win32/olmarik v operační paměti

[jsykora]

nevím, co jsou CSFscripty, tak jsem je nezadával (vědomě). Log po Combofixu jsem nenašel, už ho po mně žádala motji.
Teď už nestihnu udělat nic, budu až kolem 20.hodiny.

[jsykora]

log z combofixu jsem chtěl najít, abyste poznali, co jsem vyváděl (já sám nevím, páč jsem viděl rudě)
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 448
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 528
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 588
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 644
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 652
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 676
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 856
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 908
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 936
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 976
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1064
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1180
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1276
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1308
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1368
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 1424
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1444
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1544
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1660
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1784
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1812
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 204
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PID: 460
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 504
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PID: 512
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PID: 1672
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 1868
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeIn.exe
PID: 1344
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 932
Hidden: No
Window Visible: No

Name: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PID: 1272
Hidden: No
Window Visible: No

Name: C:\Program Files\CDBurnerXP\NMSAccessU.exe
PID: 1460
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 208
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\Shared files\RichVideo.exe
PID: 536
Hidden: No
Window Visible: No

Name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PID: 1024
Hidden: No
Window Visible: No

Name: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PID: 2052
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2088
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2160
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 2532
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2556
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 2764
Hidden: No
Window Visible: No

Name: C:\Windows\System32\iashost.exe
PID: 2888
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 2944
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 4088
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 2260
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2504
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 3948
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 3576
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 3604
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 3548
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wpcumi.exe
PID: 1256
Hidden: No
Window Visible: No

Name: C:\Windows\RtHDVCpl.exe
PID: 4020
Hidden: No
Window Visible: No

Name: C:\Windows\WindowsMobile\wmdc.exe
PID: 3656
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PID: 1828
Hidden: No
Window Visible: No

Name: C:\Program Files\FlashGet\flashget.exe
PID: 3652
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2288
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PID: 2952
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PID: 1640
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 3132
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PID: 3084
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PID: 3152
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Phone\Skype.exe
PID: 3924
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 3764
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 2580
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 1088
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PID: 1704
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 4572
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 4740
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Plugin Manager\skypePM.exe
PID: 4960
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wuauclt.exe
PID: 4732
Hidden: No
Window Visible: No

Name: C:\Users\Jarda\AppData\Roaming\Maxthon2\Maxthon.exe
PID: 5720
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PID: 3404
Hidden: No
Window Visible: No

Name: C:\totalcmd\TOTALCMD.EXE
PID: 1408
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 4268
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 5936
Hidden: No
Window Visible: No

Name: C:\Users\Jarda\Desktop\SysProt\SysProt.exe
PID: 4804
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Jarda\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A3DD3000
Module End: A3DDE000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 82242000
Module End: 825FB000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 8220F000
Module End: 82242000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80401000
Module End: 80408000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80408000
Module End: 80478000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80478000
Module End: 80489000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80489000
Module End: 80491000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 80491000
Module End: 804D2000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 804D2000
Module End: 805B2000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80602000
Module End: 8067E000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8067E000
Module End: 8068B000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 8068B000
Module End: 806D1000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 806D1000
Module End: 806DA000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 806DA000
Module End: 806E2000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 806E2000
Module End: 80709000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 80709000
Module End: 80718000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80718000
Module End: 80727000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 80727000
Module End: 80771000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 80771000
Module End: 80778000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 80778000
Module End: 80786000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 80786000
Module End: 80796000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 80796000
Module End: 8079E000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 8079E000
Module End: 807BC000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 807BC000
Module End: 807EE000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 807EE000
Module End: 807FE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Lbd.sys
Service Name: Lbd
Module Base: 805B2000
Module End: 805C1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 82C09000
Module End: 82C7A000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 82C7A000
Module End: 82D85000
Hidden: No

Module Name: C:\Windows\system32\drivers\msrpc.sys
Service Name: MsRPC
Module Base: 82D85000
Module End: 82DB0000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 82DB0000
Module End: 82DEB000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 82E06000
Module End: 82EF0000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 82EF0000
Module End: 82F0B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8B80A000
Module End: 8B91A000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8B91A000
Module End: 8B953000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 8B953000
Module End: 8B95B000
Hidden: No

Module Name: C:\Windows\system32\speedfan.sys
Service Name: speedfan
Module Base: 8B95B000
Module End: 8B95D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8B95D000
Module End: 8B96C000
Hidden: No

Module Name: C:\Windows\system32\giveio.sys
Service Name: EIO
Module Base: 8B96C000
Module End: 8B96D000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8B96D000
Module End: 8B994000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 8B994000
Module End: 8B9A5000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8B9A5000
Module End: 8B9C6000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 8B9C6000
Module End: 8B9CF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8B9EF000
Module End: 8B9FA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ATITool.sys
Service Name: ATITool
Module Base: 82F0B000
Module End: 82F17000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8B800000
Module End: 8B809000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 82F17000
Module End: 82F26000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 92E0C000
Module End: 93906000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvBridge.kmd
Service Name: ---
Module Base: 93906000
Module End: 93908000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 93908000
Module End: 939A9000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 939A9000
Module End: 939B5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 939B5000
Module End: 939C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 939C0000
Module End: 939FE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 82F26000
Module End: 82F35000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 82F35000
Module End: 82FC2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Rtlh86.sys
Service Name: RTL8169
Module Base: 82FC2000
Module End: 82FE8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 82FE8000
Module End: 82FF8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 82DEB000
Module End: 82DF9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\fdc.sys
Service Name: fdc
Module Base: 92E00000
Module End: 92E0B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: 805E1000
Module End: 805F9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 93C05000
Module End: 93C18000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 93C18000
Module End: 93C23000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 93C23000
Module End: 93C3B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lmimirr.sys
Service Name: lmimirr
Module Base: 93C3B000
Module End: 93C3C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: 93C3C000
Module End: 93C5D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 93C5D000
Module End: 93C8C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 93C8C000
Module End: 93CCD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 93CCD000
Module End: 93CD8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 93CD8000
Module End: 93CEF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 93CEF000
Module End: 93CFA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 93CFA000
Module End: 93D1D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 93D1D000
Module End: 93D2C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 93D2C000
Module End: 93D40000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 93D40000
Module End: 93D55000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hamachi.sys
Service Name: hamachi
Module Base: 93D55000
Module End: 93D5A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\pcouffin.sys
Service Name: pcouffin
Module Base: 93D5A000
Module End: 93D66000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 93D66000
Module End: 93D76000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 93D76000
Module End: 93D81000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 93D81000
Module End: 93D83000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 93D83000
Module End: 93DAD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 93DAD000
Module End: 93DB7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 93DB7000
Module End: 93DC4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 93DC4000
Module End: 93DF9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\flpydisk.sys
Service Name: flpydisk
Module Base: 93E0C000
Module End: 93E16000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 93E16000
Module End: 93FD6000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 94001000
Module End: 9402E000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 9402E000
Module End: 94053000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 94053000
Module End: 94064000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: 94064000
Module End: 9406E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 9406E000
Module End: 94070000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: 94070000
Module End: 94079000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 94079000
Module End: 94082000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 94082000
Module End: 94092000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 94092000
Module End: 94099000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 94099000
Module End: 940A1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 940A1000
Module End: 940A8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 940A8000
Module End: 940AF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: 940AF000
Module End: 940CC000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 940D5000
Module End: 940E1000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 940E1000
Module End: 940E9000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 940E9000
Module End: 940F1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 940F1000
Module End: 940FC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 940FC000
Module End: 9410A000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 9410A000
Module End: 94113000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 94113000
Module End: 94129000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 94129000
Module End: 9413D000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 9413D000
Module End: 94185000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 94185000
Module End: 941B7000
Hidden: No

Module Name: C:\Windows\system32\drivers\ws2ifsl.sys
Service Name: ws2ifsl
Module Base: 941B7000
Module End: 941C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 941C0000
Module End: 941D6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 941D6000
Module End: 941E4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 941E4000
Module End: 941F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 94A04000
Module End: 94A40000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 94A40000
Module End: 94A4A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 94A4A000
Module End: 94A61000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 94A61000
Module End: 94A6E000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 94A6E000
Module End: 94A79000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 94A79000
Module End: 94A81000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 94A81000
Module End: 94A8B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 94A8B000
Module End: 94A9A000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 94A9A000
Module End: 94AB5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\eamon.sys
Service Name: eamon
Module Base: 94AB5000
Module End: 94B81000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: A2603000
Module End: A26B3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: A26B3000
Module End: A26C3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: A26C3000
Module End: A26D6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\asyncmac.sys
Service Name: AsyncMac
Module Base: A26D6000
Module End: A26DF000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: A26DF000
Module End: A274C000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: A274C000
Module End: A2769000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: A2769000
Module End: A2782000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: A2782000
Module End: A2797000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: A2797000
Module End: A27B8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: A27B8000
Module End: A27D7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 94B89000
Module End: 94BC2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: A27D7000
Module End: A27EF000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 94BC2000
Module End: 94BE9000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: A3C08000
Module End: A3C54000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\parvdm.sys
Service Name: Parvdm
Module Base: A3C54000
Module End: A3C5B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\atksgt.sys
Service Name: atksgt
Module Base: A3C5B000
Module End: A3C9E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\epfwwfpr.sys
Service Name: epfwwfpr
Module Base: A3C9E000
Module End: A3CB8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lirsgt.sys
Service Name: lirsgt
Module Base: A3CB8000
Module End: A3CBD000
Hidden: No

Module Name: \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
Service Name: LMIInfo
Module Base: A3CBD000
Module End: A3CBF000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
Service Name: LMIRfsDriver
Module Base: A3CBF000
Module End: A3CC9000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: A3CC9000
Module End: A3DA7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: A3DA7000
Module End: A3DB1000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: A3DB1000
Module End: A3DBD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: A3DBD000
Module End: A3DD3000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: JARDA-PC.WAG54GS:64935
Remote Address: 66-199-250-170.REVERSE.EZZI.NET:8911
Type: TCP
Process: C:\Program Files\FlashGet\flashget.exe
State: SYN_SENT

Local Address: JARDA-PC.WAG54GS:64933
Remote Address: SPYNETTEST.MICROSOFT.COM:HTTPS
Type: TCP
Process: C:\Program Files\Windows Defender\MSASCui.exe
State: ESTABLISHED

Local Address: JARDA-PC.WAG54GS:64931
Remote Address: 219.232.241.91:DOMAIN
Type: TCP
Process: C:\Program Files\FlashGet\flashget.exe
State: SYN_SENT

Local Address: JARDA-PC.WAG54GS:64928
Remote Address: 72.51.37.237:8899
Type: TCP
Process: C:\Program Files\FlashGet\flashget.exe
State: SYN_SENT

Local Address: JARDA-PC.WAG54GS:64916
Remote Address: 219.232.241.91:DOMAIN
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: JARDA-PC.WAG54GS:64230
Remote Address: 60.28.220.123:HTTPS
Type: TCP
Process: C:\Users\Jarda\AppData\Roaming\Maxthon2\Maxthon.exe
State: CLOSE_WAIT

Local Address: JARDA-PC.WAG54GS:64227
Remote Address: 60.28.210.4:9000
Type: TCP
Process: C:\Users\Jarda\AppData\Roaming\Maxthon2\Maxthon.exe
State: CLOSE_WAIT

Local Address: JARDA-PC.WAG54GS:63953
Remote Address: 94.228.209.143:HTTPS
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: CLOSE_WAIT

Local Address: JARDA-PC.WAG54GS:60051
Remote Address: A92-123-68-177.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: JARDA-PC.WAG54GS:54954
Remote Address: CM-214-178-VR.M-REAL.NET:27112
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: JARDA-PC.WAG54GS:50097
Remote Address: 82.99.19.52:HTTP
Type: TCP
Process: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
State: CLOSE_WAIT

Local Address: JARDA-PC.WAG54GS:50095
Remote Address: 82.99.19.52:HTTP
Type: TCP
Process: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
State: CLOSE_WAIT

Local Address: JARDA-PC.WAG54GS:49157
Remote Address: 77.242.193.201:HTTPS
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: JARDA-PC.WAG54GS:1989
Remote Address: GW-VSE.VSEBORICE.NET:51417
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: JARDA-PC.WAG54GS:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JARDA-PC:49181
Remote Address: LOCALHOST:2002
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
State: ESTABLISHED

Local Address: JARDA-PC:7438
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JARDA-PC:DCCM
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JARDA-PC:2002
Remote Address: LOCALHOST:49181
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: JARDA-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JARDA-PC:49159
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: JARDA-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: JARDA-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JARDA-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JARDA-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: JARDA-PC:24081
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\FlashGet\flashget.exe
State: LISTENING

Local Address: JARDA-PC:10243
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JARDA-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JARDA-PC:3261
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
State: LISTENING

Local Address: JARDA-PC:3260
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
State: LISTENING

Local Address: JARDA-PC:ICSLAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JARDA-PC:2002
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: LISTENING

Local Address: JARDA-PC:1989
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: JARDA-PC:PPTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JARDA-PC:FTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JARDA-PC:RTSP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: LISTENING

Local Address: JARDA-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JARDA-PC:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: JARDA-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JARDA-PC:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: JARDA-PC.WAG54GS:65450
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC.WAG54GS:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC.WAG54GS:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: JARDA-PC.WAG54GS:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: JARDA-PC:65451
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:65015
Remote Address: NA
Type: UDP
Process: C:\Users\Jarda\AppData\Roaming\Maxthon2\Maxthon.exe
State: NA

Local Address: JARDA-PC:62505
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:56861
Remote Address: NA
Type: UDP
Process: C:\Program Files\FlashGet\flashget.exe
State: NA

Local Address: JARDA-PC:51551
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: JARDA-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:65449
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: JARDA-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: JARDA-PC:56860
Remote Address: NA
Type: UDP
Process: C:\Program Files\FlashGet\flashget.exe
State: NA

Local Address: JARDA-PC:56504
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:55291
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:24082
Remote Address: NA
Type: UDP
Process: C:\Program Files\FlashGet\flashget.exe
State: NA

Local Address: JARDA-PC:24081
Remote Address: NA
Type: UDP
Process: C:\Program Files\FlashGet\flashget.exe
State: NA

Local Address: JARDA-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:5005
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: JARDA-PC:5004
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: JARDA-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:1989
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: JARDA-PC:1701
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: JARDA-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JARDA-PC:HTTPS
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: JARDA-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{83fc6e60-15cf-11df-ad11-001a4d5847e9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Users\Jarda\AppData\Local\Xmarks\Backup\www.flatpanels.dk - Din guide til fladskarme - Panel Search.url
Status: Hidden

Object: C:\Users\Jarda\Favorites\www.flatpanels.dk - Din guide til fladskarme - Panel Search?.url
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

[jsykora]

mám nezaškrtnutelnou (vyšedlou) položku: obecný ovladač disku režim jádra
[IMG=http://img651.imageshack.us/img651/9168/fd105.th.jpg][/IMG]

[jsykora]

upload zazipovaného vbaarkitlog
Download Vba32ArkitLog.zip for free on uploading.com

[jsykora]

po 3 restartech se a jednom beeepu se PC chytlo
teď budu už musím pryč (z5 +-20.hod)
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "wscsvcBITS" deleted successfully.
File "C:\Windows\system32\adtschemah.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[jsykora]

NOD32 AV4:
v operační paměti infiltrace Win32/Olmarik trojský kůň
jedu zase pryč, ale budu u jiného kompu (s logmein). Nechám NODa projet full sken, postnu výsledek.

[jsykora]

úplná kontrola nodem (2h:18min) nalezla jen toho Olmarika v paměti, kterého neumí léčit. Projel jsem i nebootovací disky.

[jsykora]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-10 20:27:23
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\uglcypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-10 20:51:32
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Windows\system32\config\systemprofile\AppData\Local\Temp\uglcypob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x807A3000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E7A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E58395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73EACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [8079F9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [8079F9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort2 [8079F9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7 [8079F9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort3 [8079F9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort4 [8079F9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort5 [8079F9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 [8079F9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

Device \FileSystem\cdfs \Cdfs A404D05C

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA3 0xA9 0x0B 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x32 0x35 0x5F 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x36 0xEC 0x3A 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0x47 0x30 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA3 0xA9 0x0B 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x32 0x35 0x5F 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x36 0xEC 0x3A 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0x47 0x30 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@d:\Mage Knight(TM) Apocalypse\sound\ca041a-tu\x2019rajacolyte.sac 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@d:\Mage Knight(TM) Apocalypse\sound\ca042a-tu\x2019rajpriest.sac 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[jsykora]

SPTD setup V1.62 (C) píše
No SPTD version was detected. Select action to be performed.
Dovolí jen Install a Cancel (Uninstall je vyšedlé).

Instalačku svých Woken mám.

Alcohol120 mi nejde odinstalovat (alcoholovým uninstallem nebo woknovým).

d e f o g g e r _ d i s a b l e b y j p s h o r t s t u f f ( 2 9 . 0 1 . 1 0 . 1 )

L o g c r e a t e d a t 2 1 : 3 0 o n 1 0 / 0 2 / 2 0 1 0 ( J a r d a )



C h e c k i n g f o r a u t o s t a r t v a l u e s . . .

H K C U \ ~ \ R u n v a l u e s r e t r i e v e d .

H K L M \ ~ \ R u n v a l u e s r e t r i e v e d .

H K C U : A l c o h o l A u t o m o u n t - > R e m o v e d



C h e c k i n g f o r s e r v i c e s / d r i v e r s . . .

S P T D - > A l r e a d y d i s a b l e d





- = E . O . F = -

[jsykora]

No chce to instal cd Vist k infikovanemu pc, ale neva, zkusim dohledat atapi jinak. Pak ho nahradim.

já ty originální Visty k mému PC mám, atapi z toho zkusím vyexportovat (zatím jsem to nedělal, pro zajímavost návod http://4sysops.com/archives/how-to-moun ... ows-vista/)

Nastal však větší problém, PC nenaběhne. Nechal jsem ho puštěné přes noc a nejspíš se zkusily nainstalovat windows aktualizace. Teď se počítač při nabíhání Vist restartuje, a je jedno, jestli ho zkusím spouštět v safemodu (sítě/bez sítí,...) nebo normálním způsobem.
Na zlomek sekundy problikne BSOD, z kterého nic nevyčtu(eme).


Na noc tedy plánuji opravu nebo reinstall systému. Máš nějakou radu, jestli mám postupovat jinak?

[jsykora]

Počítač je úspěšně obnoven. Emil to spravil
Čím to mám projet, abys zkontroloval, jestli není nikde zašitej?
Nod32 olmarika nenašel. Běžely i nějaké dvě servicies od J, které se odkazovaly do Tempu. Bohužel jsem si nepsal jména těch služeb.

[jsykora]

obnovením a opravou systému z instalačky Vist + 3 restarty.
rsit
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jarda at 2010-02-11 22:59:28
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 116 GB (47%) free of 249 GB
Total RAM: 3582 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:30, on 11.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Users\Jarda\AppData\Roaming\Maxthon2\Maxthon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\totalcmd\TOTALCMD.EXE
C:\install\RSIT.exe
C:\Program Files\trend micro\Jarda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: BGMYRQ - Unknown owner - C:\Users\Jarda\AppData\Local\Temp\BGMYRQ.exe (file missing)
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FKEKD - Unknown owner - C:\Users\Jarda\AppData\Local\Temp\FKEKD.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Karta Smart Card SCardSvrDAUpdaterSvc (SCardSvrDAUpdaterSvc) - Unknown owner - C:\Windows\system32\acluig.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 12940 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Daily 1).job
C:\Windows\tasks\Ad-Aware Update (Daily 2).job
C:\Windows\tasks\Ad-Aware Update (Daily 3).job
C:\Windows\tasks\Ad-Aware Update (Daily 4).job
C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-19 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-19 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-19 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]
"Flashget"=C:\Program Files\FlashGet\flashget.exe [2007-09-25 2007088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-01-30 992256]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-09-10 218032]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-10-24 1217808]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-04-13 2387968]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-11 39408]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-10-27 1103216]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Windows Live Sync"=C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [2009-10-22 1171784]

C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-02-11 19:29:18 ----D---- C:\_film
2010-02-11 18:54:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-11 18:54:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-11 18:43:19 ----A---- C:\Windows\system32\quartz.dll
2010-02-11 18:43:18 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-11 18:43:18 ----A---- C:\Windows\system32\msyuv.dll
2010-02-11 18:43:18 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-11 18:43:17 ----A---- C:\Windows\system32\msrle32.dll
2010-02-11 18:43:17 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-11 18:43:16 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-11 18:43:15 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-11 18:43:15 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 14:11:28 ----D---- C:\Avenger
2010-02-10 14:11:28 ----A---- C:\avenger.txt
2010-02-10 13:38:06 ----D---- C:\FD105
2010-02-10 07:48:51 ----D---- C:\~ErdUserProfile.$$$
2010-02-10 00:26:53 ----A---- C:\RootRepeal_crash_021010.002653.txt
2010-02-09 23:55:52 ----A---- C:\RootRepeal_crash_020910.235552.txt
2010-02-09 23:12:19 ----A---- C:\RootRepeal.exe
2010-02-09 07:02:32 ----A---- C:\mbam-log-2010-02-09 (07-02-23).txt
2010-02-09 00:56:33 ----D---- C:\Users\Jarda\AppData\Roaming\Malwarebytes
2010-02-09 00:56:28 ----D---- C:\ProgramData\Malwarebytes
2010-02-09 00:56:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-09 00:55:21 ----A---- C:\mbam-setup.exe
2010-02-09 00:36:52 ----A---- C:\gmer.exe
2010-02-08 23:53:07 ----D---- C:\Windows\temp
2010-02-08 23:53:03 ----A---- C:\ComboFix.txt
2010-02-08 23:52:12 ----SHD---- C:\$RECYCLE.BIN
2010-02-08 23:26:26 ----A---- C:\Windows\SWXCACLS.exe
2010-02-08 23:25:24 ----RA---- C:\ComboFix.exe
2010-02-08 23:05:29 ----A---- C:\adaware.txt
2010-02-06 03:19:20 ----A---- C:\Windows\system32\winhttp.dll
2010-02-06 01:43:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-02-06 01:43:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-06 01:18:03 ----D---- C:\SysProt
2010-02-06 01:01:42 ----A---- C:\Windows\ntbtlog.txt
2010-02-06 00:34:57 ----A---- C:\logcmbfix.txt
2010-02-06 00:33:27 ----A---- C:\Windows\zip.exe
2010-02-06 00:33:27 ----A---- C:\Windows\SWSC.exe
2010-02-06 00:33:27 ----A---- C:\Windows\SWREG.exe
2010-02-06 00:33:27 ----A---- C:\Windows\sed.exe
2010-02-06 00:33:27 ----A---- C:\Windows\PEV.exe
2010-02-06 00:33:27 ----A---- C:\Windows\NIRCMD.exe
2010-02-06 00:33:27 ----A---- C:\Windows\MBR.exe
2010-02-06 00:33:27 ----A---- C:\Windows\grep.exe
2010-02-06 00:33:20 ----D---- C:\Qoobox
2010-02-06 00:27:02 ----D---- C:\rsit
2010-02-06 00:27:02 ----D---- C:\Program Files\trend micro
2010-02-06 00:21:33 ----D---- C:\Program Files\CCleaner
2010-02-05 21:09:01 ----A---- C:\Windows\system32\kerberos.dll
2010-02-05 21:09:00 ----A---- C:\Windows\system32\schannel.dll
2010-01-31 21:49:12 ----A---- C:\Windows\GPInstall.exe
2010-01-27 20:41:24 ----D---- C:\ProgramData\PassMark
2010-01-27 20:41:20 ----D---- C:\Program Files\MonitorTest
2010-01-27 20:39:16 ----D---- C:\Program Files\Mihov Blank Screen
2010-01-21 21:12:08 ----A---- C:\Windows\system32\mshtml.dll
2010-01-21 21:12:07 ----A---- C:\Windows\system32\ieframe.dll
2010-01-21 21:12:06 ----A---- C:\Windows\system32\iertutil.dll
2010-01-21 21:12:05 ----A---- C:\Windows\system32\wininet.dll
2010-01-21 21:12:05 ----A---- C:\Windows\system32\urlmon.dll
2010-01-21 21:12:05 ----A---- C:\Windows\system32\occache.dll
2010-01-21 21:12:05 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-21 21:12:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-21 21:12:03 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-21 21:12:03 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-21 21:12:03 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-21 21:12:03 ----A---- C:\Windows\system32\ieui.dll
2010-01-21 21:12:03 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-21 21:12:03 ----A---- C:\Windows\system32\iepeers.dll
2010-01-21 21:12:02 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-21 21:12:02 ----A---- C:\Windows\system32\iesetup.dll
2010-01-21 21:12:02 ----A---- C:\Windows\system32\iernonce.dll
2010-01-21 21:12:02 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-12 23:54:00 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 23:53:59 ----A---- C:\Windows\system32\fontsub.dll

======List of files/folders modified in the last 1 months======

2010-02-11 22:57:09 ----D---- C:\Users\Jarda\AppData\Roaming\Skype
2010-02-11 22:56:01 ----D---- C:\Windows\system32\Tasks
2010-02-11 22:55:57 ----D---- C:\Windows\Tasks
2010-02-11 22:55:17 ----D---- C:\Users\Jarda\AppData\Roaming\MxBoost
2010-02-11 22:55:14 ----D---- C:\Windows\Prefetch
2010-02-11 22:54:23 ----D---- C:\Program Files\Steam
2010-02-11 22:54:17 ----D---- C:\ProgramData\NVIDIA
2010-02-11 22:53:54 ----D---- C:\Windows\Minidump
2010-02-11 22:53:51 ----D---- C:\Windows
2010-02-11 22:50:34 ----D---- C:\install
2010-02-11 21:35:17 ----D---- C:\Windows\System32
2010-02-11 21:35:16 ----D---- C:\Windows\inf
2010-02-11 21:35:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-11 19:40:44 ----A---- C:\Windows\NeroDigital.ini
2010-02-11 19:21:10 ----D---- C:\Windows\winsxs
2010-02-11 18:57:22 ----SHD---- C:\Windows\Installer
2010-02-11 18:57:14 ----D---- C:\ProgramData\Microsoft Help
2010-02-11 18:55:52 ----D---- C:\Windows\system32\catroot
2010-02-11 18:55:32 ----D---- C:\Program Files\Windows Mail
2010-02-11 18:55:22 ----SHD---- C:\System Volume Information
2010-02-11 18:45:51 ----D---- C:\Windows\system32\drivers
2010-02-11 18:37:37 ----D---- C:\Windows\system32\catroot2
2010-02-11 18:33:26 ----D---- C:\Users\Jarda\AppData\Roaming\skypePM
2010-02-11 18:26:50 ----D---- C:\Windows\system32\cs-CZ
2010-02-11 18:20:44 ----D---- C:\Windows\system32\config
2010-02-11 18:20:34 ----D---- C:\Windows\system32\spool
2010-02-11 18:20:34 ----D---- C:\Windows\system32\Msdtc
2010-02-11 18:20:34 ----D---- C:\Users\Jarda\AppData\Roaming\GHISLER
2010-02-11 18:20:32 ----D---- C:\Windows\system32\wbem
2010-02-11 18:20:32 ----D---- C:\Windows\registration
2010-02-11 03:20:18 ----D---- C:\Program Files\LogMeIn
2010-02-11 03:03:34 ----D---- C:\Windows\Debug
2010-02-10 07:50:19 ----D---- C:\Downloads
2010-02-09 22:04:55 ----RD---- C:\Program Files
2010-02-09 21:56:44 ----D---- C:\Users\Jarda\AppData\Roaming\Vso
2010-02-09 00:56:28 ----D---- C:\ProgramData
2010-02-08 23:50:53 ----D---- C:\Windows\ERDNT
2010-02-08 23:41:21 ----A---- C:\Windows\system.ini
2010-02-08 23:34:41 ----D---- C:\Windows\AppPatch
2010-02-08 23:34:40 ----D---- C:\Program Files\Common Files
2010-02-06 18:41:31 ----D---- C:\Windows\rescache
2010-02-06 00:40:49 ----D---- C:\Boot
2010-02-06 00:39:58 ----D---- C:\Program Files\pdfforge Toolbar
2010-02-05 20:24:11 ----D---- C:\NVIDIA
2010-02-05 19:55:54 ----D---- C:\ipaq 614c
2010-02-05 19:11:42 ----D---- C:\Program Files\Mozilla Firefox
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-02-01 19:39:06 ----D---- C:\Windows\system32\LogFiles
2010-02-01 00:56:07 ----D---- C:\Program Files\Common Files\Steam
2010-01-31 21:49:17 ----D---- C:\Program Files\ModelH
2010-01-29 08:30:39 ----AD---- C:\ProgramData\TEMP
2010-01-27 23:31:32 ----D---- C:\Program Files\Internet Explorer
2010-01-27 15:12:34 ----A---- C:\Windows\system32\lsdelete.exe
2010-01-26 23:53:07 ----D---- C:\rapid
2010-01-26 21:30:48 ----D---- C:\Program Files\JDownloader
2010-01-25 19:38:48 ----D---- C:\ProgramData\2DBoy
2010-01-22 18:47:49 ----D---- C:\Windows\system32\migration
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2007-08-08 28968]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-15 281760]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-15 25888]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-10-17 47640]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-23 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-11-21 11515752]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-10-23 47360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-03-17 140288]
S1 EIO;EIO Driver; C:\Windows\system32\DRIVERS\EIO.sys []
S1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Users\Jarda\AppData\Local\Temp\HWiNFO32.SYS []
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
S3 AteksoftAudio;WebCamera Plus Audio; C:\Windows\system32\drivers\ateksoftaudio.sys [2007-12-25 11776]
S3 catchme;catchme; \??\C:\Users\Jarda\AppData\Local\Temp\catchme.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2007-06-27 53184]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2007-06-27 71488]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-03-23 15600]
S3 GKUPRO2D;GKUPRO2D; C:\Windows\System32\Drivers\GKUPRO2D.sys [2005-02-18 71168]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\markfun.w32 [2007-08-21 17912]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.08\RivaTuner32.sys [2008-03-10 9088]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\Windows\system32\drivers\rkhdrv40.sys [2010-02-09 24448]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
S3 Ser2pl;Prolific2 Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2005-11-04 48640]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 USBCCID;Čtecí zařízení čipových karet USB; C:\Windows\system32\DRIVERS\usbccid.sys [2006-11-02 30208]
S3 winusb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-20 722416]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-11-20 122984]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-10-06 241734]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
S2 SCardSvrDAUpdaterSvc;Karta Smart Card SCardSvrDAUpdaterSvc; C:\Windows\system32\acluig.exe srv []
S3 BGMYRQ;BGMYRQ; C:\Users\Jarda\AppData\Local\Temp\BGMYRQ.exe []
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 FKEKD;FKEKD; C:\Users\Jarda\AppData\Local\Temp\FKEKD.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-11 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-01-26 326792]

-----------------EOF-----------------

[jsykora]

gmer mi pořád padá na stejném místě (i když vypnu Noda) - viz. 1.stránka tohohle vlákna
[IMG=http://img3.imageshack.us/img3/935/gmer1.jpg][/IMG]

projde jen 1. log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-11 23:03:29
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Jarda\AppData\Local\Temp\uglcypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----

[motji]

Jen zaskočím za kolegu - v nouzovém režimu jste to zkoušel?

[jsykora]

žuchne i v nouzovém režimu - stejná chyba