sys je již dost starý. Rapid Storage obsahuje novou verzi.
3) Monitorujte teploty hardwaru (hlavně GPU) jestli se nepřehřívá.
4)Změňte ovladače grafické karty za jinou verzi. Zkuste novější, ty co máte jsou z roku 2006. (jeden pád zapříčinilo zablokování vlákna ovladače GK)
5) Tu diskovou operaci by také mohl přerušit ESET. Rutina ovladače ehdrv.sys Esetu je volána těsně před tím, než začnou problémy. (a to při každém pádu, kdy je problém s přístupem k disku)
Dovoluji si tvrdit, že když ho odinstalujete, bude klid. Je možné, že se jedná o konflikt s ovladači StarForce. Už jsem to několikrát zažil.
6) S Bledulkou to pořádně proskenujte, zda tam není zaveden nějaký malwarový ovladač.

Proveďte kroky, co psal kolega Miliness, zkuste to v nouzovém režimu, začněte třeba tím Esetem. Jak budete hotový a pc nebude hned padat, vrhneme se na ty breberky.

Ahoj. Na pc som sa dostal až teraz.
Takže, kroky od MiliNess sú dúfam dobre splnené. Podarilo sa urobiť niečo núdzovom režime, a nainštalovanie nového ovládača na grafiku v normálnom režime. Môžme pokračovať ďalej :-)

Fajn, jdeme na to


Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

ComboFix stiahnutý, ale pri skenovaní naskočila zase modrá smrť... a bolo už ok tým myslím to, že to nenaskakovalo.
Skúšame to teraz v núdzovom režime.

ComboFix 10-08-10.03 - Administrator . 08. 2010 22:38:37.2.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.1783 [GMT 2:00]
Spuštěný z: c:\documents and settings\Janik\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\MPK
c:\documents and settings\All Users\Application Data\MPK\1\D0000
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6810702315
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6811413079
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6815075231
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6815563426
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6815870949
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6816804051
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6817988542
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6819467940
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6820200347
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6820802546
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6824477315
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6825392361
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6827783102
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6828296759
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6831647801
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6831928125
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6832385648
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6833814352
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6836178009
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6837197917
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6839436806
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6865196296
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6866189236
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6869750000
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6870641551
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6871321528
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6874489931
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6875786574
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6877170139
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6878307639
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6878540856
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6880031019
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6880197454
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6881173958
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6886857986
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6887268519
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6903128588
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6904078009
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6907825116
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6908239236
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6908808912
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6913080440
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6914331944
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6916192824
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6925139236
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6935841551
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6936376852
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6936673495
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6938009954
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6939310185
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6940328357
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6940778704
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6941529167
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6941983102
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6945455324
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6946028588
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6946321528
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6946759259
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6947750231
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6949220486
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6950622106
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6951493750
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6952917014
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6955333102
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6956014815
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6956250000
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6980457870
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6981193866
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6981877431
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6982512269
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6985541435
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6986282870
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6987476389
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6991111458
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6991351968
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6991881829
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6993111574
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6994026620
c:\documents and settings\All Users\Application Data\MPK\1\I39944_6996410185
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7006638773
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7007333218
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7008622685
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7009535880
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7010266551
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7012208796
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7013563310
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7014814815
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7016154861
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7022757523
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7023296412
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7023502546
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7024717824
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7025831829
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7026750579
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7026978357
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7027540857
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7028799537
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7032492361
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7032781713
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7033016782
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7037525231
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7037836343
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7037852546
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7037856250
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7037857986
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7038131134
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7038355324
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7842679398
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7856544676
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7866223495
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7884322454
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7912100231
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7939878009
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7967426157
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7967655787
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7971346875
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7981862963
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7988503588
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7990156597
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7990717130
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7991248843
c:\documents and settings\All Users\Application Data\MPK\1\I39944_7992225463
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8000334491
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8000350810
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8000354398
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8000506366
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8004307639
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8004786921
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8023211343
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8028766898
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8033053009
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8034639005
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8040534491
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8050989120
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8077571528
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8078316667
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8078331134
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8078766898
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8106038310
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8134322454
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8162100231
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8189878009
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8217655787
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8245433565
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8273211343
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8300989120
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8328766898
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8356544676
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8384323264
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8412102199
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8439881250
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8464764815
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8465712500
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8466709028
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8467175579
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8467660301
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8470168750
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8470317014
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8471671643
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8471823495
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8473049653
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8473953935
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8486331713
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8487821875
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8491218171
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8492386343
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8512380556
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8513241435
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8524343519
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8533340509
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8533523148
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8534210417
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8534566667
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8534823495
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8535803588
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8537257639
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8543192940
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8553077894
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8554412616
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8554774306
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8557105324
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8559011458
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8561988194
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8565512847
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8565729861
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8567171181
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8571169676
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8572079282
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8573779282
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8574054167
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8575036111
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8580170255
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8580349306
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8589765972
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8593252662
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8593413542
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8594862153
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8595030324
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8598828125
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8601211574
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8601584144
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8604900810
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8613814699
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8614527199
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8614935880
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8617543750
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8621457176
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8626390625
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8627103125
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8627368981
c:\documents and settings\All Users\Application Data\MPK\1\I39944_8634403935
c:\documents and settings\All Users\Application Data\MPK\1\S0000
c:\documents and settings\All Users\Application Data\MPK\2(2)\D0000
c:\documents and settings\All Users\Application Data\MPK\CPDM(2)\cpfm.bin
c:\documents and settings\All Users\Application Data\MPK\key.bin
c:\documents and settings\All Users\Application Data\MPK\M0000
c:\documents and settings\All Users\Application Data\MPK\S0000
D:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-10 do 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 20:03 . 2010-08-10 20:03 -------- d-----w- c:\windows\system32\AGEIA
2010-08-10 20:03 . 2010-08-10 20:03 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-10 20:03 . 2010-08-10 20:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-10 20:01 . 2009-02-04 03:45 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-08-10 20:01 . 2010-08-10 20:01 -------- d-----w- C:\NVIDIA
2010-08-10 19:20 . 2010-08-10 19:20 -------- d-----w- C:\Intel
2010-08-10 19:20 . 2010-08-10 19:20 -------- d-----w- c:\program files\Intel
2010-08-10 19:20 . 2010-08-10 19:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2010-08-06 19:12 . 2010-08-06 19:12 -------- d-----w- c:\documents and settings\Janik\Application Data\Malwarebytes
2010-08-06 19:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-06 19:11 . 2010-08-06 19:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 19:11 . 2010-08-06 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-06 19:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-06 18:52 . 2010-08-06 18:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-06 18:51 . 2010-08-06 18:51 -------- d-----w- C:\rsit
2010-08-06 18:15 . 2010-08-06 18:15 -------- d-----w- C:\found.000
2010-08-04 15:17 . 2010-08-04 15:17 503808 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e909acf-n\msvcp71.dll
2010-08-04 15:17 . 2010-08-04 15:17 499712 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e909acf-n\jmc.dll
2010-08-04 15:17 . 2010-08-04 15:17 348160 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e909acf-n\msvcr71.dll
2010-08-04 15:17 . 2010-08-04 15:17 61440 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-61b8eb1f-n\decora-sse.dll
2010-08-04 15:17 . 2010-08-04 15:17 12800 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-61b8eb1f-n\decora-d3d.dll
2010-07-28 12:18 . 2010-07-28 12:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-07-15 08:41 . 2010-07-15 08:41 -------- d-----w- C:\06af77fff2e4aac2a1a81d2b8f27ca
2010-07-13 18:19 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 20:24 . 2010-01-06 19:55 -------- d-----w- c:\documents and settings\Janik\Application Data\Skype
2010-08-10 20:20 . 2009-12-25 14:18 -------- d-----w- c:\documents and settings\Janik\Application Data\skypePM
2010-08-10 19:27 . 2009-06-18 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-08-10 19:20 . 2007-03-17 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 19:17 . 2009-06-27 21:08 106496 ----a-w- c:\windows\DUMP6496.tmp
2010-08-05 18:09 . 2010-01-13 20:20 -------- d-----w- c:\documents and settings\Janik\Application Data\uTorrent
2010-08-05 10:45 . 2009-06-27 21:08 98304 ----a-w- c:\windows\DUMP6cf2.tmp
2010-07-25 18:56 . 2009-06-27 21:08 98304 ----a-w- c:\windows\DUMP6f82.tmp
2010-07-23 19:41 . 2009-06-27 21:08 98304 ----a-w- c:\windows\DUMP6dbd.tmp
2010-07-23 19:36 . 2009-06-27 21:08 98304 ----a-w- c:\windows\DUMP6e0b.tmp
2010-07-23 19:34 . 2009-06-27 21:08 98304 ----a-w- c:\windows\DUMP6d40.tmp
2010-07-17 17:24 . 2009-06-27 21:08 98304 ----a-w- c:\windows\DUMP6f44.tmp
2010-07-15 08:32 . 2009-06-27 21:08 98304 ----a-w- c:\windows\DUMPb2f4.tmp
2010-07-10 18:39 . 2010-05-02 12:07 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 18:39 . 2010-05-02 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-10 18:38 . 2010-07-10 18:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 18:38 . 2009-10-26 18:32 -------- d-----w- c:\program files\DivX
2010-07-10 18:38 . 2010-07-10 18:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 18:38 . 2010-07-10 18:38 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 18:37 . 2010-07-10 18:37 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-10 18:37 . 2010-05-02 12:05 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 18:37 . 2010-05-02 12:05 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-06 12:10 . 2009-06-27 21:08 106496 ----a-w- c:\windows\DUMP77a1.tmp
2010-06-28 19:01 . 2010-01-04 09:58 -------- d-----w- c:\program files\Ask.com
2010-06-24 17:43 . 2010-06-24 17:43 2944904 ----a-w- c:\documents and settings\Janik\Application Data\Mozilla\Firefox\Profiles\hv8xo54e.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-20 18:02 . 2008-11-28 16:27 -------- d-----w- c:\program files\Microsoft.NET
2010-06-20 17:55 . 2010-06-20 17:55 -------- d-----w- c:\program files\M4V Player
2010-06-14 14:31 . 2006-03-16 04:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 16:14 . 2010-06-06 16:14 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-06 16:14 . 2010-06-06 16:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-06 16:14 . 2010-06-06 16:14 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-06 16:14 . 2010-06-06 16:14 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-06 16:14 . 2010-06-06 16:14 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-28 18:27 . 2010-05-28 18:27 503808 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2226c583-n\msvcp71.dll
2010-05-28 18:27 . 2010-05-28 18:27 499712 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2226c583-n\jmc.dll
2010-05-28 18:27 . 2010-05-28 18:27 348160 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2226c583-n\msvcr71.dll
2010-05-28 18:27 . 2010-05-28 18:27 61440 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-716528cb-n\decora-sse.dll
2010-05-28 18:27 . 2010-05-28 18:27 12800 ----a-w- c:\documents and settings\Janik\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-716528cb-n\decora-d3d.dll
2007-03-16 19:52 . 2008-11-08 23:00 0 --sha-w- c:\windows\SMINST\HPCD.SYS
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Janik\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-1-31 618496]
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSMediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [31. 1. 2009 18:55 188416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [14. 2. 2010 19:20 237984]
S2 gupdate1ca566aa9edd09c;Služba Google Update (gupdate1ca566aa9edd09c);c:\program files\Google\Update\GoogleUpdate.exe [26. 10. 2009 20:32 133104]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [31. 1. 2009 18:56 220672]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [14. 2. 2010 19:20 36608]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6. 8. 2010 21:11 38224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13. 8. 2009 19:27 721904]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MDMXSDK
*NewlyCreated* - PXHELP20
.
Obsah adresáře 'Naplánované úlohy'

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:32]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 18:32]

2010-07-15 c:\windows\Tasks\Norton Security Scan for Janik.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-06 19:09]

2010-08-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.hp.com
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NPSStartup - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 22:44
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???0^??????`?@?????L?@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-08-10 22:45:48
ComboFix-quarantined-files.txt 2010-08-10 20:45

Před spuštěním: 58 541 932 544 bytes free
Po spuštění: 58 504 192 000 bytes free

- - End Of File - - 7C31FA5E4D701B7FFAA58E70961F93E8