VIRY.CZ

Mam tam asi WIN32/mebroot ale vsechny zarucene navody zatim nevysly ,,

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-19 14:58:33
Windows 5.1.2600 Service Pack 3
Running: tr5ohnqq.exe; Driver: C:\DOCUME~1\ADMINI~1.002\LOCALS~1\Temp\aftyifow.sys


---- System - GMER 1.0.15 ----

SSDT spcp.sys ZwEnumerateKey [0xF74F6CA2]
SSDT spcp.sys ZwEnumerateValueKey [0xF74F7030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A1341F8
Device \FileSystem\Fastfat \Fat 89DCB500

---- EOF - GMER 1.0.15 ----




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-20 08:52:05
Windows 5.1.2600 Service Pack 3
Running: tr5ohnqq.exe; Driver: C:\DOCUME~1\ADMINI~1.002\LOCALS~1\Temp\aftyifow.sys


---- System - GMER 1.0.15 ----

SSDT spcp.sys ZwCreateKey [0xF74D90E0]
SSDT spcp.sys ZwEnumerateKey [0xF74F6CA2]
SSDT spcp.sys ZwEnumerateValueKey [0xF74F7030]
SSDT spcp.sys ZwOpenKey [0xF74D90C0]
SSDT spcp.sys ZwQueryKey [0xF74F7108]
SSDT spcp.sys ZwQueryValueKey [0xF74F6F88]
SSDT spcp.sys ZwSetValueKey [0xF74F719A]

INT 0x63 ? 89FADF00
INT 0x73 ? 8A136BF8
INT 0x73 ? 8A136BF8
INT 0x73 ? 8A136BF8
INT 0x73 ? 8A136BF8
INT 0x73 ? 89FADF00
INT 0x73 ? 8A136BF8
INT 0x83 ? 8A1A7BF8
INT 0x94 ? 89FADF00
INT 0xB4 ? 89FADF00

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwSetTimerResolution + 15768 80600C00 73 Bytes [04, 8B, 07, 3B, C3, 0F, 84, ...]
PAGE ntoskrnl.exe!ZwSetTimerResolution + 157B2 80600C4A 35 Bytes CALL 804E192E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetTimerResolution + 157D6 80600C6E 11 Bytes [15, 0C, 81, 4D, 80, E9, FD, ...]
PAGE ntoskrnl.exe!ZwSetTimerResolution + 157E3 80600C7B 23 Bytes [3B, F3, 0F, 84, 96, 4A, F7, ...]
PAGE ntoskrnl.exe!ZwSetTimerResolution + 157FB 80600C93 29 Bytes CALL 805511E4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!CcMdlRead + 53 8061BED0 36 Bytes [8D, 45, D0, 50, 8D, 45, CC, ...]
PAGE ntoskrnl.exe!CcMdlRead + 78 8061BEF5 45 Bytes CALL 804F1DA2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!CcMdlRead + A6 8061BF23 32 Bytes [C7, 05, 28, 30, 55, 80, 78, ...]
PAGE ntoskrnl.exe!CcMdlRead + C7 8061BF44 49 Bytes [00, 00, 8D, 45, E0, 50, 8D, ...]
PAGE ntoskrnl.exe!CcMdlRead + F9 8061BF76 43 Bytes [9C, 13, 4D, A8, 89, 4D, A0, ...]
PAGE ...
PAGE ntoskrnl.exe!CcMdlReadComplete + 28 8061C158 17 Bytes [75, 08, FF, D1, 84, C0, 75, ...]
PAGE ntoskrnl.exe!CcMdlReadComplete + 3A 8061C16A 156 Bytes [CC, CC, CC, CC, CC, CC, 90, ...]
PAGE ntoskrnl.exe!CmUnRegisterCallback + 3C 8061C207 5 Bytes [53, E8, D6, 09, 03]
PAGE ntoskrnl.exe!CmUnRegisterCallback + 42 8061C20D 11 Bytes [84, C0, 74, 46, 83, C8, FF, ...]
PAGE ntoskrnl.exe!CmUnRegisterCallback + 4E 8061C219 29 Bytes [F0, 0F, C1, 01, 8B, 45, FC, ...]
PAGE ntoskrnl.exe!CmUnRegisterCallback + 6C 8061C237 2 Bytes [76, 10] {JBE 0x12}
PAGE ntoskrnl.exe!CmUnRegisterCallback + 6F 8061C23A 3 Bytes CALL 805511E7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!CmRegisterCallback + 2 8061C289 21 Bytes [55, 8B, EC, 51, 53, 56, 57, ...]
PAGE ntoskrnl.exe!CmRegisterCallback + 18 8061C29F 6 Bytes [8B, F0, 33, FF, 3B, F7] {MOV ESI, EAX; XOR EDI, EDI; CMP ESI, EDI}
PAGE ntoskrnl.exe!CmRegisterCallback + 1F 8061C2A6 13 Bytes [84, CB, 00, 00, 00, 53, 6A, ...]
PAGE ntoskrnl.exe!CmRegisterCallback + 2D 8061C2B4 66 Bytes [3B, C7, 89, 46, 10, 74, 19, ...]
PAGE ntoskrnl.exe!CmRegisterCallback + 70 8061C2F7 67 Bytes [40, 04, 89, 00, 8B, 46, 10, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlMdlReadDev + 5 8061C4C2 1 Byte [52]
PAGE ntoskrnl.exe!FsRtlMdlReadDev + 5 8061C4C2 27 Bytes CALL 804E2EA1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlMdlReadDev + 21 8061C4DE 183 Bytes JMP 8061C5CA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlMdlReadDev + D9 8061C596 25 Bytes [1C, C7, 00, 11, 00, 00, C0, ...]
PAGE ntoskrnl.exe!FsRtlMdlReadDev + F3 8061C5B0 20 Bytes [80, D4, 00, 00, 00, 75, 13, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlPrepareMdlWriteDev + 30 8061C76B 22 Bytes [6A, 01, 8B, 5D, 10, 53, 8B, ...]
PAGE ntoskrnl.exe!FsRtlPrepareMdlWriteDev + 47 8061C782 51 Bytes [F6, 46, 2C, 10, 0F, 85, 99, ...]
PAGE ntoskrnl.exe!FsRtlPrepareMdlWriteDev + 7B 8061C7B6 215 Bytes [CB, 33, C0, 03, 0F, 13, 47, ...]
PAGE ntoskrnl.exe!FsRtlPrepareMdlWriteDev + 153 8061C88E 96 Bytes CALL 804DA3A1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlPrepareMdlWriteDev + 1B4 8061C8EF 37 Bytes CALL 804E842C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!FsRtlPrepareMdlWrite + 48 8061CB83 44 Bytes [40, 08, 8B, 40, 28, 85, C0, ...]
PAGE ntoskrnl.exe!FsRtlPrepareMdlWrite + 75 8061CBB0 37 Bytes [FF, 5F, 5E, 5D, C2, 18, 00, ...]
PAGE ntoskrnl.exe!FsRtlMdlWriteCompleteDev + 13 8061CBD6 74 Bytes [75, 10, FF, 75, 0C, 50, E8, ...]
PAGE ntoskrnl.exe!FsRtlIncrementCcFastReadNotPossible + C 8061CC21 40 Bytes [C3, CC, CC, CC, CC, CC, CC, ...]
PAGE ntoskrnl.exe!FsRtlCopyRead + 1A 8061CC4B 100 Bytes [8B, 4D, 10, 8D, 84, 08, FF, ...]
PAGE ntoskrnl.exe!FsRtlCopyRead + 7F 8061CCB0 38 Bytes [00, FF, 88, D4, 00, 00, 00, ...]
PAGE ntoskrnl.exe!FsRtlCopyRead + A6 8061CCD7 14 Bytes [83, 7E, 18, 00, 0F, 84, 00, ...]
PAGE ntoskrnl.exe!FsRtlCopyRead + B5 8061CCE6 32 Bytes [0F, 84, F5, 01, 00, 00, 3C, ...]
PAGE ntoskrnl.exe!FsRtlCopyRead + D6 8061CD07 31 Bytes [75, 18, FF, 75, 14, FF, 75, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlCopyWrite + 18 8061CF4F 5 Bytes [8B, 5D, 0C, 83, 3B]
PAGE ntoskrnl.exe!FsRtlCopyWrite + 1E 8061CF55 19 Bytes [75, 0A, 83, 7B, 04, FF, C6, ...] {JNZ 0xc; CMP DWORD [EBX+0x4], -0x1; MOV BYTE [EBP-0x1a], 0x1; JZ 0x10; MOV BYTE [EBP-0x1a], 0x0; MOV EDI, [EBP+0x8]}
PAGE ntoskrnl.exe!FsRtlCopyWrite + 32 8061CF69 26 Bytes [77, 0C, 89, 75, CC, 6A, 00, ...]
PAGE ntoskrnl.exe!FsRtlCopyWrite + 4D 8061CF84 48 Bytes [F6, 47, 2C, 10, 0F, 85, B1, ...]
PAGE ntoskrnl.exe!FsRtlCopyWrite + 7E 8061CFB5 2 Bytes [88, D4] {MOV AH, DL}
PAGE ...
PAGE ntoskrnl.exe!FsRtlMdlWriteComplete + 8 8061D663 69 Bytes CALL 804E842D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlMdlWriteComplete + 4E 8061D6A9 27 Bytes [78, 4C, 00, 74, 04, 32, C0, ...]
PAGE ntoskrnl.exe!FsRtlMdlWriteComplete + 6A 8061D6C5 42 Bytes [90, 90, 90, CC, CC, CC, CC, ...]
PAGE ntoskrnl.exe!FsRtlInitializeMcb + 11 8061D6F0 20 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
PAGE ntoskrnl.exe!FsRtlUninitializeMcb + 14 8061D708 114 Bytes [90, A1, 0C, A0, 69, 80, 83, ...]
PAGE ntoskrnl.exe!FsRtlSyncVolumes + 30 8061D77B 4 Bytes [75, 08, E8, 27]
PAGE ntoskrnl.exe!FsRtlSyncVolumes + 35 8061D780 1 Byte [EC]
PAGE ntoskrnl.exe!FsRtlSyncVolumes + 35 8061D780 86 Bytes [EC, FF, 5D, C2, 08, 00, CC, ...]
PAGE ntoskrnl.exe!FsRtlSyncVolumes + 8C 8061D7D7 100 Bytes [8B, C6, EB, 7E, 8B, 4E, 1C, ...]
PAGE ntoskrnl.exe!FsRtlSyncVolumes + F1 8061D83C 36 Bytes [C0, 8B, 4D, 10, 8B, 45, E4, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlDeregisterUncProvider + 2F 8061D9D2 5 Bytes [3B, 35, 18, A0, 69]
PAGE ntoskrnl.exe!FsRtlDeregisterUncProvider + 35 8061D9D8 67 Bytes [75, 34, A1, 20, A0, 69, 80, ...]
PAGE ntoskrnl.exe!FsRtlDeregisterUncProvider + 79 8061DA1C 29 Bytes [57, 6A, 01, 57, 53, E8, A8, ...]
PAGE ntoskrnl.exe!FsRtlDissectDbcs + 2 8061DA3A 19 Bytes [55, 8B, EC, 8B, 45, 10, 8B, ...]
PAGE ntoskrnl.exe!FsRtlDissectDbcs + 16 8061DA4E 157 Bytes [18, 66, 89, 58, 02, 89, 58, ...]
PAGE ntoskrnl.exe!FsRtlDoesDbcsContainWildCards + B 8061DAEC 104 Bytes [B7, 30, 33, D2, 85, F6, 57, ...]
PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + 2 8061DB55 149 Bytes [55, 8B, EC, 81, EC, 84, 00, ...]
PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + 98 8061DBEB 153 Bytes [00, 89, 4D, 8C, 74, 3E, 33, ...]
PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + 132 8061DC85 4 Bytes [74, 2B, 8B, 3D]
PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + 137 8061DC8A 34 Bytes [C4, 56, 80, 0F, B6, F2, 66, ...]
PAGE ntoskrnl.exe!FsRtlIsDbcsInExpression + 15A 8061DCAD 45 Bytes [4D, A0, 58, EB, 0B, 66, 0F, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + 16 8061DFCA 29 Bytes [00, 38, 5D, 10, 8B, 4D, 0C, ...]
PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + 34 8061DFE8 5 Bytes [14, 8A, 01, 3C, 2E] {ADC AL, 0x8a; ADD [ESI+EBP], EDI}
PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + 3A 8061DFEE 26 Bytes [05, 38, 41, 01, 74, 66, 3C, ...]
PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + 55 8061E009 30 Bytes [FA, 01, 76, 4D, 41, 66, 4A, ...]
PAGE ntoskrnl.exe!FsRtlIsHpfsDbcsLegal + 74 8061E028 98 Bytes [45, 0C, 80, 38, 5C, 74, 39, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlNotifyFullChangeDirectory + 1D 8061E190 97 Bytes [75, 10, FF, 75, 0C, FF, 75, ...]
PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 7 8061E1F2 12 Bytes [FF, 75, 28, FF, 75, 24, FF, ...] {PUSH DWORD [EBP+0x28]; PUSH DWORD [EBP+0x24]; PUSH DWORD [EBP+0x20]; PUSH DWORD [EBP+0x1c]}
PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 14 8061E1FF 1 Byte [75]
PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 14 8061E1FF 37 Bytes [75, 18, FF, 75, 14, FF, 75, ...]
PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 3C 8061E227 29 Bytes [8B, FF, 55, 8B, EC, 51, 51, ...]
PAGE ntoskrnl.exe!FsRtlNotifyFullReportChange + 5A 8061E245 240 Bytes [B8, FF, 00, 00, 00, 74, 05, ...]
PAGE ...
PAGE ntoskrnl.exe!IoSetPartitionInformation + 4 8061E51B 22 Bytes [EC, 83, EC, 40, 53, BB, 00, ...]
PAGE ntoskrnl.exe!IoSetPartitionInformation + 1B 8061E532 41 Bytes [89, 55, F8, 73, 03, 89, 5D, ...]
PAGE ntoskrnl.exe!IoSetPartitionInformation + 45 8061E55C 85 Bytes [89, 5D, E0, EB, 03, 89, 75, ...]
PAGE ntoskrnl.exe!IoSetPartitionInformation + 9B 8061E5B2 29 Bytes [C8, 57, 8D, 45, C0, 50, E8, ...]
PAGE ntoskrnl.exe!IoSetPartitionInformation + B9 8061E5D0 13 Bytes CALL 80518DB5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoWritePartitionTable + 1C 8061E7A7 42 Bytes [00, 89, 5D, F4, 88, 5D, FE, ...]
PAGE ntoskrnl.exe!IoWritePartitionTable + 47 8061E7D2 3 Bytes CALL 8050D44C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoWritePartitionTable + 4B 8061E7D6 103 Bytes [39, 5D, E0, 74, 12, 53, FF, ...]
PAGE ntoskrnl.exe!IoWritePartitionTable + B3 8061E83E 19 Bytes [23, 75, 03, 88, 45, FF, C6, ...]
PAGE ntoskrnl.exe!IoWritePartitionTable + C7 8061E852 150 Bytes [10, 00, 00, 39, 45, EC, 72, ...]
PAGE ...
PAGE ntoskrnl.exe!IoWritePartitionTableEx + 28 8061F9EE 27 Bytes [06, 2B, C3, 0F, 84, B5, 00, ...]
PAGE ntoskrnl.exe!IoWritePartitionTableEx + 44 8061FA0A 20 Bytes [75, FC, 89, 5D, 08, E8, DB, ...]
PAGE ntoskrnl.exe!IoWritePartitionTableEx + 59 8061FA1F 6 Bytes [75, FC, E8, C9, F9, FF]
PAGE ntoskrnl.exe!IoWritePartitionTableEx + 60 8061FA26 95 Bytes [8B, F8, 3B, FB, 0F, 8C, 87, ...]
PAGE ntoskrnl.exe!IoWritePartitionTableEx + C0 8061FA86 45 Bytes [70, 04, 6A, 01, FF, 73, 34, ...]
PAGE ...
PAGE ntoskrnl.exe!IoVerifyPartitionTable + 27 8061FB07 36 Bytes [F0, 85, F6, 7C, 25, 8B, 45, ...]
PAGE ntoskrnl.exe!IoVerifyPartitionTable + 4C 8061FB2C 89 Bytes [F6, 85, FF, 74, 06, 57, E8, ...]
PAGE ntoskrnl.exe!IoVerifyPartitionTable + A6 8061FB86 31 Bytes [4D, 10, 8D, 04, F6, 57, C1, ...]
PAGE ntoskrnl.exe!IoVerifyPartitionTable + C6 8061FBA6 5 Bytes [51, 20, 89, 50, 20]
PAGE ntoskrnl.exe!IoVerifyPartitionTable + CC 8061FBAC 57 Bytes [51, 24, 6A, 12, 8D, 71, 28, ...]
PAGE ...
PAGE ntoskrnl.exe!IoSetPartitionInformationEx + 2F 8061FD59 21 Bytes [7C, 44, 8B, 4D, FC, 8B, 45, ...]
PAGE ntoskrnl.exe!IoSetPartitionInformationEx + 45 8061FD6F 112 Bytes [74, 19, 49, 74, 07, BE, BB, ...]
PAGE ntoskrnl.exe!IoSetPartitionInformationEx + B6 8061FDE0 35 Bytes [8B, 7D, 18, 8B, 45, 14, C1, ...]
PAGE ntoskrnl.exe!IoSetPartitionInformationEx + DA 8061FE04 41 Bytes [75, 08, FF, 15, 98, 80, 4D, ...]
PAGE ntoskrnl.exe!IoSetPartitionInformationEx + 104 8061FE2E 18 Bytes [FF, 89, 73, 08, 89, 73, 04, ...] {DEC DWORD [ECX+0x73890873]; ADD AL, 0x33; SHR BL, 0x32; MOV EAX, [ECX+0x8]; LEA ECX, [EBP+0x10]; PUSH ECX}
PAGE ...
PAGE ntoskrnl.exe!IoCheckQuotaBufferValidity + D3 80620097 48 Bytes CALL 804DA2A1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoCheckQuotaBufferValidity + 104 806200C8 11 Bytes CALL 80574887 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoCheckQuotaBufferValidity + 110 806200D4 10 Bytes [6E, 01, 00, 00, 57, 68, 70, ...]
PAGE ntoskrnl.exe!IoCheckQuotaBufferValidity + 11B 806200DF 21 Bytes CALL 804DA2A2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoCheckQuotaBufferValidity + 131 806200F5 8 Bytes [D0, 50, C7, 45, A4, 18, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!IoEnqueueIrp 806202B8 77 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
PAGE ntoskrnl.exe!IoFastQueryNetworkAttributes + B 80620306 21 Bytes [A1, 60, A3, 55, 80, 8B, 55, ...]
PAGE ntoskrnl.exe!IoFastQueryNetworkAttributes + 21 8062031C 24 Bytes [64, FF, FF, FF, 33, C0, 6A, ...]
PAGE ntoskrnl.exe!IoFastQueryNetworkAttributes + 3A 80620335 57 Bytes [33, DB, 43, 89, 85, 24, FF, ...]
PAGE ntoskrnl.exe!IoFastQueryNetworkAttributes + 74 8062036F 17 Bytes [FF, FF, 88, 9D, 4D, FF, FF, ...]
PAGE ntoskrnl.exe!IoFastQueryNetworkAttributes + 86 80620381 53 Bytes [FF, FF, 64, A1, 24, 01, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!IoIsValidNameGraftingBuffer + D 8062040D 283 Bytes [53, 8B, 5D, 0C, 81, 3B, 03, ...]
PAGE ntoskrnl.exe!IoIsValidNameGraftingBuffer + 12A 8062052A 58 Bytes [BE, 9A, 07, 62, 80, 8D, 7D, ...]
PAGE ntoskrnl.exe!IoIsValidNameGraftingBuffer + 166 80620566 21 Bytes [00, 89, 7D, B0, C7, 45, B8, ...]
PAGE ntoskrnl.exe!IoIsValidNameGraftingBuffer + 17C 8062057C 116 Bytes [85, C0, 0F, 8C, 09, 01, 00, ...]
PAGE ntoskrnl.exe!IoIsValidNameGraftingBuffer + 1F1 806205F1 100 Bytes [44, 0F, 85, 8C, 00, 00, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!IoRegisterLastChanceShutdownNotification + 26 80620959 104 Bytes CALL 804DA06A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoSetInformation + 33 806209C2 21 Bytes [89, 7B, 60, C6, 45, 0B, 01, ...]
PAGE ntoskrnl.exe!IoSetInformation + 49 806209D8 40 Bytes [FF, FF, 50, 57, 53, E8, 83, ...]
? spcp.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B85D48AC 5 Bytes JMP 89FAD4E0
.text aqniud2s.SYS B846C384 1 Byte [20]
.text aqniud2s.SYS B846C384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text aqniud2s.SYS B846C3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text aqniud2s.SYS B846C3C4 3 Bytes [00, 00, 00]
.text aqniud2s.SYS B846C3C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A1A72D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74FF6D0] spcp.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7503708] spcp.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DA046] spcp.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DA142] spcp.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DA0C4] spcp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74DA7CE] spcp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74DA6A4] spcp.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89FAD5E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E5D7A] spcp.sys
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlInitUnicodeString] 000000A5
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!sprintf] 000000B3
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 000000BE
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoStartNextPacket] 000000A3
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!RtlCompareMemory] 00000060
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\aqniud2s.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A1341F8
Device \FileSystem\Fastfat \FatCdrom 89DCB500
Device \Driver\USBSTOR \Device\0000008f 89C97500
Device \Driver\usbuhci \Device\USBPDO-0 89FAC500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A1A51F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A1A51F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A1A51F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A1A51F8
Device \Driver\usbuhci \Device\USBPDO-1 89FAC500
Device \Driver\usbehci \Device\USBPDO-2 89FAB500
Device \Driver\usbuhci \Device\USBPDO-3 89FAC500
Device \Driver\sptd \Device\2846892082 spcp.sys
Device \Driver\usbuhci \Device\USBPDO-4 89FAC500
Device \Driver\usbuhci \Device\USBPDO-5 89FAC500
Device \Driver\usbehci \Device\USBPDO-6 89FAB500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A1371F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A1371F8
Device \Driver\Cdrom \Device\CdRom0 89F571F8
Device \Driver\Cdrom \Device\CdRom1 89F571F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 89F571F8
Device \Driver\Cdrom \Device\CdRom3 89F571F8
Device \Driver\USBSTOR \Device\00000090 89C97500
Device \Driver\PCI_PNP8332 \Device\0000005b spcp.sys
Device \Driver\PCI_PNP8332 \Device\0000005b spcp.sys
Device \Driver\usbuhci \Device\USBFDO-0 89FAC500
Device \Driver\usbuhci \Device\USBFDO-1 89FAC500
Device \Driver\usbehci \Device\USBFDO-2 89FAB500
Device \Driver\usbuhci \Device\USBFDO-3 89FAC500
Device \Driver\Ftdisk \Device\FtControl 8A1371F8
Device \Driver\usbuhci \Device\USBFDO-4 89FAC500
Device \Driver\usbuhci \Device\USBFDO-5 89FAC500
Device \Driver\usbehci \Device\USBFDO-6 89FAB500
Device \Driver\aqniud2s \Device\Scsi\aqniud2s1 89F501F8
Device \Driver\aqniud2s \Device\Scsi\aqniud2s1Port5Path0Target2Lun0 89F501F8
Device \Driver\aqniud2s \Device\Scsi\aqniud2s1Port5Path0Target0Lun0 89F501F8
Device \Driver\aqniud2s \Device\Scsi\aqniud2s1Port5Path0Target1Lun0 89F501F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A1A41F8
Device \FileSystem\Fastfat \Fat 89DCB500
Device \FileSystem\Cdfs \Cdfs 89DE4500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x96 0x85 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xB8 0x1A 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0xAF 0x5B 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xED 0x26 0x2B 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x80 0x5F 0x59 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x96 0x85 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xB8 0x1A 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x70 0x9A 0x64 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA1 0x28 0xBB 0x38 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x41 0xB0 0x0A 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCD 0x96 0x85 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xB8 0x1A 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3B 0xAF 0x5B 0x42 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xED 0x26 0x2B 0xB7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x80 0x5F 0x59 0xF3 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\IMG_1807.JPG 574783 bytes
File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\IMG_1809.JPG 634861 bytes
File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\IMG_1810.JPG 547335 bytes
File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\IMG_1816.JPG 750227 bytes
File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\IMG_1817.JPG 759063 bytes
File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\IMG_1818.JPG 870192 bytes
File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\IMG_1819.JPG 904314 bytes
File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\IMG_1820.JPG 720986 bytes
File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\IMG_1821.JPG 909656 bytes
File C:\Documents and Settings\Malek\Dokumenty\ICQ\251062581\ReceivedFiles\445379187 Sarushka250..\Thumbs.db 38400 bytes

---- EOF - GMER 1.0.15 ----

Hezké dopoledne
Jak jste zjistil, že máte v pc meebrota?
Co všechno jste už zkoušel?

Vložte log ze Rsitu s názvem LOG.TXT, viz můj podpis .


stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde

Dobry den



Hlasi to NOD ze tam je..

Jine antiviry zustaly v klidu, projel jsem to spybotem, neco nasel ale nic hroziveho. (myslim)
Je to dualboot W7 a XP jestli to nebude mit nejaky vliv ze si nod mysli ze je neco spatne.
Hlasi to jenom v XP , na Windows 7 je Symantec a ten zustava v klidu.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK






Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-20 09:45:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (11%) free of 155 GB
Total RAM: 3007 MB (89% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{2D3B4276-5947-4670-B63E-21C068CC38CD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-27 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WEBIE.DLL [2008-01-13 319488]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"=C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [2007-07-04 16168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
D:\Program Files\BitComet\BitComet.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JAJC]
C:\Program Files\jajc\jajc.exe [2004-06-07 5337600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
~D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
~C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-06-07 13902440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-06-07 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
C:\PROGRA~1\MCAFEE~1\10BCA1~1.150\SSSCHE~1.EXE [2009-07-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Malek^Nabídka Start^Programy^Po spuštění^Registrace FIFA 10.lnk]
D:\Windows.old\PROGRA~1\EASPOR~1\FIFA10~1\Support\EAREGI~1.EXE [2009-09-11 4374800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Malek^Nabídka Start^Programy^Po spuštění^Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK]
D:\Program Files\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe -d 804147 -l czech -r 7 -g Heroes of Might & Magic 5 - Hammers of Fate -c us -i 2925 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Malek^Nabídka Start^Programy^Po spuštění^Registration Heroes of Might & Magic 5 - Tribes of the East.LNK]
D:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe -d 804147 -l english -r 7 -g Heroes of Might & Magic 5 - Tribes of the East -c us -i 2579 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"spserv"=2
"PnkBstrB"=2
"PnkBstrA"=2
"NVSvc"=2
"NMIndexingService"=3
"NBService"=3
"LightScribeService"=2
"JavaQuickStarterService"=2
"idsvc"=3
"ICQ Service"=2
"Hamachi2Svc"=2
"Bonjour Service"=2
"Apple Mobile Device"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2005-09-18 5376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Vietcong2\vietcong2.exe"="D:\Vietcong2\vietcong2.exe:*:Enabled:vietcong2"
"D:\Vietcong\vietcong.exe"="D:\Vietcong\vietcong.exe:*:Enabled:vietcong"
"D:\Program Files\EA SPORTS\NHL08\nhl2008.exe"="D:\Program Files\EA SPORTS\NHL08\nhl2008.exe:*:Enabled:nhl2008"
"D:\Program Files\Far Cry\Bin32\FarCry.exe"="D:\Program Files\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Malek\Plocha\mirc_0\mirc\mirc.exe"="C:\Documents and Settings\Malek\Plocha\mirc_0\mirc\mirc.exe:*:Enabled:mIRC"
"D:\Program Files\EA SPORTS\mirc_0\mirc\mirc.exe"="D:\Program Files\EA SPORTS\mirc_0\mirc\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Documents and Settings\Malek\Plocha\sdc212\sdc212\StrongDC.exe"="C:\Documents and Settings\Malek\Plocha\sdc212\sdc212\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Program Files\EA SPORTS\FIFA 08\FIFA08.exe"="D:\Program Files\EA SPORTS\FIFA 08\FIFA08.exe:*:Enabled:FIFA08"
"C:\Documents and Settings\Malek\Plocha\w-lf2patch1.35\W-lf2.exe"="C:\Documents and Settings\Malek\Plocha\w-lf2patch1.35\W-lf2.exe:*:Enabled:W-lf2"
"D:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe"="D:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe:*:Enabled:lf2"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Program Files\3DO\Heroes3\HEROES3.EXE"="D:\Program Files\3DO\Heroes3\HEROES3.EXE:*:Enabled:Heroes of Might and Magic® III"
"D:\Program Files\Ubisoft\Heroes of Might and Magic V\Demo\bin\H5_Game.exe"="D:\Program Files\Ubisoft\Heroes of Might and Magic V\Demo\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\Documents and Settings\Malek\Plocha\flatout.2-upl.by.dominick\Flatout.2.Multi\tflot2\FlatOut2.exe"="C:\Documents and Settings\Malek\Plocha\flatout.2-upl.by.dominick\Flatout.2.Multi\tflot2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\id Software\Quake 4\Quake4Ded.exe"="D:\Program Files\id Software\Quake 4\Quake4Ded.exe:*:Enabled:Quake 4"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\EA SPORTS\NHL 09\nhl2009.exe"="D:\Program Files\EA SPORTS\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"D:\Program Files\Ubisoft\Heroes of Might and Magic V Collector Edition\bin\H5_Game.exe"="D:\Program Files\Ubisoft\Heroes of Might and Magic V Collector Edition\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\CSP2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\CSP2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe"="C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe:*:Enabled:Invisible Browsing"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TorrenTopia\btdl\downloader.tt"="C:\Program Files\TorrenTopia\btdl\downloader.tt:*:Enabled:downloader"
"C:\Documents and Settings\Malek\Plocha\FlatOut2\Flatout.2.Multi\tflot2\FlatOut2.exe"="C:\Documents and Settings\Malek\Plocha\FlatOut2\Flatout.2.Multi\tflot2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Program Files\EA SPORTS\FIFA 10\FIFA10.exe"="D:\Program Files\EA SPORTS\FIFA 10\FIFA10.exe:*:Enabled:FIFA10"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"D:\Záloha\Stahování filmů\utorrent-1.7-rc2.exe"="D:\Záloha\Stahování filmů\utorrent-1.7-rc2.exe:*:Enabled:µTorrent"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\BitComet\BitComet.exe"="D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Stažené soubory-mozilla\Call.of.Duty.Modern.Warfare.2\stream\Steam.exe"="D:\Stažené soubory-mozilla\Call.of.Duty.Modern.Warfare.2\stream\Steam.exe:*:Enabled:Steam"
"D:\Program Files\Call Of Duty Modern Warfare 2\Modern Warfare 2\iw4mp.exe"="D:\Program Files\Call Of Duty Modern Warfare 2\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"D:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe"="D:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"D:\Program Files\Ubisoft\Heroes of Might and Magic V\bina1\H5_Game.exe"="D:\Program Files\Ubisoft\Heroes of Might and Magic V\bina1\H5_Game.exe:*:Enabled:Heroes of Might and Magic V Addon"
"D:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe"="D:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"D:\Windows.old\Program Files\uTorrent\uTorrent.exe"="D:\Windows.old\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Windows.old\Program Files\EA SPORTS\NHL 09\nhl2009.exe"="D:\Windows.old\Program Files\EA SPORTS\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Windows.old\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe"="D:\Windows.old\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"D:\Windows.old\Program Files\Call Of Duty Modern Warfare 2\Modern Warfare 2\iw4mp.exe"="D:\Windows.old\Program Files\Call Of Duty Modern Warfare 2\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"D:\Stažené soubory-mozilla\Little_Fighter_2_Sx2\Sidestory?(16bit).exe"="D:\Stažené soubory-mozilla\Little_Fighter_2_Sx2\Sidestory?(16bit).exe:*:Enabled:Sidestory?(16bit)"
"D:\Stažené soubory-mozilla\Little_Fighter_2_Sx2\Sidestory?EX(16bit).exe"="D:\Stažené soubory-mozilla\Little_Fighter_2_Sx2\Sidestory?EX(16bit).exe:*:Enabled:Sidestory?EX(16bit)"
"D:\Windows.old\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="D:\Windows.old\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry® 2"
"D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Codemasters\CMR DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\CMR DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"D:\Windows.old\Program Files\Call Of Duty Modern Warfare 2\Modern Warfare 2\iw4sp.exe"="D:\Windows.old\Program Files\Call Of Duty Modern Warfare 2\Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"D:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe"="D:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-08-20 09:43:19 ----D---- C:\Program Files\trend micro
2010-08-20 09:43:05 ----D---- C:\rsit
2010-08-19 14:31:23 ----ASH---- C:\pagefile.sys
2010-08-19 14:15:28 ----D---- C:\WINDOWS\LastGood.Tmp
2010-08-19 14:15:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-08-19 11:40:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-19 11:40:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-08-18 16:59:13 ----D---- C:\WINDOWS\pss
2010-08-18 13:29:03 ----A---- C:\WINDOWS\system32\antiwpa.dll
2010-08-17 15:48:59 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-08-17 15:48:54 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-16 21:30:09 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-16 21:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-16 21:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-16 21:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-16 21:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-16 21:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-16 21:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-16 21:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-08 22:27:00 ----D---- C:\Program Files\bootkit_remover
2010-08-07 21:41:52 ----D---- C:\WINDOWS\McAfee.com
2010-08-07 20:50:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-04 11:50:36 ----A---- C:\WINDOWS\system32\drivers\eamon.sys
2010-08-03 13:28:36 ----A---- C:\WINDOWS\system32\drivers\epfwtdir.sys
2010-07-31 10:21:38 ----D---- C:\b
2010-07-30 20:49:25 ----A---- C:\Program Files\zpbg7vpw.exe
2010-07-30 20:36:12 ----A---- C:\Program Files\EMebRemover(2).exe
2010-07-30 15:15:04 ----A---- C:\Program Files\FixMebroot.exe
2010-07-30 15:00:14 ----A---- C:\Program Files\j05sgj57.exe
2010-07-30 13:40:23 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-07-30 13:39:53 ----D---- C:\WINDOWS\setup.pss
2010-07-30 13:35:00 ----D---- C:\Documents and Settings\Administrator.DEJV-2F7A053EB.002\Data aplikací\Malwarebytes
2010-07-30 13:34:52 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-30 13:34:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-30 13:34:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-07-30 13:34:51 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-30 13:04:01 ----A---- C:\Program Files\mbam-setup-1.46.exe
2010-07-30 12:44:16 ----D---- C:\Program Files\Activator_XP_All
2010-07-29 23:10:04 ----D---- C:\Program Files\Windows XP Activator
2010-07-29 13:31:26 ----A---- C:\WINDOWS\system32\drivers\ehdrv.sys
2010-07-28 14:40:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2010-07-28 13:48:35 ----D---- C:\Program Files\Crawler
2010-07-28 11:49:21 ----D---- C:\Program Files\Common Files\iS3
2010-07-28 11:49:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\STOPzilla!
2010-07-28 11:30:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-07-28 10:55:39 ----ASH---- C:\Documents and Settings\Administrator.DEJV-2F7A053EB.002\Data aplikací\desktop.ini
2010-07-28 10:55:38 ----SD---- C:\Documents and Settings\Administrator.DEJV-2F7A053EB.002\Data aplikací\Microsoft
2010-07-28 10:37:26 ----A---- C:\Program Files\EMebRemover.exe
2010-07-27 23:09:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2010-07-26 11:11:15 ----D---- C:\Program Files\Google

======List of files/folders modified in the last 1 months======

2010-08-20 09:43:19 ----RD---- C:\Program Files
2010-08-20 09:42:32 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-19 14:46:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-19 14:43:57 ----D---- C:\WINDOWS
2010-08-19 14:40:01 ----SHD---- C:\System Volume Information
2010-08-19 14:24:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-19 14:24:29 ----D---- C:\WINDOWS\Temp
2010-08-19 14:16:00 ----D---- C:\WINDOWS\Prefetch
2010-08-19 14:15:46 ----SHD---- C:\WINDOWS\Installer
2010-08-19 14:15:35 ----HD---- C:\Config.Msi
2010-08-19 14:15:30 ----HD---- C:\WINDOWS\inf
2010-08-19 14:15:30 ----D---- C:\WINDOWS\system32\drivers
2010-08-19 14:15:07 ----D---- C:\Program Files\ESET
2010-08-19 14:11:49 ----D---- C:\WINDOWS\system32
2010-08-19 10:00:54 ----D---- C:\WINDOWS\WinSxS
2010-08-19 09:57:01 ----D---- C:\Program Files\Mozilla Firefox
2010-08-19 09:56:08 ----RSH---- C:\boot.ini
2010-08-19 09:56:08 ----A---- C:\WINDOWS\win.ini
2010-08-19 09:56:08 ----A---- C:\WINDOWS\system.ini
2010-08-19 09:49:31 ----D---- C:\Program Files\Alwil Software
2010-08-19 09:48:04 ----D---- C:\WINDOWS\system32\appmgmt
2010-08-18 13:24:06 ----A---- C:\WINDOWS\setuplog.txt
2010-08-17 16:32:39 ----D---- C:\WINDOWS\system
2010-08-17 15:58:42 ----RSD---- C:\WINDOWS\assembly
2010-08-17 15:56:32 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-17 15:49:43 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-17 15:49:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-16 21:30:13 ----A---- C:\WINDOWS\imsins.BAK
2010-08-16 21:30:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-16 21:29:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-16 21:27:15 ----D---- C:\Program Files\Internet Explorer
2010-08-16 21:27:05 ----D---- C:\WINDOWS\ie8updates
2010-08-16 21:24:42 ----D---- C:\Program Files\Movie Maker
2010-08-16 20:34:18 ----D---- C:\Program Files\TorrenTopia
2010-08-16 20:34:18 ----D---- C:\Program Files\MOBILedit!
2010-08-16 20:34:17 ----D---- C:\Program Files\ICQToolbar
2010-08-16 20:34:17 ----D---- C:\Program Files\ICQ6Toolbar
2010-08-16 20:34:16 ----D---- C:\Program Files\Messenger
2010-08-16 20:34:16 ----D---- C:\Program Files\LimeWire
2010-08-16 20:34:15 ----D---- C:\Program Files\DivX
2010-08-16 20:34:14 ----D---- C:\Program Files\1by1
2010-08-16 20:33:20 ----D---- C:\TRANSLAT
2010-08-16 20:33:19 ----D---- C:\QIP Infium JadrisPack
2010-08-08 22:22:57 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-08 21:58:37 ----D---- C:\WINDOWS\system32\config
2010-08-08 21:57:31 ----D---- C:\WINDOWS\system32\wbem
2010-08-08 21:57:29 ----D---- C:\WINDOWS\Registration
2010-08-08 16:33:02 ----D---- C:\Program Files\SpoonProxy
2010-08-07 21:41:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-03 21:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-30 21:26:55 ----D---- C:\WINDOWS\system32\Restore
2010-07-30 15:18:37 ----SHD---- C:\RECYCLER
2010-07-30 15:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2010-07-28 12:05:35 ----D---- C:\WINDOWS\Minidump
2010-07-28 11:49:21 ----D---- C:\Program Files\Common Files
2010-07-28 10:55:38 ----D---- C:\Documents and Settings
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-26 11:11:18 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-10-30 43648]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-01-25 715248]
R0 tffsport;M-Systems DiskOnChip 2000; C:\WINDOWS\system32\DRIVERS\tffsport.sys [2008-04-13 149376]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-02-01 41792]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-08-28 271360]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
S2 HDUSB;HDUSB_XP.Sys HDUSB Bulk IO test driver; C:\WINDOWS\System32\Drivers\HDUSB_XP.sys [2004-03-23 16908]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-08-28 18048]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
S3 aftyifow;aftyifow; \??\C:\DOCUME~1\ADMINI~1.002\LOCALS~1\Temp\aftyifow.sys []
S3 aqniud2s;aqniud2s; C:\WINDOWS\system32\drivers\aqniud2s.sys []
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\Malek\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2009-06-22 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2009-06-22 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2009-06-22 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2009-06-22 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2009-06-22 79488]
S3 Ma730Pt;MA730 Bluetooth VCOM Driver; C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2006-09-21 103040]
S3 Ma730Vad;MA730 Bluetooth Audio; C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 23376]
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1.002\LOCALS~1\Temp\mbr.sys []
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-06-08 10531200]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-13 47360]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-07-27 83712]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2006-03-02 3584]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-06-07 154728]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-07-03 75064]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-07-03 215128]
S4 spserv;SpoonProxy; C:\Program Files\SpoonProxy\spserv.exe []
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Obcas se nam hodne zpomali komp. Vim, ze musim neco udelat s operacni pameti, ale zarazi me to, ze zpomaleni je jen nekdy. Chtela bych tedy poprosit o kontolu logu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:37, on 20.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PC\Dokumenty\Stazene programy\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [IM Sniffer] "C:\Program Files\IM Sniffer\IMSniffer.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunServices: [PcEXEreg] C:\WINDOWS\system\kl.exe
O4 - HKCU\..\Run: [Configurator.exe] C:\Program Files\Vodafone\Configurator.exe /run
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\PC\LOCALS~1\Temp\E_SBC2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/sho ... tor/sw.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2456427107
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2478123770
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/5 ... oader4.cab
O16 - DPF: {CEEFE929-741C-4323-B7FE-C17CA6DA3A01} (WebCamX Control) - http://88.146.134.61:5550/WebCamX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39E8B6E2-A3C6-46EB-86DF-EE4E36595047}: NameServer = 212.111.0.10,193.179.148.42
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Služba Google Update (gupdate1ca112b9fd21eb0) (gupdate1ca112b9fd21eb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8304 bytes


DIIIIKY!!!

Namefar

EMebRemover(2).exe něco našel?

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Miiina
Založte si prosím vlastní topic a vložte do něj log ze Rsitu, viz můj podpis.
Takto by to bylo nepřehledné.
Díky

Pri prvnim spusteni combofixu mu chybela konzole, tu si doinstaloval, pak neco delal a zahlasil ze mbr je napadeno,
restartoval, pak chvilku zase neco delal (na plochu to nedojelo) opet restart.
Pc normalne najelo ale na C:\ nebyl zadny log ?!? Tak jsem ho spustil znova ,, momentalne pise faze 50 asi,, a znova restart

ComboFix 10-08-18.05 - Malek 20.08.2010 13:27:06.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3007.2532 [GMT 2:00]
Spuštěný z: c:\documents and settings\Malek\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HDUSB
-------\Legacy_SSHNAS
-------\Service_HDUSB


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-20 do 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-20 07:43 . 2010-08-20 07:43 -------- d-----w- c:\program files\trend micro
2010-08-20 07:43 . 2010-08-20 07:44 -------- d-----w- C:\rsit
2010-08-19 09:40 . 2010-08-19 09:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-18 11:29 . 2005-09-17 23:32 5376 ----a-w- c:\windows\system32\antiwpa.dll
2010-08-17 13:48 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-17 13:48 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-17 13:48 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-17 13:48 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-08 20:27 . 2010-08-08 20:27 -------- d-----w- c:\program files\bootkit_remover
2010-08-08 19:57 . 2010-08-08 19:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-07 19:41 . 2010-08-07 19:41 -------- d-----w- c:\windows\McAfee.com
2010-07-31 08:21 . 2010-08-09 21:21 -------- d-----w- C:\b
2010-07-30 18:49 . 2010-07-30 18:50 48022216 ----a-w- c:\program files\zpbg7vpw.exe
2010-07-30 18:36 . 2010-07-30 18:36 117912 ----a-w- c:\program files\EMebRemover(2).exe
2010-07-30 13:15 . 2010-07-30 13:15 171904 ----a-w- c:\program files\FixMebroot.exe
2010-07-30 13:00 . 2010-07-30 13:00 293376 ----a-w- c:\program files\j05sgj57.exe
2010-07-30 11:49 . 2010-07-30 11:49 -------- d-sh--w- c:\documents and settings\Administrator.DEJV-2F7A053EB.002\PrivacIE
2010-07-30 11:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 11:34 . 2010-07-30 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 11:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 11:04 . 2010-07-30 11:04 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-07-30 10:44 . 2010-07-30 10:45 -------- d-----w- c:\program files\Activator_XP_All
2010-07-29 21:10 . 2010-07-29 21:11 -------- d-----w- c:\program files\Windows XP Activator
2010-07-28 11:48 . 2010-07-29 16:18 -------- d-----w- c:\program files\Crawler
2010-07-28 09:49 . 2010-07-28 09:49 -------- d-----w- c:\program files\Common Files\iS3
2010-07-28 08:37 . 2010-07-28 08:37 117912 ----a-w- c:\program files\EMebRemover.exe
2010-07-28 08:15 . 2010-07-28 08:21 -------- d-----w- c:\documents and settings\Administrator.DEJV-2F7A053EB.001\Data aplikací
2010-07-28 08:15 . 2010-07-28 08:21 -------- d-s---w- c:\documents and settings\Administrator.DEJV-2F7A053EB.001
2010-07-28 08:15 . 2010-07-28 08:21 -------- d-----w- c:\documents and settings\Administrator.DEJV-2F7A053EB.001\Šablony
2010-07-27 21:09 . 2010-07-27 21:09 82258 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-27 21:09 . 2010-07-27 21:09 82258 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-27 21:09 . 2010-07-28 08:12 200736 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-07-27 21:09 . 2010-07-27 21:16 2080 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-07-27 20:14 . 2010-07-28 08:24 -------- d-----w- c:\documents and settings\Administrator.DEJV-2F7A053EB.000\Data aplikací
2010-07-27 20:14 . 2010-07-28 08:24 -------- d-s---w- c:\documents and settings\Administrator.DEJV-2F7A053EB.000
2010-07-27 20:14 . 2010-07-28 08:24 -------- d-----w- c:\documents and settings\Administrator.DEJV-2F7A053EB.000\Šablony
2010-07-27 17:20 . 2010-07-27 17:20 -------- d-----w- c:\documents and settings\Malek\DoctorWeb
2010-07-26 09:11 . 2010-07-28 08:25 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 11:10 . 2010-01-21 19:15 -------- d-----w- c:\program files\ESET
2010-08-19 07:49 . 2008-01-20 15:11 -------- d-----w- c:\program files\Alwil Software
2010-08-16 19:29 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-08-16 19:29 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-08-16 18:34 . 2009-12-25 14:56 -------- d-----w- c:\program files\TorrenTopia
2010-08-16 18:34 . 2008-10-31 13:08 -------- d-----w- c:\program files\MOBILedit!
2010-08-16 18:34 . 2009-11-11 17:13 -------- d-----w- c:\program files\ICQ6Toolbar
2010-08-16 18:34 . 2008-01-18 17:55 -------- d-----w- c:\program files\ICQToolbar
2010-08-16 18:34 . 2008-03-17 18:48 -------- d-----w- c:\program files\LimeWire
2010-08-16 18:34 . 2008-06-29 16:21 -------- d-----w- c:\program files\DivX
2010-08-16 18:34 . 2008-01-20 17:13 -------- d-----w- c:\program files\1by1
2010-08-08 14:33 . 2009-08-01 13:35 -------- d-----w- c:\program files\SpoonProxy
2010-07-30 16:13 . 2010-07-28 08:48 260 ----a-w- c:\program files\FixMebroot.log
2010-07-27 21:10 . 2010-07-27 21:09 2528 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-07-27 21:10 . 2010-07-27 21:09 1148 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-07-14 20:35 . 2010-07-14 20:34 -------- d-----w- c:\program files\Foo Fighters - In_Your_Honor-2CD-2005
2010-07-10 19:42 . 2010-01-20 18:51 -------- d-----w- c:\program files\ICQ7.0
2010-07-08 18:55 . 2010-07-08 18:55 -------- d-----w- c:\program files\cmrdirt.nointro.proper-abra
2010-07-08 18:55 . 2010-07-08 18:55 -------- d-----w- c:\program files\dirt.lang
2010-07-08 18:54 . 2010-07-08 18:54 -------- d-----w- c:\program files\NiMP
2010-07-05 14:10 . 2010-07-05 12:18 -------- d-----w- c:\program files\DIRT 2
2010-07-05 13:20 . 2010-07-05 13:20 -------- d-----w- c:\program files\BRS
2010-07-05 13:20 . 2010-07-05 13:20 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-05 13:20 . 2010-07-05 13:20 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-05 13:20 . 2010-07-05 13:20 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-05 13:20 . 2010-07-05 13:20 -------- d-----w- c:\program files\OpenAL
2010-07-05 13:04 . 2008-01-13 14:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-05 13:04 . 2010-07-05 13:04 -------- d-----w- c:\program files\Codemasters
2010-07-04 12:45 . 2009-07-12 20:57 -------- d-----w- c:\program files\KONAMI
2010-07-03 13:35 . 2008-02-03 15:44 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 13:35 . 2008-02-03 15:44 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-03 12:52 . 2008-02-03 15:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-03 12:52 . 2010-07-03 12:52 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-07-02 17:33 . 2010-07-02 17:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-02 17:32 . 2008-03-22 21:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-02 17:32 . 2008-03-22 21:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-02 17:31 . 2010-07-02 17:31 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-02 17:31 . 2010-07-02 17:31 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-02 17:31 . 2010-07-02 17:31 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-01-13 13:50 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-07 15:34 . 2010-06-07 15:34 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-07 15:34 . 2010-06-07 15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-07 15:34 . 2010-06-07 15:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 15:34 . 2010-06-07 15:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 15:34 . 2010-06-07 15:34 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-07 15:34 . 2010-06-07 15:34 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-06-02 02:55 . 2010-07-02 17:16 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-02 17:16 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-02 17:16 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-28 10:58 . 2008-01-13 14:57 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-26 09:41 . 2010-07-02 17:16 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-07-02 17:15 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-07-02 17:15 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-07-02 17:15 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-07-02 17:15 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2009-10-18 16:48 . 2010-06-17 13:37 5800230912 ----a-w- c:\program files\rld-p210.iso
2008-01-13 14:03 . 2008-01-13 14:02 48 --sh--w- c:\windows\S12326E3F.tmp
2006-05-03 09:06 . 2009-05-16 21:35 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-05-16 21:35 31232 --sh--r- c:\windows\system32\msfDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Malek^Nabídka Start^Programy^Po spuštění^Registrace FIFA 10.lnk]
path=c:\documents and settings\Malek\Nabídka Start\Programy\Po spuštění\Registrace FIFA 10.lnk
backup=c:\windows\pss\Registrace FIFA 10.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Malek^Nabídka Start^Programy^Po spuštění^Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK]
path=c:\documents and settings\Malek\Nabídka Start\Programy\Po spuštění\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Malek^Nabídka Start^Programy^Po spuštění^Registration Heroes of Might & Magic 5 - Tribes of the East.LNK]
path=c:\documents and settings\Malek\Nabídka Start\Programy\Po spuštění\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5 - Tribes of the East.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 13:01 148776 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JAJC]
2004-06-07 05:02 5337600 ----a-w- c:\program files\jajc\jajc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-06-07 15:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-06-07 15:34 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 13:52 95536 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 14:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2006-07-13 06:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"spserv"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"Hamachi2Svc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Vietcong2\\vietcong2.exe"=
"d:\\Vietcong\\vietcong.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TorrenTopia\\btdl\\downloader.tt"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"d:\\Záloha\\Stahování filmů\\utorrent-1.7-rc2.exe"=
"c:\\QIP Infium JadrisPack\\infium.exe"=
"d:\\Windows.old\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Windows.old\\Program Files\\EA SPORTS\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Windows.old\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"d:\\Windows.old\\Program Files\\Call Of Duty Modern Warfare 2\\Modern Warfare 2\\iw4mp.exe"=
"d:\\Stažené soubory-mozilla\\Little_Fighter_2_Sx2\\Sidestory?(16bit).exe"=
"d:\\Stažené soubory-mozilla\\Little_Fighter_2_Sx2\\Sidestory?EX(16bit).exe"=
"d:\\Windows.old\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Codemasters\\CMR DiRT2\\dirt2_game.exe"=
"d:\\Windows.old\\Program Files\\Call Of Duty Modern Warfare 2\\Modern Warfare 2\\iw4sp.exe"=
"d:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23544:TCP"= 23544:TCP:BitComet 23544 TCP
"23544:UDP"= 23544:UDP:BitComet 23544 UDP

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [31.8.2009 19:55 149376]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2.3.2006 14:00 3584]
S3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [7.2.2009 0:26 103040]
S3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [7.2.2009 0:26 23376]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.11.2009 19:13 246520]
S4 spserv;SpoonProxy;"c:\program files\SpoonProxy\spserv.exe" --> c:\program files\SpoonProxy\spserv.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.1.2008 20:43 715248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]

2010-08-20 c:\windows\Tasks\User_Feed_Synchronization-{2D3B4276-5947-4670-B63E-21C068CC38CD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
FF - ProfilePath - c:\documents and settings\Malek\Data aplikací\Mozilla\Firefox\Profiles\asvqw6d5.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_EU&apn_uid=76451BC0-C8F1-4096-A1C8-F7B24DD84C70&apn_ptnrs=UG&apn_sauid=2690CC22-502F-4F00-8382-CB706015495B&apn_dtid=&q=
FF - component: c:\documents and settings\Malek\Data aplikací\Mozilla\Firefox\Profiles\asvqw6d5.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-BitComet - d:\program files\BitComet\BitComet.exe
MSConfigStartUp-Messenger (Yahoo!) - ~d:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - d:\program files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
AddRemove-CoD 2 čeština_is1 - d:\program files\Activision\Call of Duty 2\main\unins000.exe
AddRemove-Cossacks II - d:\program files\GSC Game World\Cossacks II\uninstall.exe
AddRemove-Doc's Unofficial 1.0 - 1.33 - d:\program files\Far Cry\Uninstall.exe
AddRemove-Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1 - c:\program files\ESET\ESET NOD32 Antivirus\unins000.exe
AddRemove-Far Cry - d:\progra~1\FARCRY~1\UNWISE.EXE
AddRemove-GLRP Beta - d:\program files\EA SPORTS\FIFA 08\Uninstal.exe
AddRemove-Install_is1 - c:\program files\Setup\unins000.exe
AddRemove-Little Fighter 2 - d:\program files\LittleFighter2\LF2_v1.9c\uninst.exe
AddRemove-mIRC - d:\program files\EA SPORTS\mirc_0\mirc\mirc.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Steam App 10180 - d:\stažené soubory-mozilla\Call.of.Duty.Modern.Warfare.2\stream2\stream\steam.exe
AddRemove-Steam App 10190 - d:\stažené soubory-mozilla\Call.of.Duty.Modern.Warfare.2\stream2\stream\steam.exe
AddRemove-uTorrent - d:\program files\uTorrent\uTorrent.exe
AddRemove-{C13E90B0-4E1C-11DB-6784-0152EAA218BE} - d:\program files\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.exe
AddRemove-Dresy do menu ELH 08 - d:\program files\EA SPORTS\NHL08\Uninstal.exe
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - c:\program files\EA Games\Battlefield Heroes\uninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 13:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-343818398-1454471165-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-343818398-1454471165-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:29,22,37,65,28,44,94,ac,e0,e9,62,f4,f9,8f,6a,28,6e,9f,68,39,18,
f4,ce,75,c8,2c,a4,18,25,32,c7,55,c6,9e,66,62,5b,ee,1e,90,5a,91,6a,0f,90,37,\
"rkeysecu"=hex:82,18,40,bb,60,64,f2,25,e1,e0,be,48,2a,32,7e,22

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(848)
c:\progra~1\WINDOW~2\wmpband.dll
.
Celkový čas: 2010-08-20 13:47:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-20 11:47

Před spuštěním: Volných bajtů: 17 842 569 216
Po spuštění: Volných bajtů: 18 280 382 464

- - End Of File - - FF7460825B4D4D2D6769283E5753D813

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Tuto složku znáte?
C:\b


Vy jste použil c:\program files\bootkit_remover?


A odstrante ten nelegální Nod a dejte nějaký free antivir. Nelegálními AV se nezabýváme, je to proti pravidlům tohoto fora.

Dekuji za rady, po pouziti combofixu se rootkit uz neobjevil..

Pc nebyl muj jen jsem chtel nekomu pomoci, uz jsem nestihl reagovat protoze mi pc vzali asi (s vasi pomoci) se to povedlo, uz se neozval.

Jeste jeden dotaz, jakym zpusobem kontrolujete logy, "rucne" je cele prochazite, nebo je na to nejaky soft ktery vam vyhodi "anomalie" ktere jsou v logu, a vy pak jen dohledavate o co se jedna?

Chtel bych se to naucit, pomuzete mi nejak ..

Nedokážu Vám ale říct, jestli už byl pc skutečně čistý, osobně bych tam ještě pár věcí ráda zkontrolovala, ale když už Vám ho vzali, nedá se nic dělat.
Logy kontrolujeme ručně, za pomocí google a taky zkušeností, co už máme . Většinu těch legálních souborů a procesů už znám, takže dohledávám jen ty anomálie, jak říkáte .

Napíšu Vám sz s informacemi k těm logům, ale až večer, když tak se mi připomeňte