VIRY.CZ

Zdravím,

mám v operační paměti Win32/Olmarik, pročetl jsem několik podobných témat, takže posílám RSIT log a díky za pomoc.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Petr at 2010-06-14 23:38:14
Microsoft Windows 7 Home Premium
System drive C: has 258 GB (89%) free of 290 GB
Total RAM: 2039 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:39:01, on 14.6.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Opera\opera.exe
C:\windows\explorer.exe
C:\DATA\Software\RSIT\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 http://www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 http://www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.186.119.129 http://www.google.com
O1 - Hosts: 93.186.119.129 google.com
O1 - Hosts: 93.186.119.129 google.com.au
O1 - Hosts: 93.186.119.129 http://www.google.com.au
O1 - Hosts: 93.186.119.129 google.be
O1 - Hosts: 93.186.119.129 http://www.google.be
O1 - Hosts: 93.186.119.129 google.com.br
O1 - Hosts: 93.186.119.129 http://www.google.com.br
O1 - Hosts: 93.186.119.129 google.ca
O1 - Hosts: 93.186.119.129 http://www.google.ca
O1 - Hosts: 93.186.119.129 google.ch
O1 - Hosts: 93.186.119.129 http://www.google.ch
O1 - Hosts: 93.186.119.129 google.de
O1 - Hosts: 93.186.119.129 http://www.google.de
O1 - Hosts: 93.186.119.129 google.dk
O1 - Hosts: 93.186.119.129 http://www.google.dk
O1 - Hosts: 93.186.119.129 google.fr
O1 - Hosts: 93.186.119.129 http://www.google.fr
O1 - Hosts: 93.186.119.129 google.ie
O1 - Hosts: 93.186.119.129 http://www.google.ie
O1 - Hosts: 93.186.119.129 google.it
O1 - Hosts: 93.186.119.129 http://www.google.it
O1 - Hosts: 93.186.119.129 google.co.jp
O1 - Hosts: 93.186.119.129 http://www.google.co.jp
O1 - Hosts: 93.186.119.129 google.nl
O1 - Hosts: 93.186.119.129 http://www.google.nl
O1 - Hosts: 93.186.119.129 google.no
O1 - Hosts: 93.186.119.129 http://www.google.no
O1 - Hosts: 93.186.119.129 google.co.nz
O1 - Hosts: 93.186.119.129 http://www.google.co.nz
O1 - Hosts: 93.186.119.129 google.pl
O1 - Hosts: 93.186.119.129 http://www.google.pl
O1 - Hosts: 93.186.119.129 google.se
O1 - Hosts: 93.186.119.129 http://www.google.se
O1 - Hosts: 93.186.119.129 google.co.uk
O1 - Hosts: 93.186.119.129 http://www.google.co.uk
O1 - Hosts: 93.186.119.129 google.co.za
O1 - Hosts: 93.186.119.129 http://www.google.co.za
O1 - Hosts: 93.186.119.129 http://www.google-analytics.com
O1 - Hosts: 93.186.119.129 http://www.bing.com
O1 - Hosts: 93.186.119.129 search.yahoo.com
O1 - Hosts: 93.186.119.129 http://www.search.yahoo.com
O1 - Hosts: 93.186.119.129 uk.search.yahoo.com
O1 - Hosts: 93.186.119.129 ca.search.yahoo.com
O1 - Hosts: 93.186.119.129 de.search.yahoo.com
O1 - Hosts: 93.186.119.129 fr.search.yahoo.com
O1 - Hosts: 93.186.119.129 au.search.yahoo.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Petr\AppData\LocalLow\Microńoft\redir.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10617 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-639937764-302752242-906954887-1001Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-639937764-302752242-906954887-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2010-02-11 185856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-13 278128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-13 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-13 278128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-30 1545512]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-29 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-09-11 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=2
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"NoFolderOptions"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-14 23:32:19 ----D---- C:\Program Files\trend micro
2010-06-14 23:32:17 ----D---- C:\rsit
2010-06-13 22:00:54 ----D---- C:\Users\Petr\AppData\Roaming\Roxio
2010-06-13 21:56:14 ----D---- C:\ProgramData\ESET
2010-06-13 21:56:14 ----D---- C:\Program Files\ESET
2010-06-13 12:47:14 ----A---- C:\mbam-error.txt
2010-05-30 17:33:20 ----A---- C:\windows\system32\shell32.dll
2010-05-30 17:33:19 ----A---- C:\windows\system32\lsasrv.dll
2010-05-30 17:33:17 ----A---- C:\windows\system32\inetcomm.dll
2010-05-30 17:33:12 ----A---- C:\windows\system32\tzres.dll

======List of files/folders modified in the last 1 months======

2010-06-14 23:38:18 ----D---- C:\windows\Temp
2010-06-14 23:35:33 ----RD---- C:\Program Files
2010-06-14 23:35:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-06-14 23:19:23 ----D---- C:\DATA
2010-06-14 22:53:13 ----D---- C:\windows\system32\config
2010-06-14 22:42:56 ----SHD---- C:\System Volume Information
2010-06-14 22:39:08 ----D---- C:\Windows
2010-06-13 22:32:00 ----D---- C:\ProgramData\Roxio
2010-06-13 22:00:01 ----D---- C:\ProgramData\Sonic
2010-06-13 21:56:33 ----SHD---- C:\windows\Installer
2010-06-13 21:56:29 ----D---- C:\windows\system32\drivers
2010-06-13 21:56:14 ----HD---- C:\ProgramData
2010-06-13 21:49:47 ----D---- C:\windows\Minidump
2010-06-13 21:44:35 ----D---- C:\windows\Prefetch
2010-06-13 21:24:19 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-13 21:22:28 ----D---- C:\Program Files\CCleaner
2010-06-13 21:10:30 ----SD---- C:\ProgramData\Microsoft
2010-06-13 14:33:18 ----D---- C:\windows\debug
2010-06-13 13:14:19 ----D---- C:\Users\Petr\AppData\Roaming\ICQ
2010-06-13 12:58:48 ----D---- C:\windows\System32
2010-06-13 12:58:48 ----D---- C:\windows\inf
2010-06-13 12:58:48 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-06-13 12:49:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-13 10:07:27 ----D---- C:\windows\system32\catroot2
2010-06-12 00:56:42 ----D---- C:\ProgramData\PDFC
2010-06-12 00:25:14 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2010-06-09 21:00:12 ----D---- C:\windows\winsxs
2010-06-09 16:46:56 ----D---- C:\Program Files\Internet Explorer
2010-06-06 11:16:00 ----D---- C:\Program Files\Windows Mail
2010-06-06 11:15:51 ----D---- C:\windows\system32\cs-CZ
2010-06-06 00:13:46 ----D---- C:\Users\Petr\AppData\Roaming\DivX
2010-05-30 17:33:58 ----D---- C:\windows\system32\catroot
2010-05-29 23:31:35 ----D---- C:\windows\Help
2010-05-28 12:37:11 ----D---- C:\windows\Tasks
2010-05-28 12:37:11 ----D---- C:\windows\system32\Tasks
2010-05-21 14:14:28 ----N---- C:\windows\system32\MpSigStub.exe

ano, ve 3/4 scanovani to zahlasilo Line 2563...Error: Variable used without being declared.
Nic jineho jsem spuštěné neměl...
Jdu na gmer, moment

GMER log:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-15 00:31:42
Windows 6.1.7600
Running: 3nvcrhdh.exe; Driver: C:\Users\Petr\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E152D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E14898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A45579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A69F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9A61AC9D 28 Bytes [1E, B1, 4F, 80, 40, 82, A1, ...]
.text peauth.sys 9A61ACC1 28 Bytes [1E, B1, 4F, 80, 40, 82, A1, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\svchost.exe[964] ntdll.dll!NtProtectVirtualMemory 77125360 3 Bytes JMP 0013000A
.text C:\windows\system32\svchost.exe[964] ntdll.dll!NtProtectVirtualMemory + 4 77125364 1 Byte [89]
.text C:\windows\system32\svchost.exe[964] ntdll.dll!NtWriteVirtualMemory 77125EE0 5 Bytes JMP 0014000A
.text C:\windows\system32\svchost.exe[964] ntdll.dll!KiUserExceptionDispatcher 77126448 5 Bytes JMP 0012000A
.text C:\windows\system32\svchost.exe[964] ole32.dll!CoCreateInstance 75A557FC 5 Bytes JMP 004C000A
.text C:\windows\system32\svchost.exe[964] USER32.dll!GetCursorPos 7581C198 5 Bytes JMP 00CF000A
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1724] kernel32.dll!SetUnhandledExceptionFilter 76F03142 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2380] ntdll.dll!NtProtectVirtualMemory 77125360 5 Bytes JMP 004B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2380] ntdll.dll!NtWriteVirtualMemory 77125EE0 5 Bytes JMP 004C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2380] ntdll.dll!KiUserExceptionDispatcher 77126448 5 Bytes JMP 0049000A
.text C:\windows\Explorer.EXE[2776] ntdll.dll!NtProtectVirtualMemory 77125360 5 Bytes JMP 0028000A
.text C:\windows\Explorer.EXE[2776] ntdll.dll!NtWriteVirtualMemory 77125EE0 5 Bytes JMP 0029000A
.text C:\windows\Explorer.EXE[2776] ntdll.dll!KiUserExceptionDispatcher 77126448 5 Bytes JMP 0027000A
.text C:\Program Files\Altap Salamander 2.5\salamand.exe[2936] kernel32.dll!SetUnhandledExceptionFilter 76F03142 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\0000006e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device -> \Driver\iaStor \Device\Harddisk0\DR0 86429856

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133dc52d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133dc52d (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\windows\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Ahoj,

omlouvám se, včera jsem se nedostal k PC, ale předevčírem v noci se mi nedařilo z OTL dostat report.
Dnes jsem pro jistotu zkusil vše znovu:
1) RSIT - nic...přikládám 2 screenshoty, na začátku to chce odstranit Hijack řádky z logu, ale žádné tam nejsou. *.exe soubor spouštím jako správce.
2) OTL...na konci napíše, že nelze uložit log
Dělám něco špatně?
xHermik

a chtěl jsi ještě mbam-error.txt log:

Došlo k chybě. Prosím, oznamte tento kód chyby našemu týmu podpory.

MBAM_ERROR_NOT_REGISTERED (0, 0)

Notebook je půl roku starý, pravidelně čištěný CCleaner-em, NOD32 stále aktivní (sice jen obnovované zkušební verze). Jsou na něm předinstalované HP aplikace, tak nevim, jestli něco neblokují, zatim to na to nikdy nevypadalo.

diky
xHermik

OTL report musim prilozit v zazipovanem souboru, protoze report ma 65000 znaku a omezeni okna je jen na 60000. A samotny TXT soubor vlozit nejde.
mam poslat jeste zazipovany Extras.txt?

Extras report v priloze

ComboFix log:

ComboFix 10-06-15.04 - Petr 16.06.2010 23:47:25.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2039.1311 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\abraka.com.exe
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\fix.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\FS.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\FW.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\grid.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\SM.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\std.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\windows\system32\detoured.dll
c:\windows\system32\st326222.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-16 do 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-16 21:54 . 2010-06-16 21:55 -------- d-----w- c:\users\Petr\AppData\Local\temp
2010-06-16 21:54 . 2010-06-16 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-16 21:43 . 2010-06-16 21:43 -------- d-----w- C:\Device
2010-06-14 21:53 . 2010-06-14 21:53 -------- d-----w- c:\users\Petr\AppData\Local\Mozilla
2010-06-14 21:32 . 2010-06-16 19:34 -------- d-----w- c:\program files\trend micro
2010-06-14 21:32 . 2010-06-14 21:32 -------- d-----w- C:\rsit
2010-06-13 20:00 . 2010-06-13 20:01 -------- d-----w- c:\users\Petr\AppData\Roaming\Roxio
2010-06-13 19:56 . 2010-06-16 15:42 -------- d-----w- c:\program files\ESET
2010-06-06 15:26 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-30 15:33 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-05-30 15:33 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-30 15:33 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-30 15:33 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 21:50 . 2009-09-10 09:00 625914 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 21:50 . 2009-09-10 09:00 120000 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 21:39 . 2009-12-25 11:19 -------- d-----w- c:\users\Petr\AppData\Roaming\ICQ
2010-06-16 15:44 . 2009-12-26 14:54 -------- d-----w- c:\program files\ICQ6.5
2010-06-14 22:59 . 2010-03-09 14:30 -------- d-----w- c:\program files\Get Styles
2010-06-14 21:35 . 2010-04-16 17:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-13 20:32 . 2009-09-10 08:48 -------- d-----w- c:\programdata\Roxio
2010-06-13 20:00 . 2009-09-10 08:47 -------- d-----w- c:\programdata\Sonic
2010-06-13 19:24 . 2010-01-10 13:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-13 19:22 . 2009-12-24 22:23 -------- d-----w- c:\program files\CCleaner
2010-06-13 10:49 . 2010-03-12 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 22:56 . 2009-09-10 08:33 -------- d-----w- c:\programdata\PDFC
2010-06-06 09:16 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-05 22:13 . 2010-01-26 16:32 -------- d-----w- c:\users\Petr\AppData\Roaming\DivX
2010-06-01 14:14 . 2010-06-12 07:52 20536 ----a-w- c:\windows\Help\OEM\Scripts\HPSA_LINK_REDIRECTOR.exe
2010-05-29 21:42 . 2010-05-29 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-26 13:15 . 2010-05-29 21:31 20024 ----a-w- c:\windows\Help\OEM\Scripts\HPSA_BUY_BATTERY.exe
2010-05-21 12:14 . 2009-12-25 00:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 13:39 . 2010-03-12 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-12 19:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 17:09 . 2010-05-29 21:31 1230088 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpgrade.exe
2010-04-14 15:49 . 2010-05-29 21:31 17160 ----a-w- c:\windows\Help\OEM\Scripts\HC_HibernateEnable.exe
2010-04-14 15:44 . 2010-05-29 21:31 17672 ----a-w- c:\windows\Help\OEM\Scripts\HC_GuestEnabled.exe
2010-04-14 15:32 . 2010-05-29 21:31 18696 ----a-w- c:\windows\Help\OEM\Scripts\HC_HPHCImprove.exe
2010-04-14 15:20 . 2010-05-29 21:31 18184 ----a-w- c:\windows\Help\OEM\Scripts\HC_SREnable.exe
2010-04-13 13:46 . 2010-05-29 21:31 58632 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-04-12 22:33 . 2009-12-24 16:53 123808 ----a-w- c:\users\Petr\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-08 10:04 . 2010-05-29 21:31 17672 ----a-w- c:\windows\Help\OEM\Scripts\HC_WindowsUpdateCheck.exe
2010-04-04 16:59 . 2010-04-04 15:42 533699717 ----a-w- c:\program files\Metin2_CZ_20090526.exe
2010-04-04 15:42 . 2010-04-04 15:42 339609 ----a-w- c:\program files\Downloader_Metin2_cz.exe
2010-04-04 08:52 . 2010-04-04 08:51 16173943 ----a-w- c:\program files\ChromePlus1.3.5.0.exe
2010-04-01 21:38 . 2010-04-01 21:38 26603551 ----a-w- c:\program files\paintball2_build029_full.exe
2010-04-01 12:44 . 2010-05-29 21:31 49152 ----a-w- c:\windows\Help\OEM\Scripts\Interop.TaskScheduler.dll
2010-04-01 12:43 . 2010-05-29 21:31 23816 ----a-w- c:\windows\Help\OEM\Scripts\HPSAScript.exe
2010-04-01 12:43 . 2010-05-29 21:31 130312 ----a-w- c:\windows\Help\OEM\Scripts\HPSAMessageBox.exe
2010-04-01 12:43 . 2010-05-29 21:31 20224 ----a-w- c:\windows\Help\OEM\Scripts\HC_checkMUI.dll
2010-04-01 12:43 . 2010-05-29 21:31 17672 ----a-w- c:\windows\Help\OEM\Scripts\HPSA_NoDisplay.exe
2010-03-30 17:32 . 2010-03-30 17:32 64 ----a-w- c:\windows\system32\694F.bat
2010-03-30 11:01 . 2010-03-30 11:01 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-30 11:01 . 2010-03-30 11:01 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-29 15:13 . 2010-03-29 15:13 96896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-03-29 15:12 . 2010-03-29 15:12 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-29 15:07 . 2010-03-29 15:07 134024 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-03-29 14:58 . 2010-05-29 21:31 18184 ----a-w- c:\windows\Help\OEM\Scripts\HC_Launch.exe
2010-01-10 13:28 . 2010-01-10 13:27 4938616 ----a-w- c:\program files\Silverlight.exe
2009-12-31 12:28 . 2009-12-31 12:28 2020136 ----a-w- c:\program files\SkypeSetup.exe
2009-12-25 23:00 . 2009-12-25 23:00 1924200 ----a-w- c:\program files\install_flash_player.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408]
"Google Update"="c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-30 717296]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-06-04 4231680]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-29 114984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-29 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-29 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-29 96896]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:04]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 12:04]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639937764-302752242-906954887-1001Core.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-04 18:15]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639937764-302752242-906954887-1001UA.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-04 18:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\a934r6gd.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Petr\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-LSI Soft Modem - c:\windows\agrsmdel



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82A3D000]<< >>UNKNOWN [0x8932C000]<< >>UNKNOWN [0x89DE3000]<< >>UNKNOWN [0x89508000]<< >>UNKNOWN [0x82A06000]<< >>UNKNOWN [0x972F0000]<< >>UNKNOWN [0x82AA7914]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1564)
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Altap Salamander 2.5\salamand.exe
.
**************************************************************************
.
Celkový čas: 2010-06-16 23:58:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-16 21:58

Před spuštěním: Volných bajtů: 270 505 873 408
Po spuštění: Volných bajtů: 270 167 035 904

- - End Of File - - DD927705420E2782ED21CA9D0EC94FC0

- otestovany soubor iaStor.sys nize
- v priloze screenshot z NODu, predtim hlasil Win32/Olmarik v operacni pameti a ted vypada ze smazal Win32/Olmarik.SJ...to je ten samy a nebo je tam jeste jiny trojan?

JA budu na PC az pozde vecer.
Diky moc


Soubor iaStor.sys přijatý 2010.06.16 22:19:59 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 2.
Odhadovaný čas začátku mezi 50 a 71 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.26 2010.06.16 -
AhnLab-V3 2010.06.16.07 2010.06.16 -
AntiVir 8.2.2.6 2010.06.16 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.16 -
Avast 4.8.1351.0 2010.06.16 -
Avast5 5.0.332.0 2010.06.16 -
AVG 9.0.0.787 2010.06.16 -
BitDefender 7.2 2010.06.16 -
CAT-QuickHeal 10.00 2010.06.16 -
ClamAV 0.96.0.3-git 2010.06.16 -
Comodo 5124 2010.06.16 -
DrWeb 5.0.2.03300 2010.06.16 -
eSafe 7.0.17.0 2010.06.16 -
eTrust-Vet 36.1.7638 2010.06.16 -
F-Prot 4.6.0.103 2010.06.16 -
F-Secure 9.0.15370.0 2010.06.16 -
Fortinet 4.1.133.0 2010.06.16 -
GData 21 2010.06.16 -
Ikarus T3.1.1.84.0 2010.06.16 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.16 -
McAfee 5.400.0.1158 2010.06.17 -
McAfee-GW-Edition 2010.1 2010.06.16 -
Microsoft 1.5802 2010.06.16 -
NOD32 5202 2010.06.16 -
Norman 6.04.12 2010.06.16 -
nProtect 2010-06-16.01 2010.06.16 -
Panda 10.0.2.7 2010.06.16 -
PCTools 7.0.3.5 2010.06.16 -
Prevx 3.0 2010.06.17 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.16 -
Sunbelt 6456 2010.06.16 -
Symantec 20101.1.0.89 2010.06.16 -
TheHacker 6.5.2.0.299 2010.06.15 -
TrendMicro 9.120.0.1004 2010.06.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.17 -
VBA32 3.12.12.5 2010.06.16 -
ViRobot 2010.6.14.3884 2010.06.16 -
VirusBuster 5.0.27.0 2010.06.16 -
Rozšiřující informace
File size: 330264 bytes
MD5...: d483687eace0c065ee772481a96e05f5
SHA1..: 97cf5a57cf4653d28dd39e37c38a3d7caf2515e3
SHA256: a22200e90c78dfe73fe0fbeed5331ab43cd7133651fd125595c4db604ad71b29
ssdeep: 6144:0eEd3/ojyCpIf3vzTP9p0gIuZHRQcckOJSo/GT7x506/guBomb:S3/b57TP
RIEinkOzeTz06Ikomb
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd5005
timedatestamp.....: 0x4a287809 (Fri Jun 05 01:42:33 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x49352 0x49400 6.49 0ab5138f6e755df37b91122737e109f6
.rdata 0x4b000 0xc2c 0xe00 5.23 30538f61b97658a9fc8c841cf09d5974
.data 0x4c000 0x88b68 0x1000 4.82 7757b10f6f756f78fe2b6436ed5c80bf
INIT 0xd5000 0xeaa 0x1000 5.39 6abf13895504fcef58c69e7607a6655a
.rsrc 0xd6000 0x458 0x600 2.60 f25f403330fd8946fc0dca65e705eb6f
.reloc 0xd7000 0x2322 0x2400 5.50 ca39337b810d646ae5fada54fb9c3e38

( 2 imports )
> ntoskrnl.exe: ZwOpenKey, DbgPrint, _allmul, IofCompleteRequest, KeSetEvent, PoSetPowerState, _aullshr, MmIsAddressValid, KeWaitForSingleObject, IoFreeWorkItem, IoUnregisterPlugPlayNotification, ObfDereferenceObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, memcpy, IoGetDeviceObjectPointer, IoQueueWorkItem, IoAllocateWorkItem, IoRegisterPlugPlayNotification, KeClearEvent, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, ObReferenceObjectByHandle, KeQueryTimeIncrement, KeTickCount, _aulldiv, KeDelayExecutionThread, MmGetPhysicalAddress, KeCancelTimer, KeSetTimerEx, KeInitializeTimerEx, KeSetTimer, KeInitializeDpc, KeInitializeTimer, memmove, strncpy, strncmp, _purecall, sprintf, InterlockedPopEntrySList, InterlockedPushEntrySList, RtlCompareMemory, KeBugCheckEx, IoInvalidateDeviceRelations, RtlWriteRegistryValue, RtlDeleteRegistryValue, IoOpenDeviceRegistryKey, ExSystemTimeToLocalTime, KeQuerySystemTime, MmUnmapIoSpace, MmMapIoSpace, ZwCreateKey, swprintf, KeLeaveCriticalRegion, KeEnterCriticalRegion, MmMapLockedPagesSpecifyCache, ExDeleteNPagedLookasideList, KeBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeSetPriorityThread, ZwQueryValueKey, ExInitializeNPagedLookasideList, _aullrem, _aulldvrm, PoRequestPowerIrp, PoStartNextPowerIrp, PoCallDriver, IoReleaseRemoveLockEx, IoAcquireRemoveLockEx, IoFreeIrp, IoGetLowerDeviceObject, IoGetAttachedDeviceReference, IoAllocateIrp, strstr, RtlGetVersion, _alldiv, IoDeleteSymbolicLink, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCsqInitialize, IoInitializeRemoveLockEx, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, IoRegisterDeviceInterface, IoDeleteDevice, IoDetachDevice, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, ExRegisterCallback, ExCreateCallback, IoConnectInterrupt, IoReportResourceForDetection, ExUnregisterCallback, IoDisconnectInterrupt, IoReleaseRemoveLockAndWaitEx, IoGetConfigurationInformation, IoSetDeviceInterfaceState, KeRemoveQueueDpc, IoCsqInsertIrp, IoCsqRemoveNextIrp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, strncat, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ObfReferenceObject, PoRegisterDeviceForIdleDetection, IoInvalidateDeviceState, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeInsertQueueDpc, IoGetDmaAdapter, RtlFreeUnicodeString, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoRequestDeviceEject, RtlCreateRegistryKey, RtlCopyUnicodeString, RtlUnwind, ZwClose, memset, RtlInitUnicodeString, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, PsCreateSystemThread, ExFreePoolWithTag
> HAL.dll: KeAcquireInStackQueuedSpinLock, KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql, KeStallExecutionProcessor, KeReleaseInStackQueuedSpinLock

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Intel Corporation
copyright....: Copyright(C) Intel Corporation 1994-2009
product......: Intel Matrix Storage Manager driver
description..: Intel Matrix Storage Manager driver - ia32
original name: iaStor.sys
internal name: iaStor.sys
file version.: 8.9.0.1023
comments.....: -ia32
signers......: Intel Corporation
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 3:43 AM 6/5/2009
verified.....: -

novy scan gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-18 13:48:35
Windows 6.1.7600
Running: 3nvcrhdh.exe; Driver: C:\Users\Petr\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E162D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E15898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A46599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A6AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys AC364C9D 28 Bytes [D5, 7B, 48, 8E, 5C, BA, D1, ...]
.text peauth.sys AC364CC1 28 Bytes [D5, 7B, 48, 8E, 5C, BA, D1, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 BDA46000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 BDA46123 629 Bytes [15, A4, BD, FE, 05, 34, 15, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 BDA46399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F BDA463FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B BDA464AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1716] kernel32.dll!SetUnhandledExceptionFilter 76EB3142 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Altap Salamander 2.5\salamand.exe[2400] kernel32.dll!SetUnhandledExceptionFilter 76EB3142 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\ACPI_HAL \Device\0000006f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133dc52d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133dc52d (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@OfflineDetectionPending 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D3E63D7-5A71-4F16-81AC-87692590084D}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3E63D7-5A71-4F16-81AC-87692590084D}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3E63D7-5A71-4F16-81AC-87692590084D}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3E63D7-5A71-4F16-81AC-87692590084D}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3E63D7-5A71-4F16-81AC-87692590084D}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {4D3E63D7-5A71-4F16-81AC-87692590084D}

---- EOF - GMER 1.0.15 ----

Dobrý večer,
zaskočím za kolegu.

Dejte nový log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

Dobry vecer,

novy RSIT log.
diky

Logfile of random's system information tool 1.07 (written by random/random)
Run by Petr at 2010-06-20 23:22:28
Microsoft Windows 7 Home Premium Service Pack 3
System drive C: has 259 GB (89%) free of 290 GB
Total RAM: 2039 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:22:35, on 20.6.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Altap Salamander 2.5\salamand.exe
C:\Users\Petr\Desktop\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7687 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-639937764-302752242-906954887-1001Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-639937764-302752242-906954887-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-13 278128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-13 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-13 278128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-30 1545512]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-29 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-25 39408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe [2009-10-28 257440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=2
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-06-19 10:17:24 ----D---- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-06-17 00:47:55 ----A---- C:\windows\system32\asycfilt.dll
2010-06-17 00:47:50 ----A---- C:\windows\system32\mshtml.dll
2010-06-17 00:47:46 ----A---- C:\windows\system32\mstime.dll
2010-06-17 00:47:46 ----A---- C:\windows\system32\ieframe.dll
2010-06-17 00:47:45 ----A---- C:\windows\system32\urlmon.dll
2010-06-17 00:47:45 ----A---- C:\windows\system32\iedkcs32.dll
2010-06-17 00:47:44 ----A---- C:\windows\system32\wininet.dll
2010-06-17 00:47:44 ----A---- C:\windows\system32\msfeedsbs.dll
2010-06-17 00:47:44 ----A---- C:\windows\system32\jsproxy.dll
2010-06-17 00:47:41 ----A---- C:\windows\system32\atmlib.dll
2010-06-17 00:47:41 ----A---- C:\windows\system32\atmfd.dll
2010-06-17 00:43:54 ----D---- C:\windows\system32\Wat
2010-06-16 23:58:22 ----A---- C:\ComboFix.txt
2010-06-16 23:55:29 ----D---- C:\$RECYCLE.BIN
2010-06-16 23:54:00 ----D---- C:\windows\temp
2010-06-16 23:43:03 ----D---- C:\Device
2010-06-16 23:36:15 ----A---- C:\windows\SWXCACLS.exe
2010-06-14 23:53:05 ----D---- C:\Users\Petr\AppData\Roaming\Mozilla
2010-06-14 23:52:58 ----D---- C:\Program Files\Mozilla Firefox
2010-06-14 23:32:19 ----D---- C:\Program Files\trend micro
2010-06-14 23:32:17 ----D---- C:\rsit
2010-06-13 22:00:54 ----D---- C:\Users\Petr\AppData\Roaming\Roxio
2010-06-13 21:56:14 ----D---- C:\ProgramData\ESET
2010-06-13 21:56:14 ----D---- C:\Program Files\ESET
2010-06-13 12:47:14 ----A---- C:\mbam-error.txt
2010-05-30 17:33:20 ----A---- C:\windows\system32\shell32.dll
2010-05-30 17:33:19 ----A---- C:\windows\system32\lsasrv.dll
2010-05-30 17:33:17 ----A---- C:\windows\system32\inetcomm.dll
2010-05-30 17:33:12 ----A---- C:\windows\system32\tzres.dll

======List of files/folders modified in the last 1 months======

2010-06-20 12:51:52 ----D---- C:\windows\System32
2010-06-20 12:51:51 ----D---- C:\windows\inf
2010-06-20 12:51:51 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-06-20 10:46:34 ----D---- C:\windows\system32\config
2010-06-20 10:31:12 ----D---- C:\windows\Tasks
2010-06-20 10:31:12 ----D---- C:\windows\system32\Tasks
2010-06-19 21:41:25 ----D---- C:\Users\Petr\AppData\Roaming\ICQ
2010-06-19 10:21:11 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-19 10:21:04 ----SHD---- C:\windows\Installer
2010-06-19 10:21:04 ----D---- C:\ProgramData\Hewlett-Packard
2010-06-19 10:21:03 ----D---- C:\Program Files\Hewlett-Packard
2010-06-19 10:20:52 ----D---- C:\windows\Help
2010-06-19 10:20:45 ----D---- C:\windows\winsxs
2010-06-19 10:20:15 ----SHD---- C:\System Volume Information
2010-06-19 10:18:21 ----RSD---- C:\windows\assembly
2010-06-19 10:17:24 ----D---- C:\ProgramData
2010-06-19 10:16:27 ----D---- C:\swsetup
2010-06-19 10:10:51 ----D---- C:\windows\Microsoft.NET
2010-06-19 00:53:11 ----D---- C:\Users\Petr\AppData\Roaming\Skype
2010-06-19 00:30:10 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2010-06-19 00:28:42 ----D---- C:\ProgramData\PDFC
2010-06-19 00:04:04 ----D---- C:\Users\Petr\AppData\Roaming\skypePM
2010-06-18 13:35:36 ----D---- C:\windows\system32\migration
2010-06-18 13:35:36 ----D---- C:\Program Files\Internet Explorer
2010-06-17 00:59:00 ----A---- C:\windows\win.ini
2010-06-17 00:58:27 ----D---- C:\windows\system32\catroot
2010-06-17 00:56:32 ----D---- C:\windows\debug
2010-06-17 00:50:46 ----D---- C:\Windows
2010-06-17 00:49:29 ----D---- C:\windows\system32\DriverStore
2010-06-17 00:49:28 ----D---- C:\windows\system32\drivers
2010-06-17 00:47:07 ----D---- C:\windows\system32\catroot2
2010-06-16 23:58:25 ----D---- C:\Qoobox
2010-06-16 23:57:34 ----D---- C:\windows\ERDNT
2010-06-16 23:55:34 ----A---- C:\windows\system.ini
2010-06-16 23:51:06 ----D---- C:\windows\AppPatch
2010-06-16 23:51:05 ----D---- C:\Program Files\Common Files
2010-06-16 17:44:03 ----D---- C:\Program Files\ICQ6.5
2010-06-15 00:59:35 ----D---- C:\Program Files\Get Styles
2010-06-14 23:52:58 ----RD---- C:\Program Files
2010-06-14 23:35:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-06-14 23:19:23 ----D---- C:\DATA
2010-06-13 22:32:00 ----D---- C:\ProgramData\Roxio
2010-06-13 22:00:01 ----D---- C:\ProgramData\Sonic
2010-06-13 21:49:47 ----D---- C:\windows\Minidump
2010-06-13 21:44:35 ----D---- C:\windows\Prefetch
2010-06-13 21:24:19 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-13 21:22:28 ----D---- C:\Program Files\CCleaner
2010-06-13 21:10:30 ----SD---- C:\ProgramData\Microsoft
2010-06-13 12:49:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-06 11:16:00 ----D---- C:\Program Files\Windows Mail
2010-06-06 11:15:51 ----D---- C:\windows\system32\cs-CZ
2010-06-06 00:13:46 ----D---- C:\Users\Petr\AppData\Roaming\DivX
2010-05-28 21:37:34 ----A---- C:\windows\system32\MRT.exe
2010-05-21 14:14:28 ----N---- C:\windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 blbdrive;blbdrive; C:\windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-03-29 114984]
R1 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2009-05-16 214024]
R1 mfetdik;McAfee Inc. mfetdik; C:\windows\system32\drivers\mfetdik.sys [2009-05-16 55336]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-03-29 134024]
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-29 96896]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; C:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-07-27 1161664]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
R3 CompositeBus;Composite Bus Enumerator Driver; C:\windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
R3 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\windows\system32\DRIVERS\mrxsmb10.sys [2010-02-27 221696]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\windows\system32\DRIVERS\mrxsmb20.sys [2010-02-27 95744]
R3 NativeWifiP;NativeWiFi Filter; C:\windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit; C:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2009-07-02 1765168]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; C:\windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt.sys [2009-07-14 408576]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-30 213680]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\windows\system32\DRIVERS\umbus.sys [2009-07-14 39936]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2009-07-14 41472]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\windows\system32\DRIVERS\usbhub.sys [2009-07-14 258560]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064]
R3 vwifibus;Ovladač sběrnice Virtual WiFi; C:\windows\system32\DRIVERS\vwifibus.sys [2009-07-14 19968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
S3 1394ohci;1394 OHCI Compliant Host Controller; C:\windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
S3 AcpiPmi;ACPI Power Meter Driver; C:\windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 agp440;Intel AGP Bus Filter; C:\windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AmdK8;AMD K8 Processor Driver; C:\windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
S3 AmdPPM;AMD Processor Driver; C:\windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-14 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-14 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-14 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\windows\System32\Drivers\BrSerWdm.sys [2009-07-14 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-14 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\windows\System32\Drivers\BrUsbSer.sys [2009-07-14 11904]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 catchme;catchme; \??\C:\Users\Petr\AppData\Local\Temp\catchme.sys []
S3 circlass;Consumer IR Devices; C:\windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\windows\system32\DRIVERS\evbdx.sys [2009-07-14 3100160]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; C:\windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\windows\system32\drivers\hcw85cir.sys [2009-07-14 26624]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
S3 HidBatt;HID UPS Battery Driver; C:\windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
S3 IPMIDRV;IPMIDRV; C:\windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 iScsiPrt;iScsiPort Driver; C:\windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\windows\system32\drivers\MfeAVFK.sys [2009-05-16 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\windows\system32\drivers\MfeBOPK.sys [2009-05-16 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\windows\system32\drivers\MfeRKDK.sys [2009-05-16 34248]
S3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; C:\windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-06-04 4231680]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 sermouse;Serial Mouse Driver; C:\windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;Ovladač protokolu úložiště SFF pro konzolu MMC; C:\windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\windows\system32\DRIVERS\sffp_sd.sys [2009-10-10 12800]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\windows\system32\DRIVERS\tcpip.sys [2009-07-14 1285712]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; C:\windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; C:\windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2009-07-14 20480]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
S3 usbvideo;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2009-07-14 146176]
S3 vga;vga; C:\windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; C:\windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 WIMMount;WIMMount; C:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 crcdisk;Crcdisk Filter Driver; C:\windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-07-27 14336]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 582944]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-29 810120]
R2 gpsvc;@gpapi.dll,-112; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-03-24 121344]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-17 354840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [2009-07-14 221266]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\windows\system32\SearchIndexer.exe [2009-07-14 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
R3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 20992]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-05-01 229944]
R3 KeyIso;@keyiso.dll,-100; C:\windows\system32\lsass.exe [2009-07-14 22528]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\windows\System32\svchost.exe [2009-07-14 20992]
R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\windows\System32\svchost.exe [2009-07-14 20992]
R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\windows\system32\svchost.exe [2009-07-14 20992]
R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\windows\System32\svchost.exe [2009-07-14 20992]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\windows\system32\sppsvc.exe [2009-07-14 3179520]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\windows\System32\lsass.exe [2009-07-14 22528]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\windows\ehome\ehRecvr.exe [2009-07-14 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\windows\ehome\ehsched.exe [2009-07-14 94720]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-29 33560]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\windows\system32\fxssvc.exe [2009-07-14 522752]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-25 182768]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\windows\System32\snmptrap.exe [2009-07-14 12800]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\windows\system32\lsass.exe [2009-07-14 22528]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\windows\System32\vds.exe [2009-07-14 452608]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1343400]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\windows\system32\wbengine.exe [2009-07-14 1202688]
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\windows\system32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]

-----------------EOF-----------------

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter



Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

• Spusťte.
• Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523


Jak se chová PC