VIRY.CZ

Mám problém ohledně Eset Smart Security 4 , v logu firewallu mi píše mi že byl detekováno zneužití skrytého kanálu v ICMP paketu(viz. screen),dělá to však pouze když se připojím na domácí síť , nikde jinde.Možná souvislost s malwarem který sem nedávno měl ale žádnej antivir-antimalware ho nenašel a k mé blbosti sem mu povolil i přístup na net díky věrohodnému názvu - svhost.exe(spletl sem si to s svchost.exe dal povolit a zapamatovat a problém byl na světě).Nakonec jsem ho smazal ve spyware terminatorovi kde byl zařazen mezi neznámými programy a nakonec ještě system startupy který sem smazal z UPM.

Nakonec jedna technická otázka - jakto že firewall od esetu nezobrazuje všechna síťová připojení? - ukáže jen pár programů třeba qip.exe,firefox.exe ale to že jede online např. Counter Strike Source ho nijak netrápí a nezobrazí ho.

Teď už konečně log z RSIT a pokud někdo něco najde tak mu budu říkat Pane




Logfile of random's system information tool 1.06 (written by random/random)
Run by FunThomas at 2010-01-23 14:33:19
Microsoft Windows 7 Professional Service Pack 3
System drive C: has 93 GB (64%) free of 145 GB
Total RAM: 3071 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:21, on 23.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\FunThomas\Desktop\AntiMalware\RSIT.exe
C:\Program Files\trend micro\FunThomas.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [UMP] C:\Program Files\Ultimate Process Manager\UPM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AFBAgent - ASUSTeK Computer Inc. - C:\Windows\system32\FBAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: OBJYXE - Unknown owner - C:\Users\FUNTHO~1\AppData\Local\Temp\OBJYXE.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: YYHC - Unknown owner - C:\Users\FUNTHO~1\AppData\Local\Temp\YYHC.exe (file missing)

--
End of file - 6656 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2009-04-20 159744]
"ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-07-13 1474560]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2009-09-01 233472]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-06-12 497536]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-10 98304]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-02 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"UMP"=C:\Program Files\Ultimate Process Manager\UPM.exe [2009-01-02 1187840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-02 2166784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-22 20:15:35 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 20:15:32 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 20:15:31 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 20:15:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 20:15:30 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 20:15:30 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-21 19:38:42 ----D---- C:\ProgramData\Sun
2010-01-21 19:38:41 ----D---- C:\Program Files\Common Files\Java
2010-01-21 19:38:21 ----A---- C:\Windows\system32\javaws.exe
2010-01-21 19:38:21 ----A---- C:\Windows\system32\javaw.exe
2010-01-21 19:38:21 ----A---- C:\Windows\system32\java.exe
2010-01-21 19:34:00 ----D---- C:\Windows\Sun
2010-01-20 21:48:24 ----D---- C:\Program Files\oZone3D
2010-01-17 10:23:20 ----D---- C:\ProgramData\SecTaskMan
2010-01-17 10:23:03 ----D---- C:\Program Files\Security Task Manager
2010-01-16 15:14:51 ----A---- C:\Windows\system32\CmdLineExt.dll
2010-01-16 15:03:53 ----D---- C:\Program Files\Sierra
2010-01-14 19:47:59 ----D---- C:\Program Files\trend micro
2010-01-14 19:47:58 ----D---- C:\rsit
2010-01-13 11:11:10 ----D---- C:\ProgramData\TmForever
2010-01-13 10:55:46 ----D---- C:\Program Files\TmNationsForever
2010-01-13 08:00:00 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 07:59:59 ----A---- C:\Windows\system32\fontsub.dll
2010-01-11 19:43:53 ----D---- C:\Users\FunThomas\AppData\Roaming\Tific
2010-01-11 19:42:44 ----D---- C:\ProgramData\Norton
2010-01-11 19:42:23 ----D---- C:\ProgramData\NortonInstaller
2010-01-10 21:40:47 ----D---- C:\Program Files\JPEG to PDF
2010-01-07 21:16:44 ----D---- C:\Users\FunThomas\AppData\Roaming\Malwarebytes
2010-01-07 21:16:33 ----D---- C:\ProgramData\Malwarebytes
2010-01-07 21:16:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 20:51:19 ----A---- C:\Windows\wininit.ini
2010-01-05 18:54:56 ----A---- C:\Windows\system32\deploytk.dll
2010-01-05 18:54:36 ----D---- C:\Program Files\Java
2010-01-04 11:48:02 ----D---- C:\Program Files\F.E.A.R. 2
2010-01-03 21:22:02 ----D---- C:\Program Files\Split MP3
2010-01-02 21:13:15 ----D---- C:\Users\FunThomas\AppData\Roaming\Spyware Terminator
2010-01-02 21:13:14 ----D---- C:\ProgramData\Spyware Terminator
2010-01-02 21:13:10 ----D---- C:\Program Files\Spyware Terminator
2010-01-02 16:42:02 ----A---- C:\Windows\NeroDigital.ini
2010-01-02 16:20:22 ----D---- C:\Windows\Minidump
2010-01-02 00:09:54 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-02 00:09:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-31 14:25:44 ----D---- C:\Program Files\Unlocker
2009-12-28 21:37:37 ----D---- C:\Program Files\DOOM 3
2009-12-28 11:54:27 ----D---- C:\Program Files\MSXML 4.0
2009-12-27 19:28:26 ----D---- C:\Program Files\Valve
2009-12-27 15:00:31 ----D---- C:\Users\FunThomas\AppData\Roaming\NeroDigital(TM)
2009-12-27 14:56:21 ----D---- C:\Users\FunThomas\AppData\Roaming\Nero
2009-12-27 14:54:33 ----D---- C:\Users\FunThomas\AppData\Roaming\GHISLER
2009-12-27 14:54:33 ----D---- C:\totalcmd
2009-12-27 14:35:00 ----D---- C:\Program Files\Nero
2009-12-27 14:34:38 ----D---- C:\ProgramData\Nero
2009-12-27 14:34:36 ----D---- C:\Program Files\Common Files\Nero
2009-12-27 11:16:48 ----A---- C:\Windows\system32\msonpmon.dll
2009-12-27 11:15:04 ----D---- C:\Program Files\Microsoft Works
2009-12-27 11:14:07 ----D---- C:\Program Files\Microsoft Visual Studio
2009-12-27 11:14:07 ----D---- C:\Program Files\Common Files\DESIGNER
2009-12-27 11:13:18 ----D---- C:\Windows\PCHEALTH
2009-12-27 11:13:18 ----D---- C:\Program Files\Microsoft.NET
2009-12-27 11:11:22 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-12-27 11:10:40 ----D---- C:\Program Files\Microsoft Office
2009-12-27 11:10:39 ----D---- C:\ProgramData\Microsoft Help
2009-12-27 11:08:52 ----RHD---- C:\MSOCache
2009-12-27 11:05:30 ----D---- C:\Program Files\BitLord
2009-12-27 00:46:18 ----HD---- C:\Windows\PIF
2009-12-27 00:04:52 ----D---- C:\Program Files\MagicISO
2009-12-26 23:57:40 ----D---- C:\Users\FunThomas\AppData\Roaming\Foxit
2009-12-26 23:57:25 ----D---- C:\Program Files\Foxit Software
2009-12-26 00:58:35 ----D---- C:\Windows\system32\appmgmt
2009-12-26 00:47:49 ----D---- C:\Zálohy
2009-12-25 22:49:20 ----A---- C:\Windows\game.ini
2009-12-25 22:43:45 ----D---- C:\Program Files\Activision
2009-12-25 21:49:24 ----D---- C:\Users\FunThomas\AppData\Roaming\skypePM
2009-12-25 21:47:31 ----D---- C:\Users\FunThomas\AppData\Roaming\Skype
2009-12-25 21:47:25 ----D---- C:\Program Files\Common Files\Skype
2009-12-25 21:47:23 ----RD---- C:\Program Files\Skype
2009-12-25 21:47:20 ----D---- C:\ProgramData\Skype
2009-12-25 21:39:47 ----D---- C:\Program Files\CCleaner
2009-12-25 20:33:05 ----D---- C:\Users\FunThomas\AppData\Roaming\Macromedia
2009-12-25 20:33:05 ----D---- C:\Users\FunThomas\AppData\Roaming\Adobe
2009-12-25 20:18:46 ----D---- C:\Windows\system32\Macromed
2009-12-25 11:06:29 ----D---- C:\Program Files\Jowood
2009-12-25 00:40:54 ----D---- C:\Program Files\Fraps
2009-12-25 00:35:11 ----D---- C:\Program Files\DAEMON Tools Lite
2009-12-25 00:34:44 ----D---- C:\Users\FunThomas\AppData\Roaming\DAEMON Tools Lite
2009-12-25 00:34:34 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-12-25 00:30:05 ----D---- C:\Program Files\Counter-Strike Source
2009-12-25 00:27:55 ----A---- C:\Windows\system32\msv1_0.dll
2009-12-25 00:26:48 ----A---- C:\Windows\system32\tzres.dll
2009-12-25 00:25:40 ----A---- C:\Windows\system32\MRT.exe
2009-12-25 00:24:17 ----N---- C:\Windows\system32\MpSigStub.exe
2009-12-25 00:21:32 ----D---- C:\Program Files\QIP
2009-12-25 00:20:10 ----A---- C:\Windows\system32\wmp.dll
2009-12-25 00:20:07 ----A---- C:\Windows\system32\CertEnroll.dll
2009-12-25 00:20:06 ----A---- C:\Windows\system32\winload.exe
2009-12-25 00:20:06 ----A---- C:\Windows\explorer.exe
2009-12-25 00:20:05 ----A---- C:\Windows\system32\winresume.exe
2009-12-25 00:20:05 ----A---- C:\Windows\system32\atmfd.dll
2009-12-25 00:20:04 ----A---- C:\Windows\system32\wmploc.DLL
2009-12-25 00:18:46 ----A---- C:\Windows\system32\msasn1.dll
2009-12-24 23:59:15 ----D---- C:\Users\FunThomas\AppData\Roaming\Mozilla
2009-12-24 23:59:07 ----D---- C:\Program Files\Mozilla Firefox
2009-12-24 23:40:44 ----D---- C:\Users\FunThomas\AppData\Roaming\Zoner
2009-12-24 23:40:06 ----D---- C:\Program Files\Zoner
2009-12-24 23:39:32 ----D---- C:\Program Files\Common Files\Ahead
2009-12-24 23:37:17 ----D---- C:\Users\FunThomas\AppData\Roaming\ESET
2009-12-24 23:36:13 ----D---- C:\ProgramData\ESET
2009-12-24 23:36:13 ----D---- C:\Program Files\ESET
2009-12-24 23:33:47 ----A---- C:\Windows\system32\unrar.dll
2009-12-24 23:33:45 ----A---- C:\Windows\system32\yv12vfw.dll
2009-12-24 23:33:45 ----A---- C:\Windows\system32\xvidvfw.dll
2009-12-24 23:33:45 ----A---- C:\Windows\system32\xvidcore.dll
2009-12-24 23:33:45 ----A---- C:\Windows\system32\qt-dx331.dll
2009-12-24 23:33:45 ----A---- C:\Windows\system32\dpl100.dll
2009-12-24 23:33:44 ----A---- C:\Windows\system32\divx.dll
2009-12-24 23:33:43 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-12-24 23:33:43 ----A---- C:\Windows\system32\ff_vfw.dll
2009-12-24 23:33:42 ----A---- C:\Windows\system32\msvcr71.dll
2009-12-24 23:33:41 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-24 23:30:04 ----D---- C:\Program Files\Ultimate Process Manager
2009-12-24 23:29:19 ----D---- C:\Program Files\WinRAR
2009-12-24 23:29:09 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-12-24 23:29:09 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-12-24 23:29:09 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-12-24 23:29:09 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-12-24 23:29:09 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-12-24 23:29:08 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-12-24 23:29:08 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-12-24 23:29:08 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-12-24 23:29:08 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-12-24 23:29:08 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-12-24 23:29:08 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-12-24 23:29:08 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-12-24 23:29:07 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-12-24 23:29:07 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-12-24 23:29:07 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-12-24 23:29:07 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-12-24 23:29:07 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-12-24 23:29:07 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-12-24 23:29:07 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-12-24 23:29:07 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-12-24 23:29:06 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-12-24 23:29:06 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-12-24 23:29:06 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-12-24 23:29:06 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-12-24 23:29:06 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-12-24 23:29:06 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-12-24 23:29:06 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-12-24 23:29:05 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-12-24 23:29:05 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-12-24 23:29:05 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-12-24 23:29:05 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-12-24 23:29:05 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-12-24 23:29:05 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-12-24 23:29:05 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-12-24 23:29:04 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-12-24 23:29:04 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-12-24 23:29:04 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-12-24 23:29:04 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-12-24 23:29:04 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-12-24 23:29:04 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-12-24 23:29:04 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-12-24 23:29:03 ----A---- C:\Windows\system32\xinput1_3.dll
2009-12-24 23:29:03 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-12-24 23:29:03 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-12-24 23:29:03 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-12-24 23:29:03 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-12-24 23:29:03 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-12-24 23:29:02 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-12-24 23:29:02 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-12-24 23:29:02 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-12-24 23:29:02 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-12-24 23:29:02 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-12-24 23:29:02 ----A---- C:\Windows\system32\d3dx10.dll
2009-12-24 23:29:02 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-12-24 23:29:01 ----A---- C:\Windows\system32\xinput1_2.dll
2009-12-24 23:29:01 ----A---- C:\Windows\system32\xinput1_1.dll
2009-12-24 23:29:01 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-12-24 23:29:01 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-12-24 23:29:01 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-12-24 23:29:01 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-12-24 23:29:01 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-12-24 23:29:01 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-12-24 23:29:00 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-12-24 23:28:56 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-12-24 23:28:56 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-12-24 23:28:56 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-12-24 23:28:56 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-12-24 23:28:56 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-12-24 23:28:55 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-12-24 23:28:55 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-12-24 23:28:55 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-12-24 23:28:55 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-12-24 23:27:35 ----D---- C:\Program Files\Everest Ultimate Edition v4.60.1526_SK,CZ_by_kabelman
2009-12-24 23:23:45 ----D---- C:\Users\FunThomas\AppData\Roaming\ATI
2009-12-24 23:23:45 ----D---- C:\ProgramData\ATI
2009-12-24 23:20:09 ----A---- C:\Windows\system32\coinst.dll
2009-12-24 23:20:09 ----A---- C:\Windows\system32\ATIDEMGX.dll
2009-12-24 23:19:19 ----D---- C:\Program Files\ATI
2009-12-24 23:15:35 ----D---- C:\Program Files\ATI Technologies
2009-12-24 23:14:41 ----D---- C:\Program Files\DIFX
2009-12-24 23:14:38 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-24 23:14:38 ----D---- C:\Program Files\AMD
2009-12-24 23:14:18 ----D---- C:\Program Files\Elantech
2009-12-24 23:13:50 ----D---- C:\ProgramData\P4G
2009-12-24 23:13:50 ----D---- C:\Program Files\P4G
2009-12-24 23:13:17 ----A---- C:\Windows\system32\RtNicProp32.dll
2009-12-24 23:13:01 ----D---- C:\Program Files\Realtek
2009-12-24 23:11:54 ----A---- C:\Windows\system32\ServiceFilter.ini
2009-12-24 23:11:54 ----A---- C:\Windows\system32\RemoveFont.ini
2009-12-24 23:11:54 ----A---- C:\Windows\system32\FBAgent.exe
2009-12-24 23:11:54 ----A---- C:\Windows\system32\FastBoot.ini
2009-12-24 23:11:54 ----A---- C:\Windows\system32\Defrag.ini
2009-12-24 23:11:54 ----A---- C:\Windows\system32\BootTime.ini
2009-12-24 23:11:54 ----A---- C:\Windows\system32\AutoRunFilter.ini
2009-12-24 23:11:26 ----A---- C:\Windows\system32\AmUStor.dll
2009-12-24 23:11:24 ----D---- C:\ProgramData\AmUStor
2009-12-24 23:11:23 ----D---- C:\Program Files\AmIcoSingLun
2009-12-24 23:10:36 ----D---- C:\Windows\system32\SRSLabs
2009-12-24 23:10:33 ----A---- C:\Windows\system32\VIASysFx.dll
2009-12-24 23:10:33 ----A---- C:\Windows\system32\VIAPropPageExt.dll
2009-12-24 23:10:33 ----A---- C:\Windows\system32\ViaMicArrayPropPageExt.dll
2009-12-24 23:10:33 ----A---- C:\Windows\system32\ViaMicArrayAPO.dll
2009-12-24 23:10:33 ----A---- C:\Windows\system32\nQPropPageExt.dll
2009-12-24 23:10:33 ----A---- C:\Windows\system32\nQAPO.dll
2009-12-24 23:10:33 ----A---- C:\Windows\system32\Dts2PropPageExt.dll
2009-12-24 23:10:33 ----A---- C:\Windows\system32\Dts2APO.dll
2009-12-24 23:09:44 ----D---- C:\Program Files\VIA
2009-12-24 23:09:27 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-24 23:08:37 ----D---- C:\Program Files\ASUS
2009-12-24 23:08:09 ----SHD---- C:\Windows\Installer
2009-12-24 23:08:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-24 23:08:04 ----D---- C:\Program Files\ATKGFNEX
2009-12-24 23:07:48 ----D---- C:\Users\FunThomas\AppData\Roaming\InstallShield
2009-12-24 23:06:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-24 23:02:33 ----D---- C:\Users\FunThomas\AppData\Roaming\Identities
2009-12-24 23:02:18 ----SD---- C:\Users\FunThomas\AppData\Roaming\Microsoft
2009-12-24 23:02:18 ----D---- C:\Users\FunThomas\AppData\Roaming\Media Center Programs
2009-12-24 23:02:06 ----SHD---- C:\Recovery
2009-12-24 23:02:06 ----SHD---- C:\ProgramData\Šablony
2009-12-24 23:02:06 ----SHD---- C:\ProgramData\Plocha
2009-12-24 23:02:06 ----SHD---- C:\ProgramData\Oblíbené položky
2009-12-24 23:02:06 ----SHD---- C:\ProgramData\Nabídka Start
2009-12-24 23:02:06 ----SHD---- C:\ProgramData\Dokumenty
2009-12-24 23:02:06 ----SHD---- C:\ProgramData\Data aplikací
2009-12-24 22:58:34 ----D---- C:\Windows\SoftwareDistribution
2009-12-24 22:55:54 ----D---- C:\Windows\Prefetch
2009-12-24 22:55:33 ----SHD---- C:\System Volume Information
2009-12-24 22:55:00 ----D---- C:\Windows\Panther
2009-12-24 22:54:48 ----RASH---- C:\BOOTSECT.BAK
2009-12-24 22:54:45 ----SHD---- C:\Boot

======List of files/folders modified in the last 1 months======

2010-01-23 14:33:26 ----D---- C:\Windows\Temp
2010-01-23 13:59:23 ----D---- C:\Windows\system32\Tasks
2010-01-23 10:57:34 ----D---- C:\Windows
2010-01-23 10:17:31 ----D---- C:\Windows\system32\config
2010-01-22 22:21:32 ----D---- C:\Windows\winsxs
2010-01-22 22:20:06 ----D---- C:\Windows\System32
2010-01-22 22:20:06 ----D---- C:\Program Files\Internet Explorer
2010-01-22 21:25:47 ----D---- C:\Windows\system32\NDF
2010-01-22 20:15:08 ----D---- C:\Windows\system32\catroot
2010-01-21 19:38:42 ----HD---- C:\ProgramData
2010-01-21 19:38:41 ----D---- C:\Program Files\Common Files
2010-01-20 21:48:24 ----RD---- C:\Program Files
2010-01-20 17:24:57 ----D---- C:\Windows\inf
2010-01-19 16:13:02 ----D---- C:\Windows\system32\catroot2
2010-01-18 18:00:01 ----D---- C:\Windows\system32\LogFiles
2010-01-16 15:12:01 ----RSD---- C:\Windows\assembly
2010-01-14 22:03:29 ----D---- C:\Windows\system32\drivers
2010-01-14 07:45:24 ----D---- C:\Windows\Registration
2010-01-14 00:06:30 ----D---- C:\Windows\debug
2010-01-12 18:47:27 ----RD---- C:\Users
2010-01-12 09:05:45 ----D---- C:\Windows\system32\wdi
2010-01-09 11:42:56 ----SD---- C:\ProgramData\Microsoft
2010-01-09 11:39:33 ----HD---- C:\Windows\system32\GroupPolicy
2009-12-31 12:00:14 ----D---- C:\Windows\Microsoft.NET
2009-12-31 10:48:47 ----D---- C:\Windows\Logs
2009-12-31 10:45:28 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-27 11:14:34 ----D---- C:\Program Files\MSBuild
2009-12-27 11:14:04 ----D---- C:\Windows\ShellNew
2009-12-27 11:13:29 ----RSD---- C:\Windows\Fonts
2009-12-27 11:11:01 ----A---- C:\Windows\win.ini
2009-12-27 11:10:59 ----D---- C:\Program Files\Common Files\System
2009-12-25 19:44:01 ----D---- C:\Windows\rescache
2009-12-25 00:49:31 ----D---- C:\Windows\AppPatch
2009-12-25 00:49:28 ----D---- C:\Windows\ehome
2009-12-25 00:49:28 ----D---- C:\Program Files\Windows Media Player
2009-12-25 00:49:24 ----D---- C:\Windows\system32\Boot
2009-12-25 00:27:01 ----D---- C:\Windows\system32\cs-CZ
2009-12-24 23:36:38 ----D---- C:\Windows\system32\DriverStore
2009-12-24 23:09:56 ----D---- C:\Windows\system32\CodeIntegrity
2009-12-24 23:07:51 ----D---- C:\Windows\system32\restore
2009-12-24 23:06:34 ----D---- C:\Windows\system32\wbem
2009-12-24 23:02:31 ----SHD---- C:\$Recycle.Bin
2009-12-24 23:02:06 ----D---- C:\Windows\system32\Recovery
2009-12-24 23:02:06 ----D---- C:\Program Files\Windows NT
2009-12-24 22:58:28 ----D---- C:\Windows\system32\sysprep
2009-12-24 22:56:24 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-01-02 142592]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R3 AmdPPM;Ovladač procesoru AMD; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-11 5092864]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-06-12 91136]
R3 HDAudBus;Ovladač sběrnice Microsoft UAA pro zvuk High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mouhid;Ovladač myši standardu HID; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2009-07-14 221184]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2009-07-14 95744]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-06 1766592]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-07-14 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-14 39936]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264]
R3 usbehci;Ovladač miniportu vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\Windows\system32\DRIVERS\usbehci.sys [2009-07-14 41472]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\Windows\system32\DRIVERS\usbhub.sys [2009-07-14 258560]
R3 usbohci;Ovladač miniportu otevřeného hostitelského řadiče Microsoft USB; C:\Windows\system32\DRIVERS\usbohci.sys [2009-07-14 20480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
R3 vwifibus;Ovladač sběrnice Virtual WiFi; C:\Windows\system32\DRIVERS\vwifibus.sys [2009-07-14 19968]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
S3 aazzz8zc;aazzz8zc; C:\Windows\system32\drivers\aazzz8zc.sys []
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912]
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 27136]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-13 11904]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040]
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys [2009-07-14 15424]
S3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [2009-07-14 46656]
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624]
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [2009-07-14 117312]
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [2009-07-14 142416]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-14 85568]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-14 12800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-07-14 1285712]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2009-07-14 146176]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384]


Pokračování v dalším příspěvku (překročení max. počtu znaků)

Pokračování logu:


======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 283264]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-11 172032]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-02 488960]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-14 22528]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 94720]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-14 522752]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 OBJYXE;OBJYXE; C:\Users\FUNTHO~1\AppData\Local\Temp\OBJYXE.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-14 12800]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-14 452608]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688]
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 YYHC;YYHC; C:\Users\FUNTHO~1\AppData\Local\Temp\YYHC.exe []
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]

-----------------EOF-----------------

Dobrý večer

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

Zdravím,
Bohužel používám Windows 7 professional 32bit a combofix píše že pod Win 7 je to beta verze a že za žádných okolností se to normálně nemá instalovat,nevadí, překonal jsem se a spustil ho,hned potom zahlásil problém s virtuální mechanikou - potřebuje ji vypnout.Slovem "vypnout" asi myslel to že mi nepojede daemon tools dokud si ho nepřeinstaluju ale co už...Další krok byl že se otevřelo okno s nápisem správce a blikání kurzoru.Žádný vytížení CPU,žádné blikání HDD ledky, prostě se nic nedělo.

A ještě jednou upozorňuju - důvod proč jsem tady je log z firewalu což může být i falešný poplach a tudíž nikde nemusí být žádný problém

Dobře, zkusíme to jinak





Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)
-počítač se restartuje


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Tak ze zhruba 7 pokusů sem mi jednou povedlo combofix spustit,Všechny pokusy byly na chlup stejné ale prostě jde poznat že jde o betaverzi(nic proti combofixu ) jinak už je odinstalovaný.Mbam,Spyware Terminator ,Eset jsem kontroloval předtím několikrát, pokaždé nikdo nic nenašel-komletní scan,aktualizovaný.

Tomu combofixu jsem málem nevěřiil protože našel to co žádnej jinej program takže i přes tu betaverzi musím pochválit ,Nicméně byl jsem až moc hyperaktivní a smazal jsem si následující položky:

c:\windows\rundll16.exe
c:\windows\RUNDL132.EXE
c:\windows\logo1_.exe
c:\windows\logo_1.exe
c:\windows\system32\eEmpty.exe
c:\windows\PIF

Ostatní nechám posoudit vás =)

Zde již log:


ComboFix 10-01-23.05 - FunThomas 24.01.2010 11:34:45.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3071.2150 [GMT 1:00]
Spuštěný z: c:\users\FunThomas\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-24 10:41 . 2010-01-24 10:41 -------- d-----w- c:\users\FunThomas\AppData\Local\temp
2010-01-24 10:41 . 2010-01-24 10:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-24 09:23 . 2010-01-24 09:23 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-24 09:23 . 2010-01-24 09:23 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-24 09:23 . 2010-01-24 09:23 -------- d---a-w- c:\windows\rundll16.exe
2010-01-24 09:23 . 2010-01-24 09:23 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-24 09:23 . 2010-01-24 09:23 -------- d---a-w- c:\windows\logo1_.exe
2010-01-24 09:23 . 2010-01-24 09:23 -------- d---a-w- c:\windows\logo_1.exe
2010-01-24 00:10 . 2010-01-24 00:10 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-24 00:10 . 2010-01-24 00:10 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-24 00:10 . 2010-01-24 00:10 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-24 00:10 . 2010-01-24 00:10 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-24 00:09 . 2010-01-24 00:10 -------- d-----w- c:\programdata\MicroWorld
2010-01-22 19:15 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 18:38 . 2010-01-21 18:38 -------- d-----w- c:\program files\Common Files\Java
2010-01-21 18:34 . 2010-01-21 18:34 -------- d-----w- c:\windows\Sun
2010-01-20 20:48 . 2010-01-20 20:48 -------- d-----w- c:\program files\oZone3D
2010-01-18 11:50 . 2010-01-18 12:49 -------- d-----w- c:\users\FunThomas\AppData\Local\Temporary Projects
2010-01-16 14:14 . 2010-01-16 14:14 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-16 14:03 . 2010-01-16 14:03 -------- d-----w- c:\program files\Sierra
2010-01-15 14:56 . 2010-01-15 14:57 -------- dc----w- c:\users\FunThomas\AppData\Local\MigWiz
2010-01-14 18:47 . 2010-01-23 13:33 -------- d-----w- c:\program files\trend micro
2010-01-14 18:47 . 2010-01-14 18:54 -------- d-----w- C:\rsit
2010-01-14 17:14 . 2010-01-23 19:06 -------- d-----w- c:\users\FunThomas\AppData\Local\CrashDumps
2010-01-13 10:11 . 2010-01-19 15:38 -------- d-----w- c:\programdata\TmForever
2010-01-13 09:55 . 2010-01-13 09:58 -------- d-----w- c:\program files\TmNationsForever
2010-01-13 07:00 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 06:59 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 18:44 . 2010-01-11 18:44 -------- d-----w- c:\users\FunThomas\AppData\Local\Tific
2010-01-11 18:43 . 2010-01-11 18:43 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Tific
2010-01-11 18:43 . 2010-01-11 18:43 -------- d-----w- c:\users\FunThomas\AppData\Local\Symantec
2010-01-11 18:42 . 2010-01-11 19:05 -------- d-----w- c:\programdata\Norton
2010-01-11 18:42 . 2010-01-11 18:42 -------- d-----w- c:\programdata\NortonInstaller
2010-01-10 20:57 . 2010-01-10 20:57 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 20:40 . 2010-01-10 20:51 -------- d-----w- c:\program files\JPEG to PDF
2010-01-07 20:16 . 2010-01-07 20:16 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Malwarebytes
2010-01-07 20:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 20:16 . 2010-01-07 20:16 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 20:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 20:16 . 2010-01-10 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 17:54 . 2009-12-17 16:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-05 17:54 . 2010-01-21 18:38 -------- d-----w- c:\program files\Java
2010-01-04 20:53 . 2010-01-04 20:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-01-04 20:53 . 2010-01-04 20:53 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-04 10:48 . 2010-01-04 11:02 -------- d-----w- c:\program files\F.E.A.R. 2
2010-01-03 20:22 . 2010-01-03 20:22 -------- d-----w- c:\program files\Split MP3
2010-01-02 20:13 . 2010-01-02 20:13 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-01-02 20:13 . 2010-01-02 20:13 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-01-02 20:13 . 2010-01-02 20:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-02 20:13 . 2010-01-23 12:55 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Spyware Terminator
2010-01-02 20:13 . 2010-01-23 12:55 -------- d-----w- c:\programdata\Spyware Terminator
2010-01-02 20:13 . 2010-01-24 09:58 -------- d-----w- c:\program files\Spyware Terminator
2010-01-01 23:09 . 2010-01-24 00:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-01 23:09 . 2010-01-11 16:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 13:25 . 2010-01-16 14:46 -------- d-----w- c:\program files\Unlocker
2009-12-31 10:37 . 2009-12-31 10:37 -------- d-----w- c:\users\FunThomas\AppData\Local\ESET
2009-12-28 20:37 . 2009-12-31 14:41 -------- d-----w- c:\program files\DOOM 3
2009-12-28 10:54 . 2009-12-28 10:54 -------- d-----w- c:\program files\MSXML 4.0
2009-12-27 19:02 . 2009-12-27 19:02 0 ----a-w- c:\windows\PowerReg.dat
2009-12-27 18:28 . 2009-12-27 18:28 -------- d-----w- c:\program files\Valve
2009-12-27 14:00 . 2009-12-27 14:00 -------- d-----w- c:\users\FunThomas\AppData\Roaming\NeroDigital(TM)
2009-12-27 13:56 . 2009-12-27 13:57 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Nero
2009-12-27 13:55 . 2009-12-27 13:55 -------- d-----w- c:\users\FunThomas\AppData\Local\GHISLER
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\UC.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\RAR.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\LHA.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\ARJ.PIF
2009-12-27 13:54 . 2009-12-27 13:54 -------- d-----w- C:\totalcmd
2009-12-27 13:54 . 2009-12-27 13:54 -------- d-----w- c:\users\FunThomas\AppData\Roaming\GHISLER
2009-12-27 13:35 . 2009-12-27 13:45 -------- d-----w- c:\program files\Nero
2009-12-27 13:34 . 2009-12-27 13:59 -------- d-----w- c:\programdata\Nero
2009-12-27 13:34 . 2009-12-27 13:46 -------- d-----w- c:\program files\Common Files\Nero
2009-12-27 10:16 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-27 10:16 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-27 10:15 . 2009-12-27 10:15 -------- d-----w- c:\program files\Microsoft Works
2009-12-27 10:13 . 2009-12-27 10:13 -------- d-----w- c:\windows\PCHEALTH
2009-12-27 10:13 . 2009-12-27 10:13 -------- d-----w- c:\program files\Microsoft.NET
2009-12-27 10:11 . 2009-12-31 09:45 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-27 10:10 . 2009-12-27 10:10 -------- d-----w- c:\users\FunThomas\AppData\Local\Microsoft Help
2009-12-27 10:10 . 2009-12-31 09:49 -------- d-----w- c:\programdata\Microsoft Help
2009-12-27 10:08 . 2009-12-27 10:08 -------- d-----r- C:\MSOCache
2009-12-27 10:05 . 2009-12-27 10:05 -------- d-----w- c:\program files\BitLord
2009-12-26 23:46 . 2009-12-26 23:46 -------- d--h--w- c:\windows\PIF
2009-12-26 23:04 . 2009-12-27 09:58 -------- d-----w- c:\program files\MagicISO
2009-12-26 22:57 . 2009-12-26 22:57 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Foxit
2009-12-26 22:57 . 2009-12-26 22:57 -------- d-----w- c:\program files\Foxit Software
2009-12-25 23:47 . 2010-01-16 22:57 -------- d-----w- C:\Zálohy
2009-12-25 21:43 . 2009-12-25 21:43 -------- d-----w- c:\program files\Activision
2009-12-25 20:49 . 2009-12-25 20:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-25 20:49 . 2010-01-16 13:17 -------- d-----w- c:\users\FunThomas\AppData\Roaming\skypePM
2009-12-25 20:47 . 2010-01-16 13:18 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Skype
2009-12-25 20:47 . 2009-12-25 20:47 -------- d-----w- c:\program files\Common Files\Skype
2009-12-25 20:47 . 2009-12-25 20:47 -------- d-----r- c:\program files\Skype
2009-12-25 20:47 . 2009-12-25 20:47 -------- d-----w- c:\programdata\Skype
2009-12-25 20:39 . 2009-12-25 20:39 -------- d-----w- c:\program files\CCleaner
2009-12-25 19:18 . 2009-12-25 19:18 -------- d-----w- c:\windows\system32\Macromed

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 00:06 . 2009-12-24 23:35 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-24 00:06 . 2009-12-24 23:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.14484975
2010-01-20 16:24 . 2009-07-14 08:44 625914 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 16:24 . 2009-07-14 08:44 120000 ----a-w- c:\windows\system32\perfc005.dat
2010-01-17 09:31 . 2010-01-17 09:23 -------- d-----w- c:\programdata\SecTaskMan
2010-01-16 14:41 . 2009-12-25 10:06 -------- d-----w- c:\program files\Jowood
2010-01-16 14:03 . 2009-12-24 22:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 13:57 . 2009-12-24 22:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-14 10:12 . 2009-12-24 23:24 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 14:38 . 2009-12-24 23:40 -------- d-----w- c:\program files\Fraps
2010-01-11 20:12 . 2009-12-24 22:30 -------- d-----w- c:\program files\Ultimate Process Manager
2009-12-27 13:57 . 2009-12-24 22:23 108824 ----a-w- c:\users\FunThomas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-27 10:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-26 12:24 . 2009-12-24 23:34 -------- d-----w- c:\users\FunThomas\AppData\Roaming\DAEMON Tools Lite
2009-12-25 16:33 . 2009-12-25 16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-24 23:42 . 2009-12-24 23:30 -------- d-----w- c:\program files\Counter-Strike Source
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-24 23:33 . 2009-12-24 22:27 -------- d-----w- c:\program files\Everest Ultimate Edition v4.60.1526_SK,CZ_by_kabelman
2009-12-24 23:21 . 2009-12-24 23:21 -------- d-----w- c:\program files\QIP
2009-12-24 22:59 . 2009-12-24 22:59 0 ----a-w- c:\windows\nsreg.dat
2009-12-24 22:40 . 2009-12-24 22:40 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Zoner
2009-12-24 22:40 . 2009-12-24 22:40 -------- d-----w- c:\program files\Zoner
2009-12-24 22:39 . 2009-12-24 22:39 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-24 22:36 . 2009-12-24 22:36 -------- d-----w- c:\program files\ESET
2009-12-24 22:33 . 2009-12-24 22:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-24 22:23 . 2009-12-24 22:23 -------- d-----w- c:\users\FunThomas\AppData\Roaming\ATI
2009-12-24 22:23 . 2009-12-24 22:23 -------- d-----w- c:\programdata\ATI
2009-12-24 22:21 . 2009-12-24 22:15 -------- d-----w- c:\program files\ATI Technologies
2009-12-24 22:19 . 2009-12-24 22:19 10134 ----a-r- c:\users\FunThomas\AppData\Roaming\Microsoft\Installer\{7E2C0645-4752-D16B-5156-FF01D4ED185D}\ARPPRODUCTICON.exe
2009-12-24 22:19 . 2009-12-24 22:19 -------- d-----w- c:\program files\ATI
2009-12-24 22:16 . 2009-12-24 22:08 -------- d-----w- c:\program files\ASUS
2009-12-24 22:14 . 2009-12-24 22:14 -------- d-----w- c:\program files\DIFX
2009-12-24 22:14 . 2009-12-24 22:14 -------- d-----w- c:\program files\AMD
2009-12-24 22:14 . 2009-12-24 22:14 -------- d-----w- c:\program files\Elantech
2009-12-24 22:13 . 2009-12-24 22:13 -------- d-----w- c:\program files\P4G
2009-12-24 22:13 . 2009-12-24 22:13 -------- d-----w- c:\programdata\P4G
2009-12-24 22:13 . 2009-12-24 22:13 -------- d-----w- c:\program files\Realtek
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\program files\AmIcoSingLun
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\programdata\AmUStor
2009-12-24 22:10 . 2009-12-24 22:09 -------- d-----w- c:\program files\VIA
2009-12-24 22:08 . 2009-12-24 22:08 -------- d-----w- c:\program files\ATKGFNEX
2009-12-24 22:07 . 2009-12-24 22:07 -------- d-----w- c:\users\FunThomas\AppData\Roaming\InstallShield
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Plocha
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Oblíbené položky
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Šablony
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Nabídka Start
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Dokumenty
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Data aplikací
2009-12-24 21:58 . 2009-12-24 21:58 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-11 12:34 . 2009-11-11 12:34 5092864 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-11 11:59 . 2009-12-24 22:20 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-11 11:59 . 2009-11-11 11:59 360448 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-11 11:58 . 2009-11-11 11:58 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-11 11:57 . 2009-11-11 11:57 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-11 11:57 . 2009-11-11 11:57 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-11 11:56 . 2009-11-11 11:56 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-11 11:56 . 2009-11-11 11:56 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-11 11:56 . 2009-11-11 11:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-11 11:53 . 2009-07-13 22:09 3035136 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-11 11:37 . 2009-11-11 11:37 3602432 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-11 11:19 . 2009-11-11 11:19 2902528 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-11 11:07 . 2009-11-11 11:07 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-11 11:07 . 2009-11-11 11:07 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-11 11:07 . 2009-11-11 11:07 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-11 11:06 . 2009-11-11 11:06 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2009-11-11 11:06 . 2009-11-11 11:06 15360 ----a-w- c:\windows\system32\atigktxx.dll
2009-11-11 11:06 . 2009-11-11 11:06 120320 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2009-11-11 11:06 . 2009-11-11 11:06 29696 ----a-w- c:\windows\system32\atiuxpag.dll
2009-11-11 11:05 . 2009-11-11 11:05 20992 ----a-w- c:\windows\system32\atiu9pag.dll
2009-11-11 10:52 . 2009-11-11 10:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-11 10:40 . 2009-11-11 10:40 12964352 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-11 10:04 . 2009-11-11 10:04 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-11 10:03 . 2009-11-11 10:03 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-11 10:02 . 2009-11-11 10:02 3547136 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-11 09:51 . 2009-12-24 22:20 50176 ----a-w- c:\windows\system32\coinst.dll
2009-10-29 07:22 . 2009-12-24 23:26 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"UMP"="c:\program files\Ultimate Process Manager\UPM.exe" [2009-01-02 1187840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-09-01 233472]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 497536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2010-01-02 2166784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2010-01-02 20:13 2166784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2.1.2010 21:13 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 AFBAgent;AFBAgent;c:\windows\System32\FBAgent.exe [24.12.2009 23:11 283264]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [11.11.2009 12:58 172032]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14.5.2009 15:49 38240]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2.1.2010 0:10 1153368]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\System32\drivers\ETD.sys [24.12.2009 23:14 91136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [24.12.2009 23:13 167936]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [24.12.2009 23:14 27320]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [24.12.2009 23:10 1066496]
S3 AmUStor;AM USB Stroage Driver;c:\windows\System32\drivers\AmUStor.sys [21.8.2009 14:48 27136]
S3 OBJYXE;OBJYXE;c:\users\FUNTHO~1\AppData\Local\Temp\OBJYXE.exe --> c:\users\FUNTHO~1\AppData\Local\Temp\OBJYXE.exe [?]
S3 YYHC;YYHC;c:\users\FUNTHO~1\AppData\Local\Temp\YYHC.exe --> c:\users\FUNTHO~1\AppData\Local\Temp\YYHC.exe [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\FunThomas\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1um50.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-01-24 11:44:36
ComboFix-quarantined-files.txt 2010-01-24 10:44

Před spuštěním: Volných bajtů: 97 479 536 640
Po spuštění: Volných bajtů: 97 764 945 920

- - End Of File - - 266F7989CEAFC45FB3FEDF1DD79CA456

To jste mazal soubory po Mwawu

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

máte spuštěný rezidentní štít u Spybotu i Spyware Terminátora - jeden vypněte

Tak sem to zase několikrát zkusil a napotřetí potřetí se to rozjelo,Všechny štíty co sem měl ,byly vyplé ,i předtím.Mwaw jsem už smazal takže mi to nijak nevadí =). Jinak soubory OBJYXE.exe a YYHC.exe jsou součástí nějakého diagnositického softwaru něco jako RSIT už si nepamatuju jméno, odinstaloval jsem ho a tuším že sem je předtím ještě zvlášt mazal ale možný je všechno že.

Jestli se problém vyřešil zjistím ještě dnes večer.

Moc díky

Log :


ComboFix 10-01-24.03 - FunThomas 25.01.2010 9:24.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3071.2181 [GMT 1:00]
Spuštěný z: c:\users\FunThomas\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\FunThomas\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

FILE ::
"c:\users\FUNTHO~1\AppData\Local\Temp\OBJYXE.exe"
"c:\users\FUNTHO~1\AppData\Local\Temp\YYHC.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_OBJYXE
-------\Service_YYHC


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.

2010-01-25 08:36 . 2010-01-25 08:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-25 08:36 . 2010-01-25 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-24 19:00 . 2010-01-24 19:12 -------- d-----w- c:\program files\WinClamAVShield
2010-01-24 10:44 . 2010-01-25 08:38 -------- d-----w- c:\users\FunThomas\AppData\Local\temp
2010-01-24 09:23 . 2010-01-24 09:23 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-24 09:23 . 2010-01-24 09:23 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-24 00:10 . 2010-01-24 00:10 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-24 00:10 . 2010-01-24 00:10 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-24 00:10 . 2010-01-24 00:10 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-22 19:15 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 18:38 . 2010-01-21 18:38 -------- d-----w- c:\program files\Common Files\Java
2010-01-21 18:34 . 2010-01-21 18:34 -------- d-----w- c:\windows\Sun
2010-01-20 20:48 . 2010-01-20 20:48 -------- d-----w- c:\program files\oZone3D
2010-01-18 11:50 . 2010-01-18 12:49 -------- d-----w- c:\users\FunThomas\AppData\Local\Temporary Projects
2010-01-16 14:14 . 2010-01-16 14:14 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-16 14:03 . 2010-01-16 14:03 -------- d-----w- c:\program files\Sierra
2010-01-15 14:56 . 2010-01-15 14:57 -------- dc----w- c:\users\FunThomas\AppData\Local\MigWiz
2010-01-14 18:47 . 2010-01-23 13:33 -------- d-----w- c:\program files\trend micro
2010-01-14 18:47 . 2010-01-14 18:54 -------- d-----w- C:\rsit
2010-01-14 17:14 . 2010-01-23 19:06 -------- d-----w- c:\users\FunThomas\AppData\Local\CrashDumps
2010-01-13 10:11 . 2010-01-19 15:38 -------- d-----w- c:\programdata\TmForever
2010-01-13 09:55 . 2010-01-13 09:58 -------- d-----w- c:\program files\TmNationsForever
2010-01-13 07:00 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 06:59 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 18:44 . 2010-01-11 18:44 -------- d-----w- c:\users\FunThomas\AppData\Local\Tific
2010-01-11 18:43 . 2010-01-11 18:43 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Tific
2010-01-11 18:43 . 2010-01-11 18:43 -------- d-----w- c:\users\FunThomas\AppData\Local\Symantec
2010-01-11 18:42 . 2010-01-11 19:05 -------- d-----w- c:\programdata\Norton
2010-01-11 18:42 . 2010-01-11 18:42 -------- d-----w- c:\programdata\NortonInstaller
2010-01-10 20:57 . 2010-01-10 20:57 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 20:40 . 2010-01-10 20:51 -------- d-----w- c:\program files\JPEG to PDF
2010-01-07 20:16 . 2010-01-07 20:16 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Malwarebytes
2010-01-07 20:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 20:16 . 2010-01-07 20:16 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 20:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 20:16 . 2010-01-24 20:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 17:54 . 2009-12-17 16:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-05 17:54 . 2010-01-21 18:38 -------- d-----w- c:\program files\Java
2010-01-04 20:53 . 2010-01-04 20:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-01-04 20:53 . 2010-01-04 20:53 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-04 10:48 . 2010-01-04 11:02 -------- d-----w- c:\program files\F.E.A.R. 2
2010-01-03 20:22 . 2010-01-03 20:22 -------- d-----w- c:\program files\Split MP3
2010-01-02 20:13 . 2010-01-02 20:13 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-01-02 20:13 . 2010-01-02 20:13 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-01-02 20:13 . 2010-01-02 20:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-02 20:13 . 2010-01-24 13:10 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Spyware Terminator
2010-01-02 20:13 . 2010-01-23 12:55 -------- d-----w- c:\programdata\Spyware Terminator
2010-01-02 20:13 . 2010-01-24 11:22 -------- d-----w- c:\program files\Spyware Terminator
2010-01-01 23:09 . 2010-01-25 08:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-01 23:09 . 2010-01-11 16:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-31 13:25 . 2010-01-16 14:46 -------- d-----w- c:\program files\Unlocker
2009-12-31 10:37 . 2009-12-31 10:37 -------- d-----w- c:\users\FunThomas\AppData\Local\ESET
2009-12-28 20:37 . 2009-12-31 14:41 -------- d-----w- c:\program files\DOOM 3
2009-12-28 10:54 . 2009-12-28 10:54 -------- d-----w- c:\program files\MSXML 4.0
2009-12-27 19:02 . 2009-12-27 19:02 0 ----a-w- c:\windows\PowerReg.dat
2009-12-27 18:28 . 2009-12-27 18:28 -------- d-----w- c:\program files\Valve
2009-12-27 14:00 . 2009-12-27 14:00 -------- d-----w- c:\users\FunThomas\AppData\Roaming\NeroDigital(TM)
2009-12-27 13:56 . 2009-12-27 13:57 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Nero
2009-12-27 13:55 . 2009-12-27 13:55 -------- d-----w- c:\users\FunThomas\AppData\Local\GHISLER
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\UC.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\RAR.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\LHA.PIF
2009-12-27 13:54 . 2009-09-24 06:50 545 ----a-w- c:\windows\ARJ.PIF
2009-12-27 13:54 . 2009-12-27 13:54 -------- d-----w- C:\totalcmd
2009-12-27 13:54 . 2009-12-27 13:54 -------- d-----w- c:\users\FunThomas\AppData\Roaming\GHISLER
2009-12-27 13:35 . 2009-12-27 13:45 -------- d-----w- c:\program files\Nero
2009-12-27 13:34 . 2009-12-27 13:59 -------- d-----w- c:\programdata\Nero
2009-12-27 13:34 . 2009-12-27 13:46 -------- d-----w- c:\program files\Common Files\Nero
2009-12-27 10:16 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-27 10:16 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-27 10:15 . 2009-12-27 10:15 -------- d-----w- c:\program files\Microsoft Works
2009-12-27 10:13 . 2009-12-27 10:13 -------- d-----w- c:\windows\PCHEALTH
2009-12-27 10:13 . 2009-12-27 10:13 -------- d-----w- c:\program files\Microsoft.NET
2009-12-27 10:11 . 2009-12-31 09:45 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-27 10:10 . 2009-12-27 10:10 -------- d-----w- c:\users\FunThomas\AppData\Local\Microsoft Help
2009-12-27 10:10 . 2009-12-31 09:49 -------- d-----w- c:\programdata\Microsoft Help
2009-12-27 10:08 . 2009-12-27 10:08 -------- d-----r- C:\MSOCache
2009-12-27 10:05 . 2009-12-27 10:05 -------- d-----w- c:\program files\BitLord
2009-12-26 23:04 . 2009-12-27 09:58 -------- d-----w- c:\program files\MagicISO
2009-12-26 22:57 . 2009-12-26 22:57 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Foxit
2009-12-26 22:57 . 2009-12-26 22:57 -------- d-----w- c:\program files\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 00:06 . 2009-12-24 23:35 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-24 00:06 . 2009-12-24 23:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.14484975
2010-01-20 16:24 . 2009-07-14 08:44 625914 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 16:24 . 2009-07-14 08:44 120000 ----a-w- c:\windows\system32\perfc005.dat
2010-01-17 09:31 . 2010-01-17 09:23 -------- d-----w- c:\programdata\SecTaskMan
2010-01-16 14:41 . 2009-12-25 10:06 -------- d-----w- c:\program files\Jowood
2010-01-16 14:03 . 2009-12-24 22:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 13:57 . 2009-12-24 22:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-16 13:18 . 2009-12-25 20:47 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Skype
2010-01-16 13:17 . 2009-12-25 20:49 -------- d-----w- c:\users\FunThomas\AppData\Roaming\skypePM
2010-01-14 10:12 . 2009-12-24 23:24 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 14:38 . 2009-12-24 23:40 -------- d-----w- c:\program files\Fraps
2010-01-11 20:12 . 2009-12-24 22:30 -------- d-----w- c:\program files\Ultimate Process Manager
2009-12-27 13:57 . 2009-12-24 22:23 108824 ----a-w- c:\users\FunThomas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-27 10:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-26 12:24 . 2009-12-24 23:34 -------- d-----w- c:\users\FunThomas\AppData\Roaming\DAEMON Tools Lite
2009-12-25 21:43 . 2009-12-25 21:43 -------- d-----w- c:\program files\Activision
2009-12-25 20:47 . 2009-12-25 20:47 -------- d-----r- c:\program files\Skype
2009-12-25 20:47 . 2009-12-25 20:47 -------- d-----w- c:\program files\Common Files\Skype
2009-12-25 20:47 . 2009-12-25 20:47 -------- d-----w- c:\programdata\Skype
2009-12-25 20:39 . 2009-12-25 20:39 -------- d-----w- c:\program files\CCleaner
2009-12-25 16:33 . 2009-12-25 16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-24 23:42 . 2009-12-24 23:30 -------- d-----w- c:\program files\Counter-Strike Source
2009-12-24 23:34 . 2009-12-24 23:34 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-24 23:33 . 2009-12-24 22:27 -------- d-----w- c:\program files\Everest Ultimate Edition v4.60.1526_SK,CZ_by_kabelman
2009-12-24 23:21 . 2009-12-24 23:21 -------- d-----w- c:\program files\QIP
2009-12-24 22:59 . 2009-12-24 22:59 0 ----a-w- c:\windows\nsreg.dat
2009-12-24 22:40 . 2009-12-24 22:40 -------- d-----w- c:\users\FunThomas\AppData\Roaming\Zoner
2009-12-24 22:40 . 2009-12-24 22:40 -------- d-----w- c:\program files\Zoner
2009-12-24 22:39 . 2009-12-24 22:39 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-24 22:36 . 2009-12-24 22:36 -------- d-----w- c:\program files\ESET
2009-12-24 22:33 . 2009-12-24 22:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-24 22:23 . 2009-12-24 22:23 -------- d-----w- c:\users\FunThomas\AppData\Roaming\ATI
2009-12-24 22:23 . 2009-12-24 22:23 -------- d-----w- c:\programdata\ATI
2009-12-24 22:21 . 2009-12-24 22:15 -------- d-----w- c:\program files\ATI Technologies
2009-12-24 22:19 . 2009-12-24 22:19 10134 ----a-r- c:\users\FunThomas\AppData\Roaming\Microsoft\Installer\{7E2C0645-4752-D16B-5156-FF01D4ED185D}\ARPPRODUCTICON.exe
2009-12-24 22:19 . 2009-12-24 22:19 -------- d-----w- c:\program files\ATI
2009-12-24 22:16 . 2009-12-24 22:08 -------- d-----w- c:\program files\ASUS
2009-12-24 22:14 . 2009-12-24 22:14 -------- d-----w- c:\program files\DIFX
2009-12-24 22:14 . 2009-12-24 22:14 -------- d-----w- c:\program files\AMD
2009-12-24 22:14 . 2009-12-24 22:14 -------- d-----w- c:\program files\Elantech
2009-12-24 22:13 . 2009-12-24 22:13 -------- d-----w- c:\program files\P4G
2009-12-24 22:13 . 2009-12-24 22:13 -------- d-----w- c:\programdata\P4G
2009-12-24 22:13 . 2009-12-24 22:13 -------- d-----w- c:\program files\Realtek
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\program files\AmIcoSingLun
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\programdata\AmUStor
2009-12-24 22:10 . 2009-12-24 22:09 -------- d-----w- c:\program files\VIA
2009-12-24 22:08 . 2009-12-24 22:08 -------- d-----w- c:\program files\ATKGFNEX
2009-12-24 22:07 . 2009-12-24 22:07 -------- d-----w- c:\users\FunThomas\AppData\Roaming\InstallShield
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Plocha
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Oblíbené položky
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Šablony
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Nabídka Start
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Dokumenty
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-sh--we c:\programdata\Data aplikací
2009-12-24 21:58 . 2009-12-24 21:58 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-11 12:34 . 2009-11-11 12:34 5092864 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-11 11:59 . 2009-12-24 22:20 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-11 11:59 . 2009-11-11 11:59 360448 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-11 11:58 . 2009-11-11 11:58 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-11 11:57 . 2009-11-11 11:57 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-11 11:57 . 2009-11-11 11:57 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-11 11:56 . 2009-11-11 11:56 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-11 11:56 . 2009-11-11 11:56 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-11 11:56 . 2009-11-11 11:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-11 11:53 . 2009-07-13 22:09 3035136 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-11 11:37 . 2009-11-11 11:37 3602432 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-11 11:19 . 2009-11-11 11:19 2902528 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-11 11:07 . 2009-11-11 11:07 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-11 11:07 . 2009-11-11 11:07 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-11 11:07 . 2009-11-11 11:07 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-11 11:06 . 2009-11-11 11:06 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2009-11-11 11:06 . 2009-11-11 11:06 15360 ----a-w- c:\windows\system32\atigktxx.dll
2009-11-11 11:06 . 2009-11-11 11:06 120320 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2009-11-11 11:06 . 2009-11-11 11:06 29696 ----a-w- c:\windows\system32\atiuxpag.dll
2009-11-11 11:05 . 2009-11-11 11:05 20992 ----a-w- c:\windows\system32\atiu9pag.dll
2009-11-11 10:52 . 2009-11-11 10:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-11 10:40 . 2009-11-11 10:40 12964352 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-11 10:04 . 2009-11-11 10:04 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-11 10:03 . 2009-11-11 10:03 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-11 10:02 . 2009-11-11 10:02 3547136 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-11 09:51 . 2009-12-24 22:20 50176 ----a-w- c:\windows\system32\coinst.dll
2009-10-29 07:22 . 2009-12-24 23:26 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"UMP"="c:\program files\Ultimate Process Manager\UPM.exe" [2009-01-02 1187840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-09-01 233472]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 497536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-02 2166784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2010-01-02 20:13 2166784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2.1.2010 21:13 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 AFBAgent;AFBAgent;c:\windows\System32\FBAgent.exe [24.12.2009 23:11 283264]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [11.11.2009 12:58 172032]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14.5.2009 15:49 38240]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2.1.2010 0:10 1153368]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\System32\drivers\ETD.sys [24.12.2009 23:14 91136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [24.12.2009 23:13 167936]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [24.12.2009 23:14 27320]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [24.12.2009 23:10 1066496]
S3 AmUStor;AM USB Stroage Driver;c:\windows\System32\drivers\AmUStor.sys [21.8.2009 14:48 27136]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\FunThomas\AppData\Roaming\Mozilla\Firefox\Profiles\vqe1um50.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\taskhost.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-25 09:43:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 08:43

Před spuštěním: Volných bajtů: 97 393 377 280
Po spuštění: Volných bajtů: 97 187 954 688

- - End Of File - - 8B270663C4780D21B254BF785AEA4D14

Tím vypnutím rezidentního štítu u Spybotu nebo Terminátora myslím natrvalo, mohli by se mezi sebou prát

Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.



Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir


Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)


Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

Dejte vědět jak to vypadá s počítačem

Nic se nevyřešilo,pořád stejný problém.Už fakt nevím jak se toho zbavit

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku drivers, pak Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem

GMER první log :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-27 18:07:46
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\FUNTHO~1\AppData\Local\Temp\fxtdrfow.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851851F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:260] 86486930

---- EOF - GMER 1.0.15 ----



GMER druhý log:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 18:33:54
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\FUNTHO~1\AppData\Local\Temp\fxtdrfow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8F50488E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8F5040EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8F503DCE]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8F505938]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8F503ED8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8F503FC2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8F504BBC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8F5043F4]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8F504526]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8F503BFC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8F504B04]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8F50470C]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A062D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A05898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7D579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82AA97B8 4 Bytes [8E, 48, 50, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82AA97F8 4 Bytes [EC, 40, 50, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 308 82AA9808 4 Bytes [CE, 3D, 50, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82AA9840 4 Bytes [38, 59, 50, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 38C 82AA988C 4 Bytes [D8, 3E, 50, 8F]
.text ...
? System32\Drivers\spbb.sys Systém nemůže nalézt uvedenou cestu. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90820000, 0x2C21AE, 0xE8000020]
.text USBPORT.SYS!DllUnload 9176ACA0 5 Bytes JMP 8651D1D8
.text aeiqx8em.SYS 90F43000 12 Bytes [44, 88, A0, 82, EE, 86, A0, ...]
.text aeiqx8em.SYS 90F4300D 9 Bytes [67, A0, 82, 48, 8B, A0, 82, ...]
.text aeiqx8em.SYS 90F43017 170 Bytes [00, DE, 77, F2, 8A, E6, 75, ...]
.text aeiqx8em.SYS 90F430C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text aeiqx8em.SYS 90F430CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 9BE15C9E 27 Bytes [1A, 56, B2, 24, 4A, 7A, DE, ...]
.text peauth.sys 9BE15CC2 27 Bytes [1A, 56, B2, 24, 4A, 7A, DE, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 75F33142 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\Explorer.EXE[2812] SHELL32.dll!SHFileOperationW 764C96B8 5 Bytes JMP 030E1102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4236] ntdll.dll!LdrLoadDll 7789F585 5 Bytes JMP 00E013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8AE2B042] \SystemRoot\System32\Drivers\spbb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8AE2B6D6] \SystemRoot\System32\Drivers\spbb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8AE2B800] \SystemRoot\System32\Drivers\spbb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8AE2B13E] \SystemRoot\System32\Drivers\spbb.sys
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\aeiqx8em.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851851F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\NetBT \Device\NetBT_Tcpip_{6919A4E0-5875-4971-BDCA-749F3F0F1DEC} 864071F8
Device \Driver\volmgr \Device\VolMgrControl 8517F1F8
Device \Driver\usbohci \Device\USBPDO-0 8651E1F8
Device \Driver\usbohci \Device\USBPDO-1 8651E1F8
Device \Driver\usbehci \Device\USBPDO-2 865121F8
Device \Driver\usbohci \Device\USBPDO-3 8651E1F8
Device \Driver\usbehci \Device\USBPDO-4 865121F8
Device \Driver\usbohci \Device\USBPDO-5 8651E1F8
Device \Driver\ACPI_HAL \Device\00000070 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 8517F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8517F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8631E1F8
Device \Driver\cdrom \Device\CdRom1 8631E1F8
Device \Driver\amdsata \Device\00000080 851831F8
Device \Driver\amdsata \Device\00000081 851831F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 864071F8
Device \Driver\amdsata \Device\RaidPort0 851831F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C668FF61-AF98-4A9E-AE6F-B5BEEB5F1B02} 864071F8
Device \Driver\usbohci \Device\USBFDO-0 8651E1F8
Device \Driver\usbohci \Device\USBFDO-1 8651E1F8
Device \Driver\usbehci \Device\USBFDO-2 865121F8
Device \Driver\usbohci \Device\USBFDO-3 8651E1F8
Device \Driver\PCI_PNP3418 \Device\0000007c spbb.sys
Device \Driver\usbehci \Device\USBFDO-4 865121F8
Device \Driver\usbohci \Device\USBFDO-5 8651E1F8
Device \Driver\sptd \Device\3965881419 spbb.sys
Device \Driver\aeiqx8em \Device\Scsi\aeiqx8em1Port1Path0Target0Lun0 865EF1F8
Device \Driver\aeiqx8em \Device\Scsi\aeiqx8em1 865EF1F8

---- Threads - GMER 1.0.15 ----

Thread System [4:260] 86486930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR9285 \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???u????????????????????????????????????????????????PnP Filter???????????????v??es????<??s????????h??????????????????????????????~???????~?????s????45000?????b??s?????????n??????????????????????????|??????/?g?/??? ???????s?????s?????s????????????????????s??????????s???????????e??? ???????s???????????s???????????????????????????s???????????s??????????????s????s?s???????s????? ???????o?????s?????s??????????h?x???????e???????h??s?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??s??????p???FSFilter Activity Monitor??????s??????>??s????????h?????system32\drivers\filetrace.sys????????h??s?????????n????@%SystemRoot%\system32\drivers\filetrace.sys,-10000?????FltMgr??????????????????????????????????????t????????s?????????????????????g?????????????????????s?s?s?s?s?s?s?s?s???????s???????????e??? ???????s?????s?????s?,??0?????2?????????s???????2??s???????????e??FileTrace - Top Instance????? ???????s???????????s?,????????????????????????????385000???????s??????????????s????s?s???????s????? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCD 0x83 0x56 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB6 0x1A 0x85 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x54 0x54 0x38 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR9285 \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???j?o???j???????????D??????\l???????????????????????j???????j???????????????Z??????????mouclass?????? ??h???????e???????[???????e???}?}?}??LegacyDriver?????j?~?}????N???????????D??????k?k?j??Microsoft 6to4 Adapter??????nettun.inf??????????????????????System?exe???????j??????s??????? ??????????s?4??mrxsmb???????????????????3????N??k????????D??????????????????????????????j??? ???3???????i???????e???j???????k??Rasl2tp??1????N??j??? ????D??3??????SymIRON??????}?}????RasPppoe?????????????m?????s????RasSstp??1??LegacyDriver?N???????[???N???e???????g???????e??LegacyDriver????LegacyDriver????swenum???????}?}?|????X??????????y??????@????0?gc????}?s?v??????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ???Z??? ???????3???? ??[??????????disk?????}?u?}???j?j?j?j?j?j????SYMTDIv?????????????????????System???-?????? ????s?????s? ???????i????????????B??k???????????????????????????}?}=%??disk?s??? ???????k?????j?????j?/???????????? ????????4???????????/??????????? ???????j???????????j?/????????N????????4?????
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{0AA64FC3-F0D7-11DE-96F4-806E6F6E6963} 363984512

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00601.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00602.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00603.log 1048576 bytes

---- EOF - GMER 1.0.15 ----

Mám problém ohledně Eset Smart Security 4 , v logu firewallu mi píše mi že byl detekováno zneužití skrytého kanálu v ICMP paketu

tu by bolo treba zistit, komu patri 193.168.2.101.
Ak je to router, tak to moze byt od neho. Niektore routery obcas vysielaju ICMP pakety, ktore firewall vyhodnoti ako neziaduce.
Ak mas pevnu IP moze ist vazne o utok.

dělá to však pouze když se připojím na domácí síť , nikde jinde

U niektorych providerov je to proste divocina.
Kazdopadne bud rad, ze firewall funguje tak ako ma, svoju ulohu si plni, takze je to ok.

193.168.2.101 jsem právě že já - notebook, 193.168.2.1 je router ale to určitě víš . Normálně bych to vůbec neřešil ale bohužel ještě před vánocema měl firewall na stolním PC(193.168.2.100) v logu několikrát útok Portscan ode mě a hned na to útoky (napamatuju si jaký typ útoku,log už není ).Od té doby jsem to začal na notebooku řešit a snažil sem se smazat šmejdy(žádnej antivir nic nenašel,až za nějakej čas Eset hlásil že se stahujou další šmejdy,ale ne co je stahuje což byl nakonec právě nenápadný svhost.exe uvedený v mým prvním příspěvku) ,víceméně se mi to povedlo,až na to co právě teď řešíme

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.