VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Poprosil by som o kontrou logu.

https://forum.viry.cz:443/viewtopic.php?t=99381

Stránka 1 z 1

Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 08:30
od maxim-SK
======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1146985736-834458136-1158310727-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1146985736-834458136-1158310727-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\1647\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-03-22 1230288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-27 1598744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-03-22 1230288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-25 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-25 129560]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-10-25 413696]
"HDMICtrlMan"=C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [2008-01-25 716800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-11-29 1029416]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-01-22 712704]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-27 2059544]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-03-27 2166784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2007-12-29 430080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Google Update"=C:\Users\Dadka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 136176]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-03-27 3037696]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\01610653708314819892202084932331]
C:\Program Files\Antivirus 2009\av2009.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyperappelPL2003]
C:\Program Files\Larousse\Petit Larousse 2004\bin\HiPL2002popup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ieupdate]
C:\Windows\system32\ieexplorer32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobilityManager]
C:\Program Files\Mobility Manager\MobilityManager []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-13 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ee2276-6e1c-11dd-b102-001f3c3c1bb7}]
shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af6bdb2-6e4a-11de-a9a3-001e68555e87}]
shell\AutoRun\command - G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
shell\open\command - G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af6bdb8-6e4a-11de-a9a3-001e68555e87}]
shell\AutoRun\command - D:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
shell\open\command - D:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c78edb8-70b7-11de-ac5f-001e68555e87}]
shell\AutoRun\command - G:\ste8.bat
shell\open\command - G:\ste8.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7775c4c8-6edd-11de-ae1d-00037aaca486}]
shell\AutoRun\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe
shell\open\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbhelp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7775c5dc-6edd-11de-ae1d-00037aaca486}]
shell\AutoRun\command - D:\F\UCK\FK.exe
shell\open\command - D:\F\UCK\FK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{825f0daa-0a48-11de-991a-00037aaca486}]
shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8adc2263-6c88-11de-ad62-001e68555e87}]
shell\AutoRun\command - D:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
shell\open\command - D:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab291db1-764c-11de-bd32-001e68555e87}]
shell\AutoRun\command - G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
shell\open\command - G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0af40de-dd60-11dd-8943-00037aaca486}]
shell\AutoRun\command - D:\i.com
shell\open\command - D:\i.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9328a78-3d0b-11dd-b5aa-001f3c3c1bb7}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f08f68b8-b556-11dd-8b42-00037aaca486}]
shell\AutoRun\command - D:\yannh.cmd
shell\explore\command - D:\yannh.cmd
shell\open\command - D:\yannh.cmd


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-03-27 08:14:28 ----D---- C:\rsit
2010-03-27 08:14:28 ----D---- C:\Program Files\trend micro
2010-03-27 02:12:12 ----D---- C:\Windows\system32\custom matrices
2010-03-27 02:11:27 ----D---- C:\Windows\system32\QuickTime
2010-03-27 02:11:25 ----D---- C:\Windows\system32\C2MP
2010-03-27 02:07:25 ----D---- C:\Users\Dadka\AppData\Roaming\Skype
2010-03-27 02:07:07 ----D---- C:\Program Files\Common Files\Skype
2010-03-27 02:06:58 ----RD---- C:\Program Files\Skype
2010-03-27 01:56:09 ----D---- C:\Program Files\Common Files\Adobe
2010-03-27 01:56:09 ----D---- C:\Program Files\Adobe
2010-03-27 01:52:17 ----HD---- C:\$AVG
2010-03-27 01:12:34 ----D---- C:\Program Files\Crawler
2010-03-27 01:12:30 ----D---- C:\Users\Dadka\AppData\Roaming\Spyware Terminator
2010-03-27 01:12:25 ----D---- C:\ProgramData\Spyware Terminator
2010-03-27 01:12:23 ----D---- C:\Program Files\Spyware Terminator
2010-03-27 01:01:14 ----A---- C:\Windows\system32\avgrsstx.dll
2010-03-27 01:00:03 ----D---- C:\ProgramData\AVG Security Toolbar
2010-03-27 00:59:38 ----D---- C:\ProgramData\avg9
2010-03-27 00:32:24 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-26 22:48:00 ----D---- C:\Users\Dadka\AppData\Roaming\Ashampoo
2010-03-26 22:47:55 ----D---- C:\ProgramData\ashampoo
2010-03-26 22:47:49 ----D---- C:\Program Files\Ashampoo
2010-03-26 22:26:36 ----A---- C:\Windows\_MSRSTRT.EXE
2010-03-10 11:21:20 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-10 11:21:12 ----A---- C:\Windows\system32\httpapi.dll
2010-03-04 14:30:51 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-04 14:30:51 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-03-03 16:37:33 ----D---- C:\Program Files\Windows Portable Devices
2010-03-03 16:25:48 ----A---- C:\Windows\system32\UIAnimation.dll
2010-03-03 16:25:41 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-03-03 16:25:40 ----A---- C:\Windows\system32\UIRibbon.dll
2010-03-03 16:23:47 ----A---- C:\Windows\system32\WMPhoto.dll
2010-03-03 16:23:44 ----A---- C:\Windows\system32\cdd.dll
2010-03-03 16:23:40 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-03-03 16:23:40 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-03-03 16:23:40 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-03-03 16:23:40 ----A---- C:\Windows\system32\d3d10warp.dll
2010-03-03 16:23:39 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-03-03 16:23:39 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-03-03 16:23:39 ----A---- C:\Windows\system32\dxdiagn.dll
2010-03-03 16:23:39 ----A---- C:\Windows\system32\d2d1.dll
2010-03-03 16:23:38 ----A---- C:\Windows\system32\XpsPrint.dll
2010-03-03 16:23:38 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-03-03 16:23:38 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-03-03 16:23:38 ----A---- C:\Windows\system32\dxdiag.exe
2010-03-03 16:23:37 ----A---- C:\Windows\system32\xpsservices.dll
2010-03-03 16:23:37 ----A---- C:\Windows\system32\OpcServices.dll
2010-03-03 16:23:36 ----A---- C:\Windows\system32\FntCache.dll
2010-03-03 16:23:36 ----A---- C:\Windows\system32\DWrite.dll
2010-03-03 16:23:36 ----A---- C:\Windows\system32\d3d10level9.dll
2010-03-03 16:23:36 ----A---- C:\Windows\system32\d3d10core.dll
2010-03-03 16:23:36 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-03-03 16:23:35 ----A---- C:\Windows\system32\dxgi.dll
2010-03-03 16:23:35 ----A---- C:\Windows\system32\d3d11.dll
2010-03-03 16:23:35 ----A---- C:\Windows\system32\d3d10_1.dll
2010-03-03 16:23:35 ----A---- C:\Windows\system32\d3d10.dll
2010-03-03 16:22:05 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-03-03 16:22:05 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-03-03 16:22:05 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-03-03 16:21:56 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-03-03 16:21:48 ----A---- C:\Windows\system32\WpdMtpUS.dll
2010-03-03 16:21:48 ----A---- C:\Windows\system32\WpdConns.dll
2010-03-03 16:21:47 ----A---- C:\Windows\system32\wpdshext.dll
2010-03-03 16:21:46 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-03-03 16:21:46 ----A---- C:\Windows\system32\WpdMtp.dll
2010-03-03 16:21:46 ----A---- C:\Windows\system32\wpd_ci.dll
2010-03-03 16:21:46 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-03-03 16:21:46 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-03-03 16:21:46 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-03-03 16:21:46 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-03-03 16:21:45 ----A---- C:\Windows\system32\WPDSp.dll
2010-03-03 16:18:23 ----A---- C:\Windows\system32\oleaccrc.dll
2010-03-03 16:18:19 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-03-03 16:18:19 ----A---- C:\Windows\system32\oleacc.dll
2010-03-02 22:00:52 ----A---- C:\Windows\system32\gameux.dll
2010-03-02 22:00:50 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-03-02 22:00:49 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-03-02 16:33:00 ----D---- C:\Windows\system32\eu-ES
2010-03-02 16:33:00 ----D---- C:\Windows\system32\ca-ES
2010-03-02 16:32:53 ----D---- C:\Windows\system32\vi-VN
2010-03-02 15:15:22 ----D---- C:\Windows\system32\EventProviders
2010-02-23 20:21:58 ----A---- C:\Windows\system32\jscript.dll
2010-02-23 20:21:08 ----A---- C:\Windows\system32\tzres.dll
2010-02-23 20:19:41 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-23 20:19:38 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-23 20:19:14 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-23 20:19:14 ----A---- C:\Windows\system32\secproc.dll
2010-02-23 20:18:55 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-23 20:18:54 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:18:53 ----A---- C:\Windows\system32\msdrm.dll
2010-02-23 20:18:52 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-23 20:18:52 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-21 15:57:36 ----A---- C:\Windows\system32\occache.dll
2010-02-21 15:57:35 ----A---- C:\Windows\system32\jsproxy.dll
2010-02-21 15:57:35 ----A---- C:\Windows\system32\iepeers.dll
2010-02-21 15:57:34 ----A---- C:\Windows\system32\msfeeds.dll
2010-02-21 15:57:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-02-21 15:57:32 ----A---- C:\Windows\system32\ieui.dll
2010-02-21 15:57:31 ----A---- C:\Windows\system32\iesetup.dll
2010-02-21 15:57:31 ----A---- C:\Windows\system32\iernonce.dll
2010-02-21 15:57:30 ----A---- C:\Windows\system32\wininet.dll
2010-02-21 15:57:29 ----A---- C:\Windows\system32\msfeedssync.exe
2010-02-21 15:57:29 ----A---- C:\Windows\system32\ie4uinit.exe
2010-02-21 15:57:28 ----A---- C:\Windows\system32\iertutil.dll
2010-02-21 15:57:28 ----A---- C:\Windows\system32\iedkcs32.dll
2010-02-21 15:57:27 ----A---- C:\Windows\system32\ieUnatt.exe
2010-02-21 15:57:27 ----A---- C:\Windows\system32\iesysprep.dll
2010-02-21 15:57:26 ----A---- C:\Windows\system32\urlmon.dll
2010-02-21 15:57:21 ----A---- C:\Windows\system32\ieframe.dll
2010-02-21 15:57:20 ----A---- C:\Windows\system32\mshtml.dll
2010-02-21 15:53:22 ----A---- C:\Windows\system32\mshtmled.dll
2010-02-21 15:53:21 ----A---- C:\Windows\system32\mshtmler.dll
2010-02-21 15:53:21 ----A---- C:\Windows\system32\icardie.dll
2010-02-21 15:53:21 ----A---- C:\Windows\system32\admparse.dll
2010-02-21 15:53:19 ----A---- C:\Windows\system32\msls31.dll
2010-02-21 15:53:19 ----A---- C:\Windows\system32\corpol.dll
2010-02-21 15:53:18 ----A---- C:\Windows\system32\ieakeng.dll
2010-02-21 15:53:17 ----A---- C:\Windows\system32\imgutil.dll
2010-02-21 15:53:17 ----A---- C:\Windows\system32\dxtrans.dll
2010-02-21 15:53:17 ----A---- C:\Windows\system32\dxtmsft.dll
2010-02-21 15:53:14 ----A---- C:\Windows\system32\licmgr10.dll
2010-02-21 15:53:14 ----A---- C:\Windows\system32\inseng.dll
2010-02-21 15:53:13 ----A---- C:\Windows\system32\ieaksie.dll
2010-02-21 15:53:12 ----A---- C:\Windows\system32\msrating.dll
2010-02-21 15:53:11 ----A---- C:\Windows\system32\webcheck.dll
2010-02-21 15:53:10 ----A---- C:\Windows\system32\WinFXDocObj.exe
2010-02-21 15:53:10 ----A---- C:\Windows\system32\wextract.exe
2010-02-21 15:53:10 ----A---- C:\Windows\system32\ieakui.dll
2010-02-21 15:53:09 ----A---- C:\Windows\system32\mstime.dll
2010-02-21 15:53:07 ----A---- C:\Windows\system32\pngfilt.dll
2010-02-21 15:53:07 ----A---- C:\Windows\system32\advpack.dll
2010-02-21 15:53:05 ----A---- C:\Windows\system32\ieapfltr.dll
2010-02-21 15:53:04 ----A---- C:\Windows\system32\vbscript.dll
2010-02-21 15:53:03 ----A---- C:\Windows\system32\url.dll
2010-02-21 15:52:57 ----A---- C:\Windows\system32\mshta.exe
2010-02-21 15:52:57 ----A---- C:\Windows\system32\iexpress.exe
2010-02-21 15:52:56 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-02-21 15:52:56 ----A---- C:\Windows\system32\SetDepNx.exe
2010-02-21 15:52:56 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-02-21 15:52:56 ----A---- C:\Windows\system32\PDMSetup.exe
2010-02-13 14:27:15 ----D---- C:\Program Files\Common Files\PC Tools
2010-02-13 14:26:55 ----AD---- C:\ProgramData\TEMP
2010-02-11 22:08:33 ----A---- C:\Windows\system32\quartz.dll
2010-02-11 22:08:32 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-11 22:08:32 ----A---- C:\Windows\system32\msyuv.dll
2010-02-11 22:08:32 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-11 22:08:32 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-11 22:08:32 ----A---- C:\Windows\system32\msrle32.dll
2010-02-11 22:08:32 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-11 22:08:32 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-11 22:08:32 ----A---- C:\Windows\system32\avifil32.dll
2010-01-22 14:45:45 ----A---- C:\Windows\system32\winhttp.dll
2010-01-21 11:57:20 ----A---- C:\Windows\system32\kerberos.dll
2010-01-21 11:57:16 ----A---- C:\Windows\system32\schannel.dll
2010-01-12 19:04:08 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 19:04:08 ----A---- C:\Windows\system32\fontsub.dll
2010-01-10 09:15:06 ----A---- C:\Windows\system32\agremove.exe

======List of files/folders modified in the last 3 months======

2010-03-27 08:14:28 ----RD---- C:\Program Files
2010-03-27 08:14:00 ----D---- C:\Windows\Temp
2010-03-27 08:14:00 ----D---- C:\Windows\Prefetch
2010-03-27 02:33:52 ----SHD---- C:\System Volume Information
2010-03-27 02:12:26 ----AD---- C:\Windows\System32
2010-03-27 02:07:21 ----SHD---- C:\Windows\Installer
2010-03-27 02:07:20 ----D---- C:\Windows\system32\Tasks
2010-03-27 02:07:07 ----D---- C:\Program Files\Common Files
2010-03-27 02:06:58 ----D---- C:\ProgramData\Skype
2010-03-27 01:57:57 ----D---- C:\ProgramData\Adobe
2010-03-27 01:12:32 ----D---- C:\Windows\system32\drivers
2010-03-27 01:12:25 ----HD---- C:\ProgramData
2010-03-27 00:59:39 ----D---- C:\Program Files\AVG
2010-03-27 00:58:46 ----D---- C:\Windows\winsxs
2010-03-27 00:57:02 ----D---- C:\Windows
2010-03-27 00:43:24 ----D---- C:\Windows\inf
2010-03-27 00:43:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-27 00:43:14 ----D---- C:\Windows\Tasks
2010-03-27 00:32:39 ----D---- C:\Windows\system32\catroot
2010-03-26 23:55:13 ----D---- C:\Program Files\PWN
2010-03-26 23:48:04 ----D---- C:\Program Files\Microsoft Office
2010-03-26 23:48:00 ----D---- C:\Program Files\Common Files\microsoft shared
2010-03-26 23:04:39 ----RSD---- C:\Windows\assembly
2010-03-26 23:04:18 ----D---- C:\Windows\PCHealth
2010-03-26 23:04:11 ----RSD---- C:\Windows\Fonts
2010-03-26 23:04:11 ----D---- C:\Program Files\Common Files\System
2010-03-26 23:03:41 ----D---- C:\Windows\ShellNew
2010-03-26 23:03:03 ----A---- C:\Windows\win.ini
2010-03-26 22:59:49 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-26 22:59:49 ----D---- C:\Program Files\Larousse
2010-03-26 22:43:58 ----D---- C:\Program Files\Winamp
2010-03-26 22:41:04 ----D---- C:\Program Files\Stylish Profile
2010-03-26 22:26:38 ----D---- C:\Windows\system32\Macromed
2010-03-26 22:12:07 ----D---- C:\Program Files\Google
2010-03-23 22:29:40 ----D---- C:\Program Files\Internet Explorer
2010-03-23 20:32:55 ----D---- C:\Windows\system32\catroot2
2010-03-10 18:21:21 ----D---- C:\Program Files\Windows Mail
2010-03-10 18:21:21 ----D---- C:\Program Files\Movie Maker
2010-03-04 14:34:36 ----D---- C:\Windows\rescache
2010-03-03 16:43:36 ----D---- C:\Windows\Microsoft.NET
2010-03-03 16:37:38 ----D---- C:\Windows\system32\cs-CZ
2010-03-03 16:37:33 ----D---- C:\Windows\system32\wbem
2010-03-03 16:37:27 ----D---- C:\Windows\system32\zh-HK
2010-03-03 16:37:27 ----D---- C:\Windows\system32\uk-UA
2010-03-03 16:37:27 ----D---- C:\Windows\system32\sl-SI
2010-03-03 16:37:27 ----D---- C:\Windows\system32\pt-PT
2010-03-03 16:37:27 ----D---- C:\Windows\system32\pt-BR
2010-03-03 16:37:27 ----D---- C:\Windows\system32\pl-PL
2010-03-03 16:37:27 ----D---- C:\Windows\system32\nl-NL
2010-03-03 16:37:27 ----D---- C:\Windows\system32\ko-KR
2010-03-03 16:37:27 ----D---- C:\Windows\system32\it-IT
2010-03-03 16:37:27 ----D---- C:\Windows\system32\hu-HU
2010-03-03 16:37:27 ----D---- C:\Windows\system32\hr-HR
2010-03-03 16:37:27 ----D---- C:\Windows\system32\he-IL
2010-03-03 16:37:27 ----D---- C:\Windows\system32\el-GR
2010-03-03 16:37:27 ----D---- C:\Windows\system32\bg-BG
2010-03-03 16:37:26 ----D---- C:\Windows\system32\zh-TW
2010-03-03 16:37:26 ----D---- C:\Windows\system32\zh-CN
2010-03-03 16:37:26 ----D---- C:\Windows\system32\tr-TR
2010-03-03 16:37:26 ----D---- C:\Windows\system32\th-TH
2010-03-03 16:37:26 ----D---- C:\Windows\system32\sv-SE
2010-03-03 16:37:26 ----D---- C:\Windows\system32\sr-Latn-CS
2010-03-03 16:37:26 ----D---- C:\Windows\system32\sk-SK
2010-03-03 16:37:26 ----D---- C:\Windows\system32\ru-RU
2010-03-03 16:37:26 ----D---- C:\Windows\system32\ro-RO
2010-03-03 16:37:26 ----D---- C:\Windows\system32\nb-NO
2010-03-03 16:37:26 ----D---- C:\Windows\system32\lv-LV
2010-03-03 16:37:26 ----D---- C:\Windows\system32\lt-LT
2010-03-03 16:37:26 ----D---- C:\Windows\system32\ja-JP
2010-03-03 16:37:26 ----D---- C:\Windows\system32\fr-FR
2010-03-03 16:37:26 ----D---- C:\Windows\system32\fi-FI
2010-03-03 16:37:26 ----D---- C:\Windows\system32\et-EE
2010-03-03 16:37:26 ----D---- C:\Windows\system32\es-ES
2010-03-03 16:37:26 ----D---- C:\Windows\system32\en-US
2010-03-03 16:37:26 ----D---- C:\Windows\system32\de-DE
2010-03-03 16:37:26 ----D---- C:\Windows\system32\da-DK
2010-03-03 16:37:26 ----D---- C:\Windows\system32\ar-SA
2010-03-03 16:37:21 ----D---- C:\Windows\AppPatch
2010-03-02 16:48:16 ----SHD---- C:\Boot
2010-03-02 16:38:02 ----D---- C:\Program Files\Windows Calendar
2010-03-02 16:37:58 ----D---- C:\Program Files\Windows Sidebar
2010-03-02 16:37:57 ----D---- C:\Program Files\Windows Media Player
2010-03-02 16:37:56 ----D---- C:\Program Files\Windows Collaboration
2010-03-02 16:37:55 ----D---- C:\Program Files\Windows Journal
2010-03-02 16:37:50 ----D---- C:\Program Files\Windows Photo Gallery
2010-03-02 16:37:37 ----D---- C:\Program Files\Windows Defender
2010-03-02 16:37:36 ----D---- C:\Windows\servicing
2010-03-02 16:37:35 ----D---- C:\Windows\ehome
2010-03-02 16:36:50 ----D---- C:\Windows\system32\XPSViewer
2010-03-02 16:36:50 ----D---- C:\Windows\IME
2010-03-02 16:36:49 ----AD---- C:\Windows\system32\oobe
2010-03-02 16:36:48 ----D---- C:\Windows\system32\migration
2010-03-02 16:36:36 ----D---- C:\Windows\system32\AdvancedInstallers
2010-03-02 16:36:35 ----D---- C:\Windows\system32\setup
2010-03-02 16:36:35 ----D---- C:\Windows\system32\cs
2010-03-02 16:36:30 ----D---- C:\Windows\system32\SLUI
2010-03-02 16:36:29 ----D---- C:\Windows\system32\manifeststore
2010-03-02 16:36:13 ----D---- C:\Windows\system32\migwiz
2010-03-02 16:32:53 ----D---- C:\Windows\system32\Boot
2010-03-02 06:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-21 16:02:47 ----D---- C:\Windows\PolicyDefinitions
2010-02-16 20:32:27 ----D---- C:\Users\Dadka\AppData\Roaming\skypePM
2010-02-13 14:45:48 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-03-27 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-03-27 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-03-27 242696]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-03-27 142592]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
R3 QIOMem;Generic IO & Memory Access; C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-11-29 196144]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FlrnUSB;Leadtek USB Network Interface; C:\Windows\system32\DRIVERS\LtkUSB.sys [2008-05-14 41907]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-12-26 131584]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-11-29 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-27 916760]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-27 308064]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 FMMService;FMMService; C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-12-06 40960]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-03-27 488960]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

-----------------EOF-----------------

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 09:50
od Caroprd111
Zdravím :)

Na logu se pracuje, prosím o strpení.

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 09:53
od Caroprd111
Obrázek Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
  • Vložte do PC všechny flash disky, které používáte.
  • Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
  • Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna :!:
  • Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
  • Během skenování může být počítač restartován.

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 12:05
od maxim-SK
log z ComboFix

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msconfig.exe
.
---- Previous Run -------
.
c:\users\Dadka\AppData\Local\Temp\E_N4
c:\users\Dadka\AppData\Local\Temp\E_N4\cnvpe.fne
c:\users\Dadka\AppData\Local\Temp\E_N4\dp1.fne
c:\users\Dadka\AppData\Local\Temp\E_N4\eAPI.fne
c:\users\Dadka\AppData\Local\Temp\E_N4\krnln.fnr
c:\users\Dadka\AppData\Local\Temp\E_N4\shell.fne
c:\users\Dadka\AppData\Local\Temp\E_N4\spec.fne

c:\windows\system32\drivers\beep.sys . . . is infected!!

c:\windows\system32\srsvc.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-27 10:57 . 2010-03-27 10:57 -------- d-----w- c:\users\Dadka\AppData\Local\temp
2010-03-27 08:05 . 2010-03-27 08:05 -------- d-----w- c:\users\Dadka\AppData\Local\Apps
2010-03-27 07:14 . 2010-03-27 07:14 -------- d-----w- C:\rsit
2010-03-27 07:14 . 2010-03-27 07:14 -------- d-----w- c:\program files\trend micro
2010-03-27 01:12 . 2010-03-27 01:12 -------- d-----w- c:\windows\system32\custom matrices
2010-03-27 01:11 . 2010-03-27 01:11 -------- d-----w- c:\windows\system32\QuickTime
2010-03-27 01:11 . 2010-03-27 01:12 -------- d-----w- c:\windows\system32\C2MP
2010-03-27 01:07 . 2010-03-27 02:07 -------- d-----w- c:\users\Dadka\AppData\Roaming\Skype
2010-03-27 01:07 . 2010-03-27 01:07 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 01:06 . 2010-03-27 01:07 -------- d-----r- c:\program files\Skype
2010-03-27 00:56 . 2010-03-27 00:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-27 00:52 . 2010-03-27 00:52 -------- d-----w- C:\$AVG
2010-03-27 00:12 . 2010-03-27 00:12 -------- d-----w- c:\program files\Crawler
2010-03-27 00:12 . 2010-03-27 00:49 -------- d-----w- c:\users\Dadka\AppData\Roaming\Spyware Terminator
2010-03-27 00:12 . 2010-03-27 00:12 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-03-27 00:12 . 2010-03-27 00:12 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-03-27 00:12 . 2010-03-27 00:12 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-27 00:12 . 2010-03-27 10:01 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-27 00:12 . 2010-03-27 00:49 -------- d-----w- c:\program files\Spyware Terminator
2010-03-27 00:01 . 2010-03-27 00:01 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-27 00:01 . 2010-03-27 00:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-27 00:00 . 2010-03-27 00:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-27 00:00 . 2010-03-27 00:00 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-27 00:00 . 2010-03-27 00:03 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-27 00:00 . 2010-03-27 00:04 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-03-26 23:59 . 2010-03-26 23:59 -------- d-----w- c:\programdata\avg9
2010-03-26 23:32 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-26 21:48 . 2010-03-26 21:48 -------- d-----w- c:\users\Dadka\AppData\Roaming\Ashampoo
2010-03-26 21:47 . 2010-03-26 21:47 -------- d-----w- c:\users\Dadka\AppData\Local\ashampoo
2010-03-26 21:47 . 2010-03-26 21:47 -------- d-----w- c:\programdata\ashampoo
2010-03-26 21:47 . 2010-03-26 21:47 -------- d-----w- c:\program files\Ashampoo
2010-03-26 21:26 . 2010-03-26 21:26 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-10 10:21 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 10:21 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 10:21 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-04 13:30 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-04 13:30 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-03 15:37 . 2010-03-03 15:37 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-03 15:25 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-03-03 15:25 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-03-03 15:25 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-03-03 15:22 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-03 15:22 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-03-03 15:22 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-03-03 15:18 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-03 15:18 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-03 15:18 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-02 21:00 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-02 21:00 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-02 21:00 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-02 15:33 . 2010-03-02 15:36 -------- d-----w- c:\windows\system32\ca-ES
2010-03-02 15:33 . 2010-03-02 15:36 -------- d-----w- c:\windows\system32\eu-ES
2010-03-02 15:32 . 2010-03-02 15:36 -------- d-----w- c:\windows\system32\vi-VN
2010-03-02 14:15 . 2010-03-02 14:15 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 10:25 . 2007-01-08 21:09 590354 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 10:25 . 2007-01-08 21:09 114922 ----a-w- c:\windows\system32\perfc005.dat
2010-03-27 10:01 . 2010-03-27 10:01 -------- d-----w- c:\users\Dadka\AppData\Roaming\DivX
2010-03-27 01:06 . 2008-06-18 10:12 -------- d-----w- c:\programdata\Skype
2010-03-26 23:59 . 2008-06-18 11:47 -------- d-----w- c:\program files\AVG
2010-03-26 23:18 . 2008-06-17 21:11 68776 ----a-w- c:\users\Dadka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 23:15 . 2010-02-13 13:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-26 23:14 . 2010-02-13 13:26 -------- d---a-w- c:\programdata\TEMP
2010-03-26 22:55 . 2009-10-02 10:46 -------- d-----w- c:\program files\PWN
2010-03-26 21:59 . 2008-10-13 18:43 -------- d-----w- c:\program files\Larousse
2010-03-26 21:59 . 2008-03-11 17:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 21:43 . 2008-08-07 13:49 -------- d-----w- c:\program files\Winamp
2010-03-26 21:41 . 2009-11-03 18:07 -------- d-----w- c:\program files\Stylish Profile
2010-03-26 21:12 . 2008-03-11 17:35 -------- d-----w- c:\program files\Google
2010-03-10 17:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-03 15:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-03 15:37 . 2006-11-02 10:25 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-03 15:37 . 2006-11-02 10:25 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-03 15:37 . 2006-11-02 10:25 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-03 15:37 . 2010-03-03 15:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-03 15:34 . 2010-03-03 15:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-02 15:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-24 09:16 . 2009-10-03 14:30 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 19:32 . 2008-06-18 10:16 -------- d-----w- c:\users\Dadka\AppData\Roaming\skypePM
2010-02-13 11:56 . 2010-02-13 11:56 0 ----a-w- c:\users\Dadka\MobilityManager.tmp
2010-01-25 12:00 . 2010-02-23 19:19 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 19:18 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 19:18 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 19:19 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 19:18 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 19:19 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 19:18 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 19:19 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 19:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-23 19:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-10 08:15 . 2010-01-10 08:15 44544 ----a-w- c:\windows\system32\agremove.exe
2010-01-06 15:38 . 2010-03-02 21:00 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-02 21:00 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-03-02 21:00 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-02 21:00 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-02-21 14:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-21 14:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-21 14:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-21 14:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

------- Sigcheck -------

[-] 2008-01-19 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys


[-] 2008-01-19 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys

[-] 2008-01-19 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll

[-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe

[-] 2008-01-19 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll

[-] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll

[-] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll

[-] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe

[-] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe

[-] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe

[-] 2008-01-19 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll

[-] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll

[-] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\System32\es.dll

[-] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\System32\imm32.dll

[-] 2009-04-11 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll

[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll

[-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\System32\lpk.dll

[-] 2010-01-02 . DF4D546A6E1C8D0F4FC10FCC9E422763 . 5942784 . . [8.00.6001.18702] . . c:\windows\System32\mshtml.dll

[-] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\System32\msvcrt.dll

[-] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll

[-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll

[-] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll

[-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll

[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll

[-] 2008-01-19 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe

[-] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6001.18000] . . c:\windows\System32\tapisrv.dll

[-] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll

[-] 2008-01-19 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe

[-] 2010-01-02 . 91B8712BDC74295DA14A08F519B70D65 . 916480 . . [8.00.6001.18702] . . c:\windows\System32\wininet.dll

[-] 2008-01-19 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll

[-] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe






[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe

[-] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll

[-] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll

[-] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll

[-] 2008-01-19 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll

[-] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll

[-] 2008-01-19 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll

[-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll

[-] 2008-01-19 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\srsvc.dll ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
c:\windows\System32\eventlog.dll ... is missing !!
c:\windows\System32\sfcfiles.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Dadka\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-26 136176]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-27 3037696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-25 716800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-27 2166784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobilityManager]
c:\program files\Mobility Manager\MobilityManager [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b9,85,53,3f,1f,ba,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
"LogFileSize"= 4096 (0x1000)
"LogFilePath"= c:\windows\system32\LogFiles\Firewall\pfirewall.log
"LogDroppedPackets"= 0 (0x0)
"LogSuccessfulConnections"= 0 (0x0)

R0 CLFS;Common Log (CLFS);c:\windows\System32\clfs.sys [17. 9. 2009 1:27 245736]
R0 Ecache;ReadyBoost Caching Driver;c:\windows\System32\drivers\ecache.sys [17. 9. 2009 1:27 141288]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [3. 10. 2008 18:33 58936]
R0 msahci;msahci;c:\windows\System32\drivers\msahci.sys [2. 11. 2006 9:51 23144]
R0 msisadrv;Ovladač třídy ISA/EISA;c:\windows\System32\drivers\msisadrv.sys [3. 10. 2008 18:33 16440]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [3. 10. 2008 18:33 21048]
R0 volmgr;Ovladač správce svazků;c:\windows\System32\drivers\volmgr.sys [3. 10. 2008 18:34 52792]
R0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [17. 9. 2009 1:27 292840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27. 3. 2010 1:00 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27. 3. 2010 1:01 242696]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [17. 9. 2009 1:26 75264]
R1 nsiproxy;NSI proxy service;c:\windows\System32\drivers\nsiproxy.sys [3. 10. 2008 18:30 16384]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [3. 10. 2008 18:30 6144]
R1 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);c:\windows\System32\drivers\smb.sys [17. 9. 2009 1:27 66560]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [27. 3. 2010 1:12 142592]
R1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;c:\windows\System32\drivers\tdx.sys [17. 9. 2009 1:27 72192]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\System32\drivers\wanarp.sys [3. 10. 2008 18:32 62464]
R2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [27. 3. 2010 0:59 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [27. 3. 2010 0:59 308064]
R2 BFE;Služba BFE;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [3. 10. 2008 18:32 21504]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25. 12. 2007 13:07 40960]
R2 DPS;Služba DPS (Diagnostic Policy Service);c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [3. 10. 2008 18:32 21504]
R2 EMDMgmt;ReadyBoost;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 FDResPub;Publikování prostředků rozpoznávání funkcí;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [26. 10. 2009 9:51 40960]
R2 gpsvc;Klient zásad skupiny;c:\windows\system32\svchost.exe -k GPSvcGroup [3. 10. 2008 18:32 21504]
R2 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
R2 iphlpsvc;Pomocník IP;c:\windows\System32\svchost.exe -k NetSvcs [3. 10. 2008 18:32 21504]
R2 KtmRm;Služba KTMRM pro koordinátor DTC;c:\windows\System32\svchost.exe -k NetworkService [3. 10. 2008 18:32 21504]
R2 lltdio;Vstupně výstupní ovladač mapovače zjišťování topologie linkové vrstvy;c:\windows\System32\drivers\lltdio.sys [3. 10. 2008 18:31 47104]
R2 luafv;UAC File Virtualization;c:\windows\System32\drivers\luafv.sys [3. 10. 2008 18:33 84480]
R2 MMCSS;Služba Plánovač multimédií;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
R2 MpsSvc;Brána firewall systému Windows;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [3. 10. 2008 18:32 21504]
R2 netprofm;Služba seznamu sítí;c:\windows\System32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
R2 NlaSvc;Sledování umístění v síti (NLA);c:\windows\System32\svchost.exe -k NetworkService [3. 10. 2008 18:32 21504]
R2 nsi;Služba rozhraní síťového úložiště;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
R2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [2. 11. 2006 10:04 878080]
R2 ProfSvc;Služba Profil uživatele;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
R2 slsvc;Licencování softwaru;c:\windows\System32\SLsvc.exe [17. 9. 2009 1:28 3408896]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 TabletInputService;Služba Vstupní panel počítače Tablet PC;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [11. 2. 2010 22:08 30720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [3. 12. 2007 16:03 126976]
R2 UxSms;Správce relací správce oken plochy;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 WerSvc;Služba Zasílání zpráv o chybách systému Windows;c:\windows\System32\svchost.exe -k WerSvcGroup [3. 10. 2008 18:32 21504]
R2 Wlansvc;Automatická konfigurace sítě WLAN;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 WPDBusEnum;Služba Výčet přenosných zařízení;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R3 Appinfo;Informace o aplikaci;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
R3 bowser;Bowser;c:\windows\System32\drivers\bowser.sys [3. 10. 2008 18:30 69632]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [3. 3. 2010 16:23 634880]
R3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [11. 3. 2008 15:33 111616]
R3 iScsiPrt;Ovladač iScsiPort;c:\windows\System32\drivers\msiscsi.sys [17. 9. 2009 1:27 180712]
R3 KeyIso;Izolace klíče CNG;c:\windows\System32\lsass.exe [15. 10. 2009 20:56 9728]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft;c:\windows\System32\drivers\monitor.sys [3. 10. 2008 18:31 41984]
R3 mpsdrv;Ovladač ověření brány firewall systému Windows;c:\windows\System32\drivers\mpsdrv.sys [3. 10. 2008 18:30 64000]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\System32\drivers\mrxsmb10.sys [11. 2. 2010 22:08 212992]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\System32\drivers\mrxsmb20.sys [17. 9. 2009 1:27 79360]
R3 NativeWifiP;Filtr NativeWiFi;c:\windows\System32\drivers\nwifi.sys [17. 9. 2009 1:26 148480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15. 1. 2008 10:34 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [9. 4. 2007 16:13 8192]
R3 srv2;srv2;c:\windows\System32\drivers\srv2.sys [15. 10. 2009 10:35 144896]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [11. 2. 2010 22:09 98816]
R3 TrustedInstaller;Instalace modulů systému Windows;c:\windows\servicing\TrustedInstaller.exe [17. 9. 2009 1:26 39424]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [3. 10. 2008 18:30 23040]
R3 umbus;Ovladač sběrnice UMBus Enumerator;c:\windows\System32\drivers\umbus.sys [3. 10. 2008 18:32 34816]
R3 WdiSystemHost;Hostitel diagnostického systému;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
S2 TBS;Služba TPM Base Services;c:\windows\System32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [3. 10. 2008 18:32 21504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [27. 3. 2010 0:59 369920]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [2. 11. 2006 10:38 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [2. 11. 2006 10:37 5248]
S3 CertPropSvc;Šíření certifikátů;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 DFSR;Replikace distribuovaného systému souborů (DFSR);c:\windows\System32\dfsr.exe [17. 9. 2009 1:28 2092544]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;c:\windows\System32\drivers\E1G60I32.sys [2. 11. 2006 11:25 117760]
S3 Filetrace;FileTrace;c:\windows\System32\drivers\filetrace.sys [3. 10. 2008 18:31 27648]
S3 FlrnUSB;Leadtek USB Network Interface;c:\windows\System32\drivers\LtkUSB.sys [26. 10. 2009 9:51 41907]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [3. 10. 2008 18:32 21504]
S3 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
S3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;c:\windows\System32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [17. 9. 2009 1:27 161752]
S3 pla;Výstrahy a protokolování výkonu;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [3. 10. 2008 18:32 21504]
S3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [3. 10. 2008 18:32 21504]
S3 SCPolicySvc;Zásady odebrání čipové karty;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 SDRSVC;Zálohování systému Windows;c:\windows\system32\svchost.exe -k SDRSVC [3. 10. 2008 18:32 21504]
S3 SessionEnv;Konfigurace Terminálové služby;c:\windows\System32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [2. 11. 2006 9:51 12800]
S3 SLUINotify;Služba SL UI Notification Service;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S3 THREADORDER;Server pro řazení podprocesů;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S3 tssecsrv;Terminal Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [3. 10. 2008 18:31 23552]
S3 UI0Detect;Zjišťování interaktivních služeb;c:\windows\System32\UI0Detect.exe [3. 10. 2008 18:31 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [2. 11. 2006 9:35 58472]
S3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;c:\windows\System32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [3. 10. 2008 18:32 21504]
S3 WdiServiceHost;Hostitel diagnostické služby;c:\windows\System32\svchost.exe -k wdisvc [3. 10. 2008 18:32 21504]
S3 Wecsvc;Sběr událostí systému Windows;c:\windows\system32\svchost.exe -k NetworkService [3. 10. 2008 18:32 21504]
S3 wercplsupport;Podpora ovládacího panelu Hlášení a řešení problémů;c:\windows\System32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [3. 10. 2008 18:32 21504]
S3 WPCSvc;Rodičovská kontrola;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [3. 10. 2008 18:32 21504]
S4 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [2. 11. 2006 8:36 420968]
S4 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [2. 11. 2006 8:36 297576]
S4 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [2. 11. 2006 8:36 67688]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [2. 11. 2006 10:22 71808]
S4 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [2. 11. 2006 10:36 62336]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [2. 11. 2006 10:37 12160]
S4 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [2. 11. 2006 9:55 35328]
S4 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\System32\drivers\crusoe.sys [2. 11. 2006 9:30 38912]
S4 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [2. 11. 2006 8:36 316520]
S4 HpCISSs;HpCISSs;c:\windows\System32\drivers\HpCISSs.sys [2. 11. 2006 8:36 37480]
S4 iaStorV;Intel RAID Controller Vista;c:\windows\System32\drivers\iaStorV.sys [2. 11. 2006 8:36 232040]
S4 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [2. 11. 2006 9:42 65536]
S4 iteraid;ITERAID_Service_Install;c:\windows\System32\drivers\iteraid.sys [2. 11. 2006 8:36 35944]
S4 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [2. 11. 2006 8:36 65640]
S4 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [2. 11. 2006 8:36 65640]
S4 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [2. 11. 2006 8:36 65640]
S4 Mcx2Svc;Služba zařízení Windows Media Center Extender;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S4 megasas;megasas;c:\windows\System32\drivers\megasas.sys [2. 11. 2006 8:36 28776]
S4 mpio;Microsoft Multi-Path Bus Driver;c:\windows\System32\drivers\mpio.sys [2. 11. 2006 9:52 78952]
S4 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\System32\drivers\msdsm.sys [2. 11. 2006 9:52 80488]
S4 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [2. 11. 2006 8:36 45160]
S4 ntrigdigi;N-trig HID Tablet Driver;c:\windows\System32\drivers\ntrigdigi.sys [2. 11. 2006 8:36 20608]
S4 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [2. 11. 2006 8:36 40040]
S4 ql2300;QLogic Fibre Channel Miniport Driver;c:\windows\System32\drivers\ql2300.sys [2. 11. 2006 8:36 900712]
S4 ql40xx;QLogic iSCSI Miniport Driver;c:\windows\System32\drivers\ql40xx.sys [2. 11. 2006 8:36 106088]
S4 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [2. 11. 2006 8:36 71784]
S4 uliahci;uliahci;c:\windows\System32\drivers\uliahci.sys [2. 11. 2006 8:36 235112]
S4 ulsata2;ulsata2;c:\windows\System32\drivers\ulsata2.sys [2. 11. 2006 8:36 115816]
S4 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [2. 11. 2006 9:55 68608]
S4 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [2. 11. 2006 9:30 39424]
S4 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [2. 11. 2006 8:36 112232]
S4 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [2. 11. 2006 9:52 20608]
S4 Wd;Microsoft Watchdog Timer Driver;c:\windows\System32\drivers\wd.sys [2. 11. 2006 9:54 19560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend
GPSvcGroup REG_MULTI_SZ GPSvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-09-10 14:58 310784 ----a-w- c:\windows\System32\unregmp2.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146985736-834458136-1158310727-1000Core.job
- c:\users\Dadka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 23:43]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146985736-834458136-1158310727-1000UA.job
- c:\users\Dadka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 23:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/intl/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
TCP: {9C9848EF-F447-4899-B6DF-BF35A8774F0C} = 192.168.249.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-sacsvr
MSConfigStartUp-01610653708314819892202084932331 - c:\program files\Antivirus 2009\av2009.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Desktop SMS - c:\program files\IDM\Desktop SMS\DesktopSMS.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HyperappelPL2003 - c:\program files\Larousse\Petit Larousse 2004\bin\HiPL2002popup.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
MSConfigStartUp-ieupdate - c:\windows\system32\ieexplorer32.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 11:57
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-27 12:00:03
ComboFix-quarantined-files.txt 2010-03-27 11:00

Pre-Run: Volných bajtů: 82 064 113 664
Post-Run: Volných bajtů: 82 014 515 200

- - End Of File - - 1013D67017EC8F36F73D77FB0A4F8CA6

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 12:19
od Caroprd111
Chybí hlavička logu. Zkopíroval jste sem log celý :???:

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 12:41
od maxim-SK
ospravedlňujem sa moja chyba, tu je komplet:


ComboFix 10-03-26.02 - Dadka . 03. 2010 11:50:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2038.991 [GMT 1:00]
Running from: c:\users\Dadka\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msconfig.exe
.
---- Previous Run -------
.
c:\users\Dadka\AppData\Local\Temp\E_N4
c:\users\Dadka\AppData\Local\Temp\E_N4\cnvpe.fne
c:\users\Dadka\AppData\Local\Temp\E_N4\dp1.fne
c:\users\Dadka\AppData\Local\Temp\E_N4\eAPI.fne
c:\users\Dadka\AppData\Local\Temp\E_N4\krnln.fnr
c:\users\Dadka\AppData\Local\Temp\E_N4\shell.fne
c:\users\Dadka\AppData\Local\Temp\E_N4\spec.fne

c:\windows\system32\drivers\beep.sys . . . is infected!!

c:\windows\system32\srsvc.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-27 10:57 . 2010-03-27 10:57 -------- d-----w- c:\users\Dadka\AppData\Local\temp
2010-03-27 08:05 . 2010-03-27 08:05 -------- d-----w- c:\users\Dadka\AppData\Local\Apps
2010-03-27 07:14 . 2010-03-27 07:14 -------- d-----w- C:\rsit
2010-03-27 07:14 . 2010-03-27 07:14 -------- d-----w- c:\program files\trend micro
2010-03-27 01:12 . 2010-03-27 01:12 -------- d-----w- c:\windows\system32\custom matrices
2010-03-27 01:11 . 2010-03-27 01:11 -------- d-----w- c:\windows\system32\QuickTime
2010-03-27 01:11 . 2010-03-27 01:12 -------- d-----w- c:\windows\system32\C2MP
2010-03-27 01:07 . 2010-03-27 02:07 -------- d-----w- c:\users\Dadka\AppData\Roaming\Skype
2010-03-27 01:07 . 2010-03-27 01:07 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 01:06 . 2010-03-27 01:07 -------- d-----r- c:\program files\Skype
2010-03-27 00:56 . 2010-03-27 00:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-27 00:52 . 2010-03-27 00:52 -------- d-----w- C:\$AVG
2010-03-27 00:12 . 2010-03-27 00:12 -------- d-----w- c:\program files\Crawler
2010-03-27 00:12 . 2010-03-27 00:49 -------- d-----w- c:\users\Dadka\AppData\Roaming\Spyware Terminator
2010-03-27 00:12 . 2010-03-27 00:12 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-03-27 00:12 . 2010-03-27 00:12 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-03-27 00:12 . 2010-03-27 00:12 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-27 00:12 . 2010-03-27 10:01 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-27 00:12 . 2010-03-27 00:49 -------- d-----w- c:\program files\Spyware Terminator
2010-03-27 00:01 . 2010-03-27 00:01 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-27 00:01 . 2010-03-27 00:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-27 00:00 . 2010-03-27 00:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-27 00:00 . 2010-03-27 00:00 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-27 00:00 . 2010-03-27 00:03 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-27 00:00 . 2010-03-27 00:04 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-03-26 23:59 . 2010-03-26 23:59 -------- d-----w- c:\programdata\avg9
2010-03-26 23:32 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-26 21:48 . 2010-03-26 21:48 -------- d-----w- c:\users\Dadka\AppData\Roaming\Ashampoo
2010-03-26 21:47 . 2010-03-26 21:47 -------- d-----w- c:\users\Dadka\AppData\Local\ashampoo
2010-03-26 21:47 . 2010-03-26 21:47 -------- d-----w- c:\programdata\ashampoo
2010-03-26 21:47 . 2010-03-26 21:47 -------- d-----w- c:\program files\Ashampoo
2010-03-26 21:26 . 2010-03-26 21:26 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-10 10:21 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 10:21 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 10:21 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-04 13:30 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-04 13:30 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-03 15:37 . 2010-03-03 15:37 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-03 15:25 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-03-03 15:25 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-03-03 15:25 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-03-03 15:22 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-03 15:22 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-03-03 15:22 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-03-03 15:18 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-03 15:18 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-03 15:18 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-02 21:00 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-02 21:00 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-02 21:00 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-02 15:33 . 2010-03-02 15:36 -------- d-----w- c:\windows\system32\ca-ES
2010-03-02 15:33 . 2010-03-02 15:36 -------- d-----w- c:\windows\system32\eu-ES
2010-03-02 15:32 . 2010-03-02 15:36 -------- d-----w- c:\windows\system32\vi-VN
2010-03-02 14:15 . 2010-03-02 14:15 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 10:25 . 2007-01-08 21:09 590354 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 10:25 . 2007-01-08 21:09 114922 ----a-w- c:\windows\system32\perfc005.dat
2010-03-27 10:01 . 2010-03-27 10:01 -------- d-----w- c:\users\Dadka\AppData\Roaming\DivX
2010-03-27 01:06 . 2008-06-18 10:12 -------- d-----w- c:\programdata\Skype
2010-03-26 23:59 . 2008-06-18 11:47 -------- d-----w- c:\program files\AVG
2010-03-26 23:18 . 2008-06-17 21:11 68776 ----a-w- c:\users\Dadka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 23:15 . 2010-02-13 13:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-26 23:14 . 2010-02-13 13:26 -------- d---a-w- c:\programdata\TEMP
2010-03-26 22:55 . 2009-10-02 10:46 -------- d-----w- c:\program files\PWN
2010-03-26 21:59 . 2008-10-13 18:43 -------- d-----w- c:\program files\Larousse
2010-03-26 21:59 . 2008-03-11 17:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 21:43 . 2008-08-07 13:49 -------- d-----w- c:\program files\Winamp
2010-03-26 21:41 . 2009-11-03 18:07 -------- d-----w- c:\program files\Stylish Profile
2010-03-26 21:12 . 2008-03-11 17:35 -------- d-----w- c:\program files\Google
2010-03-10 17:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-03 15:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-03 15:37 . 2006-11-02 10:25 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-03 15:37 . 2006-11-02 10:25 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-03 15:37 . 2006-11-02 10:25 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-03 15:37 . 2010-03-03 15:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-03 15:34 . 2010-03-03 15:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-02 15:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-02 15:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-24 09:16 . 2009-10-03 14:30 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 19:32 . 2008-06-18 10:16 -------- d-----w- c:\users\Dadka\AppData\Roaming\skypePM
2010-02-13 11:56 . 2010-02-13 11:56 0 ----a-w- c:\users\Dadka\MobilityManager.tmp
2010-01-25 12:00 . 2010-02-23 19:19 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 19:18 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 19:18 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 19:19 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 19:18 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 19:19 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 19:18 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 19:19 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 19:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-23 19:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-10 08:15 . 2010-01-10 08:15 44544 ----a-w- c:\windows\system32\agremove.exe
2010-01-06 15:38 . 2010-03-02 21:00 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-02 21:00 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-03-02 21:00 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-02 21:00 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-02-21 14:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-21 14:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-21 14:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-21 14:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

------- Sigcheck -------

[-] 2008-01-19 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys


[-] 2008-01-19 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys

[-] 2008-01-19 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll

[-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe

[-] 2008-01-19 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll

[-] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll

[-] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll

[-] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe

[-] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe

[-] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe

[-] 2008-01-19 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll

[-] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll

[-] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\System32\es.dll

[-] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\System32\imm32.dll

[-] 2009-04-11 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll

[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll

[-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\System32\lpk.dll

[-] 2010-01-02 . DF4D546A6E1C8D0F4FC10FCC9E422763 . 5942784 . . [8.00.6001.18702] . . c:\windows\System32\mshtml.dll

[-] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\System32\msvcrt.dll

[-] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll

[-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll

[-] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll

[-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll

[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll

[-] 2008-01-19 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe

[-] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6001.18000] . . c:\windows\System32\tapisrv.dll

[-] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll

[-] 2008-01-19 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe

[-] 2010-01-02 . 91B8712BDC74295DA14A08F519B70D65 . 916480 . . [8.00.6001.18702] . . c:\windows\System32\wininet.dll

[-] 2008-01-19 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll

[-] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe






[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe

[-] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll

[-] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll

[-] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll

[-] 2008-01-19 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll

[-] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll

[-] 2008-01-19 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll

[-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll

[-] 2008-01-19 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\srsvc.dll ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
c:\windows\System32\eventlog.dll ... is missing !!
c:\windows\System32\sfcfiles.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Dadka\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-26 136176]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-27 3037696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-25 716800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-27 2166784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobilityManager]
c:\program files\Mobility Manager\MobilityManager [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b9,85,53,3f,1f,ba,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
"LogFileSize"= 4096 (0x1000)
"LogFilePath"= c:\windows\system32\LogFiles\Firewall\pfirewall.log
"LogDroppedPackets"= 0 (0x0)
"LogSuccessfulConnections"= 0 (0x0)

R0 CLFS;Common Log (CLFS);c:\windows\System32\clfs.sys [17. 9. 2009 1:27 245736]
R0 Ecache;ReadyBoost Caching Driver;c:\windows\System32\drivers\ecache.sys [17. 9. 2009 1:27 141288]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [3. 10. 2008 18:33 58936]
R0 msahci;msahci;c:\windows\System32\drivers\msahci.sys [2. 11. 2006 9:51 23144]
R0 msisadrv;Ovladač třídy ISA/EISA;c:\windows\System32\drivers\msisadrv.sys [3. 10. 2008 18:33 16440]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [3. 10. 2008 18:33 21048]
R0 volmgr;Ovladač správce svazků;c:\windows\System32\drivers\volmgr.sys [3. 10. 2008 18:34 52792]
R0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [17. 9. 2009 1:27 292840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27. 3. 2010 1:00 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27. 3. 2010 1:01 242696]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [17. 9. 2009 1:26 75264]
R1 nsiproxy;NSI proxy service;c:\windows\System32\drivers\nsiproxy.sys [3. 10. 2008 18:30 16384]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [3. 10. 2008 18:30 6144]
R1 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);c:\windows\System32\drivers\smb.sys [17. 9. 2009 1:27 66560]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [27. 3. 2010 1:12 142592]
R1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;c:\windows\System32\drivers\tdx.sys [17. 9. 2009 1:27 72192]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\System32\drivers\wanarp.sys [3. 10. 2008 18:32 62464]
R2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [27. 3. 2010 0:59 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [27. 3. 2010 0:59 308064]
R2 BFE;Služba BFE;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [3. 10. 2008 18:32 21504]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25. 12. 2007 13:07 40960]
R2 DPS;Služba DPS (Diagnostic Policy Service);c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [3. 10. 2008 18:32 21504]
R2 EMDMgmt;ReadyBoost;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 FDResPub;Publikování prostředků rozpoznávání funkcí;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [26. 10. 2009 9:51 40960]
R2 gpsvc;Klient zásad skupiny;c:\windows\system32\svchost.exe -k GPSvcGroup [3. 10. 2008 18:32 21504]
R2 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
R2 iphlpsvc;Pomocník IP;c:\windows\System32\svchost.exe -k NetSvcs [3. 10. 2008 18:32 21504]
R2 KtmRm;Služba KTMRM pro koordinátor DTC;c:\windows\System32\svchost.exe -k NetworkService [3. 10. 2008 18:32 21504]
R2 lltdio;Vstupně výstupní ovladač mapovače zjišťování topologie linkové vrstvy;c:\windows\System32\drivers\lltdio.sys [3. 10. 2008 18:31 47104]
R2 luafv;UAC File Virtualization;c:\windows\System32\drivers\luafv.sys [3. 10. 2008 18:33 84480]
R2 MMCSS;Služba Plánovač multimédií;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
R2 MpsSvc;Brána firewall systému Windows;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [3. 10. 2008 18:32 21504]
R2 netprofm;Služba seznamu sítí;c:\windows\System32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
R2 NlaSvc;Sledování umístění v síti (NLA);c:\windows\System32\svchost.exe -k NetworkService [3. 10. 2008 18:32 21504]
R2 nsi;Služba rozhraní síťového úložiště;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
R2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [2. 11. 2006 10:04 878080]
R2 ProfSvc;Služba Profil uživatele;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
R2 slsvc;Licencování softwaru;c:\windows\System32\SLsvc.exe [17. 9. 2009 1:28 3408896]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 TabletInputService;Služba Vstupní panel počítače Tablet PC;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [11. 2. 2010 22:08 30720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [3. 12. 2007 16:03 126976]
R2 UxSms;Správce relací správce oken plochy;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 WerSvc;Služba Zasílání zpráv o chybách systému Windows;c:\windows\System32\svchost.exe -k WerSvcGroup [3. 10. 2008 18:32 21504]
R2 Wlansvc;Automatická konfigurace sítě WLAN;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R2 WPDBusEnum;Služba Výčet přenosných zařízení;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
R3 Appinfo;Informace o aplikaci;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
R3 bowser;Bowser;c:\windows\System32\drivers\bowser.sys [3. 10. 2008 18:30 69632]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [3. 3. 2010 16:23 634880]
R3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [11. 3. 2008 15:33 111616]
R3 iScsiPrt;Ovladač iScsiPort;c:\windows\System32\drivers\msiscsi.sys [17. 9. 2009 1:27 180712]
R3 KeyIso;Izolace klíče CNG;c:\windows\System32\lsass.exe [15. 10. 2009 20:56 9728]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft;c:\windows\System32\drivers\monitor.sys [3. 10. 2008 18:31 41984]
R3 mpsdrv;Ovladač ověření brány firewall systému Windows;c:\windows\System32\drivers\mpsdrv.sys [3. 10. 2008 18:30 64000]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\System32\drivers\mrxsmb10.sys [11. 2. 2010 22:08 212992]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\System32\drivers\mrxsmb20.sys [17. 9. 2009 1:27 79360]
R3 NativeWifiP;Filtr NativeWiFi;c:\windows\System32\drivers\nwifi.sys [17. 9. 2009 1:26 148480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15. 1. 2008 10:34 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [9. 4. 2007 16:13 8192]
R3 srv2;srv2;c:\windows\System32\drivers\srv2.sys [15. 10. 2009 10:35 144896]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [11. 2. 2010 22:09 98816]
R3 TrustedInstaller;Instalace modulů systému Windows;c:\windows\servicing\TrustedInstaller.exe [17. 9. 2009 1:26 39424]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [3. 10. 2008 18:30 23040]
R3 umbus;Ovladač sběrnice UMBus Enumerator;c:\windows\System32\drivers\umbus.sys [3. 10. 2008 18:32 34816]
R3 WdiSystemHost;Hostitel diagnostického systému;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
S2 TBS;Služba TPM Base Services;c:\windows\System32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [3. 10. 2008 18:32 21504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [27. 3. 2010 0:59 369920]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [2. 11. 2006 10:38 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [2. 11. 2006 10:37 5248]
S3 CertPropSvc;Šíření certifikátů;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 DFSR;Replikace distribuovaného systému souborů (DFSR);c:\windows\System32\dfsr.exe [17. 9. 2009 1:28 2092544]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;c:\windows\System32\drivers\E1G60I32.sys [2. 11. 2006 11:25 117760]
S3 Filetrace;FileTrace;c:\windows\System32\drivers\filetrace.sys [3. 10. 2008 18:31 27648]
S3 FlrnUSB;Leadtek USB Network Interface;c:\windows\System32\drivers\LtkUSB.sys [26. 10. 2009 9:51 41907]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [3. 10. 2008 18:32 21504]
S3 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [3. 10. 2008 18:32 21504]
S3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;c:\windows\System32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [17. 9. 2009 1:27 161752]
S3 pla;Výstrahy a protokolování výkonu;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [3. 10. 2008 18:32 21504]
S3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [3. 10. 2008 18:32 21504]
S3 SCPolicySvc;Zásady odebrání čipové karty;c:\windows\system32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 SDRSVC;Zálohování systému Windows;c:\windows\system32\svchost.exe -k SDRSVC [3. 10. 2008 18:32 21504]
S3 SessionEnv;Konfigurace Terminálové služby;c:\windows\System32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [2. 11. 2006 9:51 12800]
S3 SLUINotify;Služba SL UI Notification Service;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S3 THREADORDER;Server pro řazení podprocesů;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S3 tssecsrv;Terminal Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [3. 10. 2008 18:31 23552]
S3 UI0Detect;Zjišťování interaktivních služeb;c:\windows\System32\UI0Detect.exe [3. 10. 2008 18:31 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [2. 11. 2006 9:35 58472]
S3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;c:\windows\System32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [3. 10. 2008 18:32 21504]
S3 WdiServiceHost;Hostitel diagnostické služby;c:\windows\System32\svchost.exe -k wdisvc [3. 10. 2008 18:32 21504]
S3 Wecsvc;Sběr událostí systému Windows;c:\windows\system32\svchost.exe -k NetworkService [3. 10. 2008 18:32 21504]
S3 wercplsupport;Podpora ovládacího panelu Hlášení a řešení problémů;c:\windows\System32\svchost.exe -k netsvcs [3. 10. 2008 18:32 21504]
S3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [3. 10. 2008 18:32 21504]
S3 WPCSvc;Rodičovská kontrola;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [3. 10. 2008 18:32 21504]
S4 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [2. 11. 2006 8:36 420968]
S4 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [2. 11. 2006 8:36 297576]
S4 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [2. 11. 2006 8:36 67688]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [2. 11. 2006 10:22 71808]
S4 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [2. 11. 2006 10:36 62336]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [2. 11. 2006 10:37 12160]
S4 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [2. 11. 2006 9:55 35328]
S4 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\System32\drivers\crusoe.sys [2. 11. 2006 9:30 38912]
S4 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [2. 11. 2006 8:36 316520]
S4 HpCISSs;HpCISSs;c:\windows\System32\drivers\HpCISSs.sys [2. 11. 2006 8:36 37480]
S4 iaStorV;Intel RAID Controller Vista;c:\windows\System32\drivers\iaStorV.sys [2. 11. 2006 8:36 232040]
S4 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [2. 11. 2006 9:42 65536]
S4 iteraid;ITERAID_Service_Install;c:\windows\System32\drivers\iteraid.sys [2. 11. 2006 8:36 35944]
S4 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [2. 11. 2006 8:36 65640]
S4 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [2. 11. 2006 8:36 65640]
S4 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [2. 11. 2006 8:36 65640]
S4 Mcx2Svc;Služba zařízení Windows Media Center Extender;c:\windows\system32\svchost.exe -k LocalService [3. 10. 2008 18:32 21504]
S4 megasas;megasas;c:\windows\System32\drivers\megasas.sys [2. 11. 2006 8:36 28776]
S4 mpio;Microsoft Multi-Path Bus Driver;c:\windows\System32\drivers\mpio.sys [2. 11. 2006 9:52 78952]
S4 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\System32\drivers\msdsm.sys [2. 11. 2006 9:52 80488]
S4 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [2. 11. 2006 8:36 45160]
S4 ntrigdigi;N-trig HID Tablet Driver;c:\windows\System32\drivers\ntrigdigi.sys [2. 11. 2006 8:36 20608]
S4 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [2. 11. 2006 8:36 40040]
S4 ql2300;QLogic Fibre Channel Miniport Driver;c:\windows\System32\drivers\ql2300.sys [2. 11. 2006 8:36 900712]
S4 ql40xx;QLogic iSCSI Miniport Driver;c:\windows\System32\drivers\ql40xx.sys [2. 11. 2006 8:36 106088]
S4 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [2. 11. 2006 8:36 71784]
S4 uliahci;uliahci;c:\windows\System32\drivers\uliahci.sys [2. 11. 2006 8:36 235112]
S4 ulsata2;ulsata2;c:\windows\System32\drivers\ulsata2.sys [2. 11. 2006 8:36 115816]
S4 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [2. 11. 2006 9:55 68608]
S4 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [2. 11. 2006 9:30 39424]
S4 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [2. 11. 2006 8:36 112232]
S4 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [2. 11. 2006 9:52 20608]
S4 Wd;Microsoft Watchdog Timer Driver;c:\windows\System32\drivers\wd.sys [2. 11. 2006 9:54 19560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend
GPSvcGroup REG_MULTI_SZ GPSvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-09-10 14:58 310784 ----a-w- c:\windows\System32\unregmp2.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146985736-834458136-1158310727-1000Core.job
- c:\users\Dadka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 23:43]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146985736-834458136-1158310727-1000UA.job
- c:\users\Dadka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 23:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/intl/
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
TCP: {9C9848EF-F447-4899-B6DF-BF35A8774F0C} = 192.168.249.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-sacsvr
MSConfigStartUp-01610653708314819892202084932331 - c:\program files\Antivirus 2009\av2009.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Desktop SMS - c:\program files\IDM\Desktop SMS\DesktopSMS.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HyperappelPL2003 - c:\program files\Larousse\Petit Larousse 2004\bin\HiPL2002popup.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
MSConfigStartUp-ieupdate - c:\windows\system32\ieexplorer32.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 11:57
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-27 12:00:03
ComboFix-quarantined-files.txt 2010-03-27 11:00

Pre-Run: Volných bajtů: 82 064 113 664
Post-Run: Volných bajtů: 82 014 515 200

- - End Of File - - 1013D67017EC8F36F73D77FB0A4F8CA6

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 13:05
od Caroprd111
Obrázek Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229
  • Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
  • Nic nemažte :!: MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
  • Log vložte sem.

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 14:10
od maxim-SK
log z MBAM

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3920
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

27. 3. 2010 14:08:21
mbam-log-2010-03-27 (14-08-07).txt

Typ kontroly: Kompletní kontrola (C:\|E:\|)
Zkontrolované objekty: 248572
Uplynulý čas: 49 minute(s), 49 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 1
Infikované datové položky registru: 3
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\ICQToolbar\1647\toolbaru.dll (Trojan.BHO) -> No action taken.

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 14:11
od Caroprd111
Obrázek Vše, co našel MBAM smažte a restartujte PC.


Obrázek Pokračujte podle návodu AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 16:30
od maxim-SK
AVPTool nenašiel nič, takže som zrejme už čistý, ďakujem za pomoc

Re: Poprosil by som o kontrou logu.

Napsal: 27 bře 2010 17:31
od Caroprd111
Poprosím o nový log z RSIT.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz