VIRY.CZ

zdravim, davam preventivne log, mam pocit ze mi hrabe disk vic nez by mel a pritom nevim o nicem co k nemu pristupuje (pravda, pred chvili sem vypnul automatickou kontrolu windows defendera, ale to nevysvetlluje "hrabani" celej zbytek dne)
//btw bez externi utility asi nezjistim ktery z disku to je, co?

mrknete na to nekdo jak budete mit cas, diky predem

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ghormoon at 2010-07-15 08:12:41
Microsoft Windows 7 Enterprise
System drive C: has 17 GB (31%) free of 55 GB
Total RAM: 4094 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:12:54, on 15.7.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
X:\Trillian\trillian.exe
C:\Program Files\trend micro\Ghormoon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "X:\Games\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: OfficeSAS.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9867 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-771805c3-059a-4d80-9b70-ae3bb1d1d836 -SystemEventPortName:HostProcess-7dd95aca-83b7-426f-9d65-62f85358e2b8 -IoCancelEventPortName:HostProcess-ee405220-c399-4e17-bd81-69dc077aaeda -NonStateChangingEventPortName:HostProcess-749cc0b5-40b7-4ad0-aedd-2218583e0d76 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8a2fc076-f946-46dd-ae26-599272910ee2
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fe77ddab-08b8-485b-ae57-5355605e8b22 -SystemEventPortName:HostProcess-c6ee698e-fda2-417a-adb1-ba5d2fb08856 -IoCancelEventPortName:HostProcess-35916243-c86b-4a97-a616-004d743ab733 -NonStateChangingEventPortName:HostProcess-972fdb84-bd9a-4c5c-b261-0197a9929947 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d5ca74d2-d53e-4b1b-b855-7d76d41eea42
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\system32\svchost.exe -k bthaudiosvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
C:\Windows\System32\tcpsvcs.exe
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1484
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Program Files\Windows Media Player\WMPSideShowGadget.exe"
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /SkipFUE /RemoteOCXLaunch
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe"
"C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
"C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Process Lasso\ProcessLasso.exe"
"C:\Program Files\Process Lasso\ProcessGovernor.exe"
"C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe"
"C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe"
"C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Logitech\SetPoint\SetPoint.exe"
"C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe"
"C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
KHALMNPR.EXE /API
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\mobsync.exe -Embedding
"X:\Trillian\trillian.exe" /user ghormoon
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Ghormoon\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2009-11-03 683392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-26 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-25 403832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2009-11-03 556432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-24 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"Launch LgDeviceAgent"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2010-02-18 415816]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2010-02-18 2093128]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2010-02-18 4271688]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 130576]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2837768]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-01-19 9996320]
"ProcessLassoManagementConsole"=C:\Program Files\Process Lasso\processlasso.exe [2010-06-14 587280]
"ProcessGovernor"=C:\Program Files\Process Lasso\processgovernor.exe [2010-06-14 307728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Steam"=X:\Games\Steam\Steam.exe [2010-06-04 1238352]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-01-14 37888]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2009-09-26 83312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
OfficeSAS.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe

C:\Users\Ghormoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 76816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 275360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-15 08:12:41 ----D---- C:\rsit
2010-07-15 08:12:41 ----D---- C:\Program Files\trend micro
2010-07-14 06:51:15 ----A---- C:\Windows\IsUninst.exe
2010-07-14 06:24:39 ----A---- C:\Windows\system32\cdd.dll
2010-07-14 00:26:59 ----D---- C:\Windows\system32\RightClickFiles
2010-07-13 22:45:57 ----D---- C:\Program Files (x86)\Room Arranger
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\zh-TW
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\zh-CN
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\tr-TR
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\th-TH
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\sv-SE
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\ru-RU
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\ro-RO
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\pt-PT
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\pt-BR
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\pl-PL
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\nl-NL
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\nb-NO
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\ko-KR
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\ja-JP
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\it-IT
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\hu-HU
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\he-IL
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\fr-FR
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\fi-FI
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\es-ES
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\el-GR
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\de-DE
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\da-DK
2010-06-27 19:21:48 ----D---- C:\Windows\system32\drivers\ar-SA
2010-06-27 19:21:48 ----D---- C:\Program Files (x86)\Windows Virtual PC
2010-06-27 18:56:01 ----A---- C:\Windows\system32\VPCWizard.exe
2010-06-27 18:56:01 ----A---- C:\Windows\system32\vpc.exe
2010-06-27 18:56:01 ----A---- C:\Windows\system32\VMWindow.exe
2010-06-27 18:56:01 ----A---- C:\Windows\system32\drivers\vpcvmm.sys
2010-06-27 18:53:20 ----A---- C:\Windows\system32\vpchbuspipe.dll
2010-06-27 18:53:15 ----A---- C:\Windows\system32\drivers\vpchbus.sys
2010-06-27 18:53:15 ----A---- C:\Windows\system32\drivers\vpcusb.sys
2010-06-27 18:53:14 ----A---- C:\Windows\SYSWOW64\vmsal.exe
2010-06-27 18:53:14 ----A---- C:\Windows\system32\VPCSettings.exe
2010-06-27 18:53:14 ----A---- C:\Windows\system32\VMCPropertyHandler.dll
2010-06-27 18:53:14 ----A---- C:\Windows\system32\drivers\vpcnfltr.sys
2010-06-27 18:53:13 ----A---- C:\Windows\system32\vmsal.exe
2010-06-27 18:51:34 ----D---- C:\Program Files\Windows XP Mode
2010-06-26 23:33:02 ----D---- C:\ProgramData\NVIDIA Corporation
2010-06-26 23:27:12 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2010-06-26 23:27:12 ----A---- C:\Windows\system32\OpenCL.dll
2010-06-26 23:27:11 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2010-06-26 23:27:10 ----A---- C:\Windows\system32\nvoglv64.dll
2010-06-26 23:27:09 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2010-06-26 23:27:09 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-06-26 23:27:08 ----A---- C:\Windows\SYSWOW64\nvencodemft.dll
2010-06-26 23:27:08 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2010-06-26 23:27:08 ----A---- C:\Windows\system32\nvencodemft.dll
2010-06-26 23:27:08 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-06-26 23:27:07 ----A---- C:\Windows\system32\nvd3dumx.dll
2010-06-26 23:27:06 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2010-06-26 23:27:06 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2010-06-26 23:27:06 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2010-06-26 23:27:06 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2010-06-26 23:27:06 ----A---- C:\Windows\system32\nvcuvid.dll
2010-06-26 23:27:06 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-06-26 23:27:05 ----A---- C:\Windows\system32\nvcuda.dll
2010-06-26 23:27:01 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2010-06-26 23:27:00 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2010-06-26 23:27:00 ----A---- C:\Windows\system32\nvcompiler.dll
2010-06-26 23:27:00 ----A---- C:\Windows\system32\nvcod1920.dll
2010-06-26 23:27:00 ----A---- C:\Windows\system32\nvcod.dll
2010-06-26 23:26:56 ----D---- C:\nVidia Forceware
2010-06-23 13:57:31 ----A---- C:\Windows\system32\ntdll.dll
2010-06-23 13:57:30 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2010-06-23 13:57:15 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2010-06-23 13:57:15 ----A---- C:\Windows\system32\CPFilters.dll
2010-06-23 13:57:13 ----A---- C:\Windows\system32\msdri.dll
2010-06-21 15:32:59 ----D---- C:\Users\Ghormoon\AppData\Roaming\Mount&Blade Warband
2010-06-21 15:24:47 ----D---- C:\Users\Ghormoon\AppData\Roaming\Mount&Blade

======List of files/folders modified in the last 1 months======

2010-07-15 08:12:54 ----D---- C:\Windows\Prefetch
2010-07-15 08:12:51 ----D---- C:\Windows\Temp
2010-07-15 08:12:41 ----RD---- C:\Program Files
2010-07-15 02:53:06 ----D---- C:\Windows\system32\config
2010-07-15 00:21:45 ----D---- C:\Windows\winsxs
2010-07-15 00:20:05 ----D---- C:\Windows\System32
2010-07-14 19:26:08 ----SHD---- C:\Windows\Installer
2010-07-14 19:26:05 ----HD---- C:\Config.Msi
2010-07-14 19:26:02 ----D---- C:\ProgramData\Microsoft Help
2010-07-14 19:25:03 ----SHD---- C:\System Volume Information
2010-07-14 06:51:43 ----D---- C:\Windows
2010-07-14 06:23:35 ----D---- C:\Windows\system32\catroot
2010-07-13 23:51:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-13 23:51:57 ----D---- C:\Windows\inf
2010-07-13 22:57:17 ----A---- C:\Windows\WINCMD.INI
2010-07-13 22:56:56 ----A---- C:\Windows\wcx_ftp.ini
2010-07-13 22:49:22 ----D---- C:\Program Files (x86)\Common Files
2010-07-13 22:45:57 ----RD---- C:\Program Files (x86)
2010-07-02 22:18:43 ----A---- C:\Windows\system32\MRT.exe
2010-06-29 23:19:26 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-06-27 20:56:54 ----D---- C:\Windows\rescache
2010-06-27 19:26:24 ----D---- C:\ProgramData\NOS
2010-06-27 19:25:26 ----D---- C:\Windows\system32\drivers
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\zh-TW
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\zh-CN
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\tr-TR
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\th-TH
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\sv-SE
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\ru-RU
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\ro-RO
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\pt-PT
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\pt-BR
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\pl-PL
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\nl-NL
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\nb-NO
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\ko-KR
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\ja-JP
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\it-IT
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\hu-HU
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\he-IL
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\fr-FR
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\fi-FI
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\es-ES
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\en-US
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\el-GR
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\de-DE
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\da-DK
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-06-27 19:21:54 ----D---- C:\Windows\SYSWOW64\ar-SA
2010-06-27 19:21:54 ----D---- C:\Windows\SysWOW64
2010-06-27 19:21:54 ----D---- C:\Windows\system32\zh-TW
2010-06-27 19:21:54 ----D---- C:\Windows\system32\tr-TR
2010-06-27 19:21:54 ----D---- C:\Windows\system32\ro-RO
2010-06-27 19:21:54 ----D---- C:\Windows\system32\pt-PT
2010-06-27 19:21:54 ----D---- C:\Windows\system32\pt-BR
2010-06-27 19:21:54 ----D---- C:\Windows\system32\nl-NL
2010-06-27 19:21:54 ----D---- C:\Windows\system32\nb-NO
2010-06-27 19:21:54 ----D---- C:\Windows\system32\ja-JP
2010-06-27 19:21:54 ----D---- C:\Windows\system32\it-IT
2010-06-27 19:21:54 ----D---- C:\Windows\system32\fr-FR
2010-06-27 19:21:54 ----D---- C:\Windows\system32\fi-FI
2010-06-27 19:21:54 ----D---- C:\Windows\system32\el-GR
2010-06-27 19:21:54 ----D---- C:\Windows\system32\de-DE
2010-06-27 19:21:54 ----D---- C:\Windows\system32\cs-CZ
2010-06-27 19:21:53 ----D---- C:\Windows\system32\pl-PL
2010-06-27 19:21:53 ----D---- C:\Windows\system32\ko-KR
2010-06-27 19:21:53 ----D---- C:\Windows\system32\en-US
2010-06-27 19:21:53 ----D---- C:\Windows\system32\drivers\en-US
2010-06-27 19:21:53 ----D---- C:\Windows\system32\drivers\cs-CZ
2010-06-27 19:21:53 ----D---- C:\Windows\system32\da-DK
2010-06-27 19:21:53 ----D---- C:\Windows\system32\ar-SA
2010-06-27 19:21:49 ----D---- C:\Windows\system32\zh-CN
2010-06-27 19:21:49 ----D---- C:\Windows\system32\th-TH
2010-06-27 19:21:49 ----D---- C:\Windows\system32\sv-SE
2010-06-27 19:21:49 ----D---- C:\Windows\system32\ru-RU
2010-06-27 19:21:49 ----D---- C:\Windows\system32\hu-HU
2010-06-27 19:21:49 ----D---- C:\Windows\system32\he-IL
2010-06-27 19:21:49 ----D---- C:\Windows\system32\es-ES
2010-06-27 19:21:48 ----D---- C:\Windows\system32\DriverStore
2010-06-27 18:56:16 ----D---- C:\Windows\system32\catroot2
2010-06-26 23:34:00 ----D---- C:\ProgramData\NVIDIA
2010-06-26 23:33:02 ----HD---- C:\ProgramData
2010-06-26 23:32:31 ----D---- C:\Program Files\NVIDIA Corporation
2010-06-24 03:11:20 ----D---- C:\Windows\Microsoft.NET
2010-06-24 03:10:30 ----RSD---- C:\Windows\assembly
2010-06-24 03:02:50 ----D---- C:\Windows\AppPatch
2010-06-24 03:01:46 ----D---- C:\Windows\ehome
2010-06-16 23:06:35 ----D---- C:\Program Files\TeamSpeak 3 Client

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-24 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-02-26 139704]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-12-31 360712]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-02-26 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-02-26 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-02-26 50600]
R3 BthAudioHF;BthAudioHF Service; C:\Windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-02-26 33608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-01-19 2242720]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 55312]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 57872]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 a0js1n39;a0js1n39; C:\Windows\system32\drivers\a0js1n39.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 40448]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-02-26 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1823112]
R2 HFGService;Handsfree Headset Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-05-21 159336]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 10240]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-25 1533824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 42336]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4924336]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-29 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

Nic nebezpečného nevidím. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

První věc:
Omlouvám se rudymu že mu lezu do tématu. Nejsem rádce ani moderátor,jenom častý návštěvník a člověk,který to tu rád prochází.

A teď k věci:

Co jak "hrabe" vidíš na W7 Enterprise takhle:

V Task Manageru (CTRL + SHIFT + ESC) si zapni záložku PERFORMANCE a tam je TLAČÍTKO RESOURCE MONITOR. Pokud nemáš vypnuté UAC nebo sníženej level tak to po tobě bude chtít admin práva(přepokládám že je máš) a pak se podívej do záložky DISK - je tam podrobně rozepsaný jakej proces sahá na jakej soubor a kolik toho načítá/zapisuje.

Hulkee: presne neco takoveho sem hledal a nemohl najit, diky
to pres to chvili sleduju a vyskytujou se tam obcas zajimavosti, jako treba kdyz sem zacal stahovat MBAM tak tam chvili byl wmplayer, kterej vubec nepouzivam ... bud neco indexuje a nebo nevim ... zkusim mu to nejak zatrhnout

tak tu je log
S: je disk s XPckama, na Y: je zaloha, takze ty 4 by bezet nemely a ten treti je v PPC aplikaci, takze ten taky bezet nemuze, pochybuju ze bezi aspon na ppc, bude spis falesny poplach, ale mrknu na to.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4317

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.7.2010 01:29:13
mbam-log-2010-07-16 (01-29-13).txt

Typ skenu: Úplný sken (C:\|S:\|X:\|Y:\|Z:\|)
Skenované objekty: 693282
Uplynulý čas: 1 hodina(y), 54 minuta(y), 39 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 5

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
S:\Documents and Settings\Default User\Local Settings\temp\phrryden\Msvcrt.dll (Malware.Packer.Gen) -> No action taken.
S:\Documents and Settings\Default User\Local Settings\temp\phrryden\Shfolder.dll (Malware.Packer.Gen) -> No action taken.
X:\PPC\PocketGBA\gsgetfile.dll (Trojan.Dropper) -> No action taken.
Y:\Documents and Settings\Default User\Local Settings\temp\phrryden\Msvcrt.dll (Malware.Packer.Gen) -> No action taken.
Y:\Documents and Settings\Default User\Local Settings\temp\phrryden\Shfolder.dll (Malware.Packer.Gen) -> No action taken.

K WMplayeru - nevím jak se chová na XP - už přes tenhle systém nepoužívám a nezkoumal jsem ho tam, ale na Vistách a W7 běží služba,která se jmenuje windows media player network sharing. Její snahou sice je připojit se na síť a sdílet tvoji hudbu/video/obrázky s ostatníma - a to i když máš tohle nastavení vypnutý. Služba jako taková je vcelku neškodná, ale očas si teoreticky hrábnout na disk může.

Jinak věc, která ještě často hrabe na disk je search indexing. Pomkud máš "Čerstvej" systém, tak se Search indexing snaží zaindexovat všechny položky ve svým seznamu a vybírá si pro to chvilky, kdy je počítač relativně v klidu. Setkal jsem se i s tím, že si vzal 1Gb RAMky a začal zuřivě šrotovat disk a to jenom proto že jsem čerstvě reinstaloval systém a veškerý data mi zůstaly na druhým disku z minula (a on měl disk v indexovaných umístěních).

Ale už se pomalu dostáváme off topic, takže pardon za OT a poračovat budu až pokud všechny ostatní možnosti selžou a bude skoro jistý že v tom nemá prsty havěť.

Položky, které MBAM nalezl, smažte.

Hulkee: ten system uz mam par mesicu, takze uz snad neindexuje, ikdyz mozny je vsechno
//Edit: uz sem nasel tu sitovou sluzbu a zakazal, tak uvidime jestili mi to zas bude hrabat kdyz nema

Rudy: smazano uz predtim, bylo to v XPckach ktery uz stejne nepouzivam, takze ty uz ani fungovat nemusi

Rudy: smazano uz predtim, bylo to v XPckach ktery uz stejne nepouzivam, takze ty uz ani fungovat nemusi

Ok.