Kontrola, špatné písmo a skrytá složka - Vyřešeno (zamknout)

[poul33]

V průběhu řešení problému se složkou mi antivir celkem často vyhodil hlášku s infekcí (Trojan, Adware, Riskware a Škodlivý software, u Virů mi to nehlásí ani jeden), tak jestli ještě můžu poprosit o laskavost o kontrolu logu, zda tam není ještě nějaká špína v něčem. Jinak přešel jsem na Kaspersky Internet Security, protože u ESETu mi vypršela licence, a tak jsem si nyní zakoupil licenci na Kaspersky, tak jsem zvědav, ale oproti ESETu mi to našlo více havěti (samozřejmě něco nebyla pravda).

Ještě jednou smekám klobou (i když žádný nemám =)) za všechny rady a vyřešení daného problému, všem kteří v tom měli prsty (nejspíše vyosek a j3šť3r), až se k tomu dostanu, tak určitě nějakou finanční částku na rozvoj fóra pošlu.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Jirka at 2010-08-24 12:10:42
Microsoft Windows 7 Ultimate
System drive C: has 4 GB (8%) free of 53 GB
Total RAM: 4095 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:11, on 8.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
D:\Program Files\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
D:\Program Files\DAEMON Tools\DTLite.exe
D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\AsScrPro.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\trend micro\Jirka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SmartRAM] "D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Služba Plánovač2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9229 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\FBAgent.exe"
"D:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"D:\Program Files\Kaspersk\Kaspersky Internet Security 2010\avp.exe" -r
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe" /StartService
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"D:\Program Files\Spyware Terminator\sp_rsser.exe"
"C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe" -service
"C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe" /StartService
C:\Windows\System32\svchost.exe -k WerSvcGroup
"D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe"
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {0D7E91CD-70A4-4408-8DAC-6DB3AC03C187}
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\P4G\BatteryLife.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"D:\Program Files\ASUS\ATK Hotkey\HControl.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"D:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
Atouch64.exe
"D:\Program Files\DAEMON Tools\DTLite.exe" -autorun
"C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" gpureading
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
ATKOSD.exe
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
C:\Windows\system32\wbem\wmiprvse.exe
KBFiltr.exe
"D:\Program Files\Kaspersk\Kaspersky Internet Security 2010\avp.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"D:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe"
WDC.exe
"D:\Program Files\ASUS\ATK Hotkey\HControlUser.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"D:\Program Files\Mozilla Firefox\firefox.exe"
"D:\Program Files\Kaspersk\Kaspersky Internet Security 2010\x64\klwtblfs.exe" -Embedding
C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe -Embedding
"C:\Windows\AsScrPro.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"D:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=4236.94d6d60.1772876325 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 4236 plugin \\.\pipe\gecko-crash-server-pipe.4236
"C:\Users\Jirka\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\SmartDefrag.job
C:\Windows\tasks\Windows 7 Manager Live Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Program Files\Kaspersk\Kaspersky Internet Security 2010\x64\ievkbd.dll [2009-10-20 61456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - D:\Program Files\Kaspersk\Kaspersky Internet Security 2010\x64\klwtbbho.dll [2009-10-20 345104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2010-07-23 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Program Files\Kaspersk\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2010-05-11 144944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - D:\Program Files\Kaspersk\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2010-07-23 1241448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-08-12 323072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"SpywareTerminatorUpdate"=D:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-08-08 3037696]
"Steam"=d:\program files\steam\steam.exe [2010-08-24 1242448]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Služba Plánovač2]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2009-12-14 377600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-02-02 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
D:\Program Files\OO Software\Defrag\oodtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-19 170624]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"AVP"=D:\Program Files\Kaspersk\Kaspersky Internet Security 2010\avp.exe [2010-08-20 340520]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"ATKOSD2"=D:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"HControlUser"=D:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="D:\PROGRA~1\Kaspersk\KASPER~1\x64\sbhook64.dll,D:\PROGRA~1\Kaspersk\KASPER~1\x64\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\System32\klogon.dll [2009-10-20 224272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-07-14 115200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0x00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\FlashGet\FlashGet3.exe"="D:\Program Files\FlashGet\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-24 12:10:42 ----D---- C:\rsit
2010-08-22 11:39:05 ----RA---- C:\Windows\SYSWOW64\tmp9725.tmp
2010-08-22 11:32:35 ----RA---- C:\Windows\SYSWOW64\tmpA529.tmp
2010-08-21 11:59:06 ----A---- C:\Windows\system32\drivers\cpuz134_x64.sys
2010-08-21 11:22:04 ----D---- C:\Users\Jirka\AppData\Roaming\DNA
2010-08-21 11:22:04 ----D---- C:\Program Files (x86)\DNA
2010-08-21 10:37:46 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-08-21 10:37:46 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-08-21 10:37:46 ----A---- C:\Windows\SYSWOW64\java.exe
2010-08-15 18:34:56 ----A---- C:\Windows\SYSWOW64\RestoratorContextMenu.dll
2010-08-15 15:26:02 ----D---- C:\Program Files (x86)\QuickTime
2010-08-15 12:38:31 ----D---- C:\ProgramData\Kaspersky Lab
2010-08-15 12:21:33 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2010-08-14 22:45:29 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-08-14 22:45:26 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-14 22:14:46 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-14 22:14:46 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-14 22:14:46 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-14 22:14:45 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-14 22:14:28 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-08-14 22:14:28 ----A---- C:\Windows\system32\schannel.dll
2010-08-14 22:14:24 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-08-14 22:14:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-14 22:14:23 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-08-14 22:14:13 ----A---- C:\Windows\system32\mshtml.dll
2010-08-14 22:14:13 ----A---- C:\Windows\system32\ieframe.dll
2010-08-14 22:14:11 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-08-14 22:14:09 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-08-14 22:14:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-08-14 22:14:07 ----A---- C:\Windows\system32\wininet.dll
2010-08-14 22:14:07 ----A---- C:\Windows\system32\urlmon.dll
2010-08-14 22:14:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-08-14 22:14:06 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-08-14 22:14:06 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-08-14 22:14:06 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-08-14 22:14:06 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-08-14 22:14:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-08-14 22:14:06 ----A---- C:\Windows\system32\mstime.dll
2010-08-14 22:14:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-14 22:14:06 ----A---- C:\Windows\system32\ieui.dll
2010-08-14 22:14:06 ----A---- C:\Windows\system32\iepeers.dll
2010-08-14 22:14:06 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-14 22:14:05 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-08-14 22:14:05 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-08-14 22:14:05 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-14 22:14:05 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-14 22:14:00 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-08-14 22:13:58 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-08-14 22:13:58 ----A---- C:\Windows\system32\rtutils.dll
2010-08-14 22:13:54 ----A---- C:\Windows\system32\win32k.sys
2010-08-14 22:12:40 ----A---- C:\Windows\system32\msxml3.dll
2010-08-14 22:12:39 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-08-08 11:53:53 ----D---- C:\Program Files (x86)\Crawler
2010-08-08 11:53:51 ----A---- C:\Windows\SYSWOW64\drivers\sp_rsdrv2.sys
2010-08-08 11:53:50 ----D---- C:\Users\Jirka\AppData\Roaming\Spyware Terminator
2010-08-08 11:53:49 ----D---- C:\ProgramData\Spyware Terminator
2010-08-07 14:30:10 ----D---- C:\Users\Jirka\AppData\Roaming\vlc
2010-08-07 11:48:09 ----D---- C:\Windows\SYSWOW64\RTCOM
2010-08-07 11:47:54 ----A---- C:\Windows\system32\RtPgEx64.dll
2010-08-07 11:47:54 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2010-08-07 11:47:54 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RtkCfg64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RtkAPO64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RtkApi64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEEP64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEEL64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEEG64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEED64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTCOM64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RP3DHT64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RP3DAA64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RCoInst64.dll
2010-08-07 11:47:45 ----A---- C:\Windows\system32\FMAPO64.dll
2010-08-07 11:47:44 ----A---- C:\Windows\system32\AERTAR64.dll
2010-08-07 11:47:44 ----A---- C:\Windows\system32\AERTAC64.dll
2010-08-07 11:47:42 ----A---- C:\Windows\RtlExUpd.dll
2010-08-06 19:47:53 ----A---- C:\Windows\system32\shell32.dll
2010-08-06 19:47:52 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-30 19:35:05 ----D---- C:\Program Files (x86)\trend micro

======List of files/folders modified in the last 1 months======

2010-08-24 12:10:43 ----D---- C:\Windows\Temp
2010-08-24 11:56:24 ----D---- C:\Windows\Prefetch
2010-08-24 10:59:35 ----D---- C:\Windows\inf
2010-08-24 10:59:35 ----AD---- C:\Windows\System32
2010-08-24 10:59:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-24 08:50:21 ----D---- C:\Windows\system32\config
2010-08-24 07:11:43 ----D---- C:\Windows\system32\Tasks
2010-08-24 06:55:17 ----D---- C:\Windows\system32\LogFiles
2010-08-24 06:54:49 ----D---- C:\Windows
2010-08-23 21:45:58 ----SHD---- C:\System Volume Information
2010-08-23 21:15:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-23 20:43:09 ----D---- C:\Windows\registration
2010-08-22 23:38:54 ----D---- C:\Users\Jirka\AppData\Roaming\ICQ
2010-08-22 11:39:05 ----D---- C:\Windows\SysWOW64
2010-08-22 11:39:05 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2010-08-22 11:39:05 ----A---- C:\Windows\system32\OpenAL32.dll
2010-08-22 11:38:06 ----RSD---- C:\Windows\assembly
2010-08-22 11:37:03 ----SHD---- C:\Windows\Installer
2010-08-22 11:37:03 ----SHD---- C:\Config.Msi
2010-08-21 22:27:54 ----A---- C:\Windows\system32\ServiceFilter.ini
2010-08-21 22:25:06 ----RSD---- C:\Windows\Fonts
2010-08-21 22:02:05 ----D---- C:\Users\Jirka\AppData\Roaming\BITS
2010-08-21 21:53:35 ----D---- C:\Windows\system32\drivers\etc
2010-08-21 19:57:52 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2010-08-21 19:57:52 ----A---- C:\Windows\fonts\GlobalSerif.CompositeFont
2010-08-21 19:57:52 ----A---- C:\Windows\fonts\GlobalSansSerif.CompositeFont
2010-08-21 19:57:52 ----A---- C:\Windows\fonts\GlobalMonospace.CompositeFont
2010-08-21 19:57:52 ----A---- C:\Windows\fonts\desktop.ini
2010-08-21 14:40:31 ----D---- C:\Windows\Logs
2010-08-21 13:37:44 ----D---- C:\Program Files (x86)\Common Files
2010-08-21 11:59:06 ----D---- C:\Windows\system32\drivers
2010-08-21 11:31:21 ----D---- C:\Program Files (x86)\ASUS
2010-08-21 11:22:04 ----RD---- C:\Program Files (x86)
2010-08-21 11:12:16 ----D---- C:\Users\Jirka\AppData\Roaming\Download Manager
2010-08-21 10:42:34 ----A---- C:\Windows\system32\AutoRunFilter.ini
2010-08-21 10:41:22 ----D---- C:\Windows\system32\catroot
2010-08-21 10:39:23 ----D---- C:\Windows\system32\catroot2
2010-08-21 10:39:09 ----D---- C:\Windows\system32\DriverStore
2010-08-21 10:18:00 ----D---- C:\Windows\Tasks
2010-08-21 10:18:00 ----D---- C:\Windows\system32\wfp
2010-08-21 10:18:00 ----D---- C:\Program Files (x86)\OpenAL
2010-08-21 10:17:57 ----D---- C:\Windows\system32\wbem
2010-08-21 10:17:07 ----D---- C:\Program Files (x86)\Windows Sidebar
2010-08-21 10:17:06 ----D---- C:\Program Files (x86)\Windows Media Player
2010-08-21 10:17:06 ----D---- C:\Program Files (x86)\Windows Mail
2010-08-21 10:17:06 ----D---- C:\Program Files (x86)\Windows Defender
2010-08-21 10:17:06 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-21 10:17:04 ----D---- C:\Program Files (x86)\Windows Portable Devices
2010-08-21 10:17:04 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2010-08-21 10:16:59 ----D---- C:\Users\Jirka\AppData\Roaming\GHISLER
2010-08-21 10:16:59 ----D---- C:\ProgramData\P4G
2010-08-21 10:16:58 ----D---- C:\Program Files (x86)\Windows Virtual PC
2010-08-21 10:16:57 ----D---- C:\Program Files (x86)\Windows NT
2010-08-21 10:16:57 ----D---- C:\Program Files (x86)\Windows Live
2010-08-21 10:16:56 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2010-08-21 10:16:56 ----D---- C:\Program Files (x86)\Windows Identity Foundation
2010-08-21 10:16:56 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2010-08-21 10:16:56 ----D---- C:\Program Files (x86)\Realtek
2010-08-21 10:16:53 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-08-21 10:16:53 ----D---- C:\Program Files (x86)\MSBuild
2010-08-21 10:16:53 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-08-21 10:16:53 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2010-08-21 10:16:53 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-08-21 10:16:53 ----D---- C:\Program Files (x86)\Microsoft
2010-08-21 10:16:48 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-21 10:16:46 ----D---- C:\Program Files (x86)\Haali
2010-08-21 10:16:46 ----D---- C:\Program Files (x86)\Cyberlink
2010-08-21 10:16:46 ----D---- C:\Program Files (x86)\Creative
2010-08-21 10:16:34 ----D---- C:\Program Files (x86)\BRS
2010-08-21 10:16:34 ----D---- C:\Program Files (x86)\Bonjour
2010-08-21 10:16:33 ----D---- C:\Program Files (x86)\Apple Software Update
2010-08-21 10:16:33 ----D---- C:\Program Files (x86)\AmIcoSingLun
2010-08-21 10:16:29 ----D---- C:\Program Files (x86)\Acronis
2010-08-21 10:15:33 ----D---- C:\Program Files (x86)\Ubisoft
2010-08-21 10:15:32 ----D---- C:\Program Files (x86)\TeamViewer
2010-08-21 10:15:30 ----D---- C:\Program Files (x86)\Reference Assemblies
2010-08-21 10:15:14 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-08-21 10:14:46 ----D---- C:\Program Files (x86)\Microsoft Office
2010-08-21 10:14:46 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-08-21 10:14:45 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2010-08-21 10:14:45 ----D---- C:\Program Files (x86)\IObit
2010-08-21 10:13:39 ----D---- C:\Program Files (x86)\Adobe
2010-08-15 23:09:18 ----RD---- C:\Program Files
2010-08-15 23:09:07 ----SHD---- C:\$Recycle.Bin
2010-08-15 23:08:53 ----RD---- C:\Users
2010-08-15 21:59:42 ----D---- C:\Windows\Microsoft.NET
2010-08-15 21:11:27 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2010-08-15 15:59:34 ----HD---- C:\ProgramData
2010-08-15 13:51:33 ----SD---- C:\Users\Jirka\AppData\Roaming\Microsoft
2010-08-15 12:53:12 ----D---- C:\Windows\system32\wdi
2010-08-15 10:40:47 ----D---- C:\Windows\debug
2010-08-14 22:45:29 ----HD---- C:\Windows\SYSWOW64\drivers
2010-08-14 22:22:24 ----D---- C:\Windows\winsxs
2010-08-14 22:20:41 ----D---- C:\Windows\SYSWOW64\migration
2010-08-14 22:20:41 ----D---- C:\Program Files\Internet Explorer
2010-08-14 22:20:40 ----D---- C:\Windows\system32\migration
2010-08-14 22:18:23 ----D---- C:\ProgramData\Microsoft Help
2010-08-14 22:08:06 ----D---- C:\Windows\SYSWOW64\wbem
2010-08-14 22:08:06 ----D---- C:\Windows\system32\CodeIntegrity
2010-08-14 22:08:05 ----D---- C:\ProgramData\FLEXnet
2010-08-13 20:26:27 ----D---- C:\Windows\SoftwareDistribution
2010-08-07 13:26:09 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2010-08-07 11:48:22 ----HD---- C:\Program Files (x86)\Temp
2010-08-03 20:52:33 ----A---- C:\Windows\system32\MRT.exe
2010-07-31 18:17:38 ----AD---- C:\ProgramData\Temp
2010-07-31 10:16:13 ----D---- C:\Users\Jirka\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KLBG;Kaspersky Lab Boot Guard Driver; C:\Windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-07-30 241696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-02-02 254496]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-02 834544]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251); C:\Windows\system32\DRIVERS\tdrpm251.sys [2010-02-02 1455648]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-02-02 929312]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 157712]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-11-11 353296]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-11-03 27152]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [2010-03-30 20968]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-06-22 131688]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM; C:\Windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys [2010-03-02 2103336]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-12 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2009-08-28 21504]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 117152]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-10-26 38944]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-11-03 29696]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2010-04-19 50688]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Služba Plánovač2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2009-12-14 829216]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ASLDRService;ASLDR Service; D:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 AVP;Kaspersky Internet Security; D:\Program Files\Kaspersk\Kaspersky Internet Security 2010\avp.exe [2010-08-20 340520]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 nTuneService;Performance Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2009-11-06 276584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-08-07 66872]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-08 488960]
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-16 185640]
R2 UpdateCenterService;Update Center Service; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [2009-11-06 282728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2009-11-15 13080]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-02 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-02 655624]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 654112]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2010-01-04 244904]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[j3šť3r]

jiste k tomu "attrib -h +s ....", zapnete ho jen v pripade, ze nebudete schovavat systemove slozky.

[poul33]

Atribut se systémovou složkou nepoužiji, protože poté bych měl funkci Skrytý opět zašedlou, ona složka Program Files není systémová, tak tu (x86) nechám také jako bezsystémovou. Ale díky za tip a rady. Ten druhý příkaz jsem použil, vše se zdá být v pořádku. Díky moc

[j3šť3r]

jak jsem kouknul na ten log, nezda se mi, ze by am neco bylo, ale at to radsi potvrdi vyosek

Jeden z duvodu tech poplachu mohlo byt to hrani si s pravy pro slozku (prece jen jsme se chovali skoro jako nejaka havet )

[poul33]

Jasný, počkám s logem na vyoska. Tobě tedy moc děkuji za vyřešení problému s tou složkou PF (x86), už mě to lezlo na nervy (předpokládám, že jsi v tom měl největší zásluhu)

Jinak hlásilo mi to převážně u aplikací typu .exe, ostatně tomu tak bývá většinou, ale byly to spíše nějaké injektory DLL knihoven, takže klasika, že to hlásí, jako škodlivinu, ale pro jistotu

[vyosek]

Moc dekuji kolegovi j3šť3r za vyreseni problemu se slozkou

Nejsem si vedom ze by Kaspersky mival nejak falesne poplachy, nebo jak mam chapat "samozřejmě něco nebyla pravda"
Kde antivir hlasil infekci, dokazal s ni neco delat

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[poul33]

V podstatě mi do detekovalo nástroj pro vkládání dll knihoven do procesů, což jsem dal přidat do vyjímek, to samé platilo i u toho, co jsem si byl jist, že v tom žádný trojan ani podobné nebylo. Pak mi to našlo i něco jiného, to jsem nevěděl, co to je. Tak jsem dal smazat. Nyní se chci tedy už pouze ujistit, zda je vše v pořádku a zmizelo to. Projel jsem kompletním skenem KIS a nic to nikde nenašlo, tak by to mělo být v pořádku. Pouze se chci tedy ujistit

Jinak Malwarebytes Anti-M nic nenašel, tak to bude snad v pořádku tedy.

Jednou jsmě už řešili, že se mi rozházelo písmo, většinu jsme tedy nakonec opravili, stáhl jsem na internetu fonty a nahradil je. Většina funguje už na 100%, jak by měly, ale pořád mi tady zůstal jeden font, který mi zobrazuješ špatně diakritiku. Myslím, že jde o Arial, už jsem různě zkoušel stahovat mnoho fontů tohoto typu, ale nic nepomohlo, také jsem si od známého nechal poslat celou složku fontů a přepsal jsem jej, ale stále to samé. Rozhazuje mi to i diakritiku, pokud na fóru vložím text s diakritikou co skriptu CODE. Nenašlo by se řešení i pro tuto opravu?

Tady je obrázek, jak to písmo vypadá v těchto dvou programech:

[vyosek]

Zkusim se poptat kolegu

[j3šť3r]

Tak jsem tu zas

jako browser asi pouzivate ff, tak se podivejte do (ve verzi 3.6.8, snad to na jine bude stejne):
nastroje > moznosti > pisma a barvy - rozsirene.
Tady uvidite pouzivane fonty, po ciste instalaci tu mam Times New Roman, Arial, Courier New (ten me zajima nejvic, neproporcionalni bude s nejvetsi pravdepodobnosti pro to CODE)

Spybota nemam ani ho neplanuju , MBAM u me pouziva podle processmonitoru MS Sans Serif.

Problem bude pravdepodobne u tech "Courier New" a "MS Sans Serif"

[j3šť3r]

tady jsem ty fonty vytahnul

[poul33]

Kód: Vybrat vše

ěščřžýáíé

Zkusil jsem jej tedy nahradit a stále mám místo diakritiky nesmyslné znaky. :/

[poul33]

Tak tady mi to funguje v CODE normálně diakritika, ale někde na fórech to nejde a písmo je tam Calibri.

Jinak FireFox mám nastaven dobře (písmo).

[j3šť3r]

tak s Calibri vam nepomuzu - wiki - jedu na XP a vlastnikem MS Office nejsem. Muzete dat priklad stranek, kde to blbne?

Zkuste ten MBAM, jestli se v nem uz pismena zobrazuji korektne.

[poul33]

Tak to nebude Calibri, myslel jsem si, že pokud písmo zkopíruji z toho CODE do MS Wordu, tak mi to ukáže název písma, ale Calibri mi to ukazuje i když je to úplně jiné písmo :/
Jinak v MBAMu mi to dělá stále stejný problém, to samé Spybot (ten sice ani nepoužívám, ale uvádím ho jen jako příklad).

[vyosek]

Co to zkusit opravit pres opravnou instalaci