PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

prosim o kontrolu

https://pc-help.cnews.cz/viewtopic.php?f=70&t=47297

Stránka 1 z 1

prosim o kontrolu

Napsal: 28 lis 2009 13:24
od jojkos
nejde me pripojit se na qip a zobrazujou se me divny veci misto potvrzovaciho kodu kdyz chci odeslat sms pres 1188 a dalsi divny veci.. tak kdyby ste se na to nekdo mohl kouknout dik ..

Logfile of HijackThis v1.99.1
Scan saved at 13:24:00, on 28.11.2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)

Running processes:
G:\Windows\system32\taskhost.exe
G:\Windows\system32\Dwm.exe
G:\Windows\Explorer.EXE
G:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
G:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\Windows\System32\rundll32.exe
G:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\DAEMON Tools Lite\DTLite.exe
G:\Program Files\Steam\Steam.exe
G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
G:\Program Files\OpenOffice.org 3\program\soffice.exe
G:\Program Files\OpenOffice.org 3\program\soffice.bin
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
G:\Program Files\Internet Explorer\iexplore.exe
G:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Microsoft Office\Office12\WINWORD.EXE
G:\Program Files\QIP\QIP Infium RetroPack\inf.exe
G:\Program Files\Windows Media Player\wmplayer.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Windows\system32\SearchFilterHost.exe
G:\Windows\system32\taskhost.exe
G:\Windows\system32\taskeng.exe
G:\Users\Jonas\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - G:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - G:\Program Files\FlashCatch\flashcatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - G:\Program Files\Google\Chrome Frame\Application\4.0.255.0\npchrome_tab.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - G:\Program Files\FlashCatch\flashcatch.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] G:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "G:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] "G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "G:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Infium] "G:\Program Files\QIP\QIP Infium RetroPack\inf.exe" /isolated /autorun
O4 - Startup: OpenOffice.org 3.1.lnk = G:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://G" onclick="window.open(this.href);return false;:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://G" onclick="window.open(this.href);return false;:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://G" onclick="window.open(this.href);return false;:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G" onclick="window.open(this.href);return false;:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://G" onclick="window.open(this.href);return false;:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - G:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - G:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - G:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: g:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: g:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
O17 - HKLM\System\CCS\Services\Tcpip\..\{6626A7B9-C86C-4320-A8DC-E8233A1385C8}: NameServer = 192.168.5.1
O18 - Protocol hijack: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E}
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - G:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: AMD External Events Utility - AMD - G:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - G:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - G:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - G:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - G:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - G:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - G:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - G:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - G:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Re: prosim o kontrolu

Napsal: 28 lis 2009 19:48
od jaro3
novější verzi HJT (2.02.):
http://www.trendsecure.com/portal/en-US ... s/download" onclick="window.open(this.href);return false;

Re: prosim o kontrolu

Napsal: 29 lis 2009 18:28
od jojkos
oh
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:28, on 29.11.2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
G:\Windows\system32\taskhost.exe
G:\Windows\system32\Dwm.exe
G:\Windows\Explorer.EXE
G:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
G:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\Windows\System32\rundll32.exe
G:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\DAEMON Tools Lite\DTLite.exe
G:\Program Files\Steam\Steam.exe
G:\Program Files\QIP\QIP Infium RetroPack\inf.exe
G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
G:\Program Files\OpenOffice.org 3\program\soffice.exe
G:\Program Files\OpenOffice.org 3\program\soffice.bin
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
G:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
G:\Program Files\Internet Explorer\IELowutil.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Windows\system32\SearchProtocolHost.exe
G:\Windows\system32\SearchFilterHost.exe
G:\Program Files\Google\Chrome Frame\Application\chrome.exe
G:\Program Files\Google\Chrome Frame\Application\chrome.exe
G:\Program Files\Google\Chrome Frame\Application\chrome.exe
G:\Users\Jonas\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - G:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - G:\Program Files\FlashCatch\flashcatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - G:\Program Files\Google\Chrome Frame\Application\4.0.255.0\npchrome_tab.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - G:\Program Files\FlashCatch\flashcatch.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] G:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "G:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] "G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "G:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Infium] "G:\Program Files\QIP\QIP Infium RetroPack\inf.exe" /isolated /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = G:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = G:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://G" onclick="window.open(this.href);return false;:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://G" onclick="window.open(this.href);return false;:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://G" onclick="window.open(this.href);return false;:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G" onclick="window.open(this.href);return false;:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://G" onclick="window.open(this.href);return false;:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - G:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - G:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - G:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
O17 - HKLM\System\CCS\Services\Tcpip\..\{6626A7B9-C86C-4320-A8DC-E8233A1385C8}: NameServer = 192.168.5.1
O18 - Protocol hijack: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E}
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: AMD External Events Utility - AMD - G:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - G:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - G:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - G:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - G:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - G:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - G:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - G:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10608 bytes

Re: prosim o kontrolu

Napsal: 29 lis 2009 18:34
od jaro3
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol hijack: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E}
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Re: prosim o kontrolu

Napsal: 29 lis 2009 20:28
od jojkos
Malwarebytes' Anti-Malware 1.41
Verze databáze: 3258
Windows 6.1.7100

29.11.2009 20:27:02
mbam-log-2009-11-29 (20-27-02).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 107802
Uplynulý čas: 4 minute(s), 30 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Re: prosim o kontrolu

Napsal: 29 lis 2009 20:45
od jaro3
Vypni rez. ochranu u NOD32
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zítra..

Re: prosim o kontrolu

Napsal: 29 lis 2009 21:11
od jojkos
hm sem ten štít vypl ale pak si to ten combofix restartoval tak nevím...
ComboFix 09-11-29.02 - Jonas 29.11.2009 20:58.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1250.420.1033.18.3582.2707 [GMT 1:00]
Spuštěný z: g:\users\Jonas\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\recycler\S-1-5-21-1960408961-1965331169-839522115-1003
g:\windows\system32\4D01C192AA.dll
g:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-28 do 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-29 19:32 . 2009-11-29 19:36 -------- d-----w- g:\users\Jonas\AppData\Local\Adobe
2009-11-29 18:34 . 2009-11-29 18:34 -------- d-----w- g:\users\Jonas\AppData\Roaming\Malwarebytes
2009-11-29 18:34 . 2009-09-10 13:54 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 18:34 . 2009-11-29 18:34 4096 d-----w- g:\program files\Malwarebytes' Anti-Malware
2009-11-29 18:34 . 2009-11-29 18:34 -------- d-----w- g:\programdata\Malwarebytes
2009-11-29 18:34 . 2009-09-10 13:53 19160 ----a-w- g:\windows\system32\drivers\mbam.sys
2009-11-29 17:23 . 2009-11-29 19:04 65536 d-----w- G:\Prodlouzena
2009-11-28 11:12 . 2009-11-28 11:12 -------- d-----w- g:\program files\QIP
2009-11-25 20:06 . 2009-11-25 20:06 -------- d-----w- g:\programdata\ATI
2009-11-25 20:03 . 2009-11-25 20:03 10134 ----a-r- g:\users\Jonas\AppData\Roaming\Microsoft\Installer\{A548C254-03BB-22F8-1064-899487B3CF85}\ARPPRODUCTICON.exe
2009-11-25 20:03 . 2009-11-25 20:04 -------- d-----w- g:\program files\ATI
2009-11-25 20:02 . 2009-11-25 20:04 -------- d-----w- g:\program files\ATI Technologies
2009-11-24 14:06 . 2009-11-24 14:06 4096 d-----w- g:\program files\Ventrilo
2009-11-22 07:23 . 2008-04-07 04:38 22872 ----a-r- g:\windows\system32\AdobePDFUI.dll
2009-11-22 07:17 . 2008-04-07 04:38 45392 ----a-r- g:\windows\system32\AdobePDF.dll
2009-11-21 12:57 . 2009-11-21 13:01 4096 d-----w- G:\_AcroTemp
2009-11-16 13:09 . 2009-11-16 13:09 -------- d-----w- g:\programdata\Futuremark
2009-11-16 12:30 . 2009-11-16 12:30 -------- d-----w- g:\windows\system32\Futuremark
2009-11-16 12:30 . 2009-11-16 12:30 -------- d-----w- g:\program files\Common Files\Futuremark Shared
2009-11-16 12:30 . 2008-09-17 13:14 27672 ----a-r- g:\windows\system32\drivers\Entech.sys
2009-11-16 12:28 . 2009-11-16 12:28 -------- d-----w- g:\program files\Futuremark
2009-11-16 12:28 . 2009-11-16 12:28 -------- d-----w- g:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2009-11-15 08:43 . 2009-11-15 08:43 -------- d-----w- g:\programdata\BioWare
2009-11-15 08:40 . 2009-11-15 08:40 -------- d-----w- g:\windows\system32\AGEIA
2009-11-15 08:40 . 2009-11-15 08:40 8192 d-----w- g:\program files\AGEIA Technologies
2009-11-15 08:39 . 2009-11-24 14:06 4096 d-----w- g:\program files\Common Files\Wise Installation Wizard
2009-11-15 08:39 . 2009-11-15 08:39 -------- d-----w- g:\programdata\Media Center Programs
2009-11-15 08:27 . 2009-11-15 08:39 -------- d-----w- g:\program files\Common Files\BioWare
2009-11-15 08:27 . 2009-11-15 08:35 4096 d-----w- g:\program files\Dragon Age
2009-11-13 14:17 . 2009-11-28 07:14 -------- d-----w- g:\program files\Common Files\Steam
2009-11-13 14:17 . 2009-11-29 19:54 8192 d-----w- g:\program files\Steam
2009-11-11 05:57 . 2009-11-11 05:57 -------- d-----w- g:\program files\Activision
2009-11-09 20:27 . 2009-11-09 20:27 4096 d-----w- g:\program files\Jesusonic
2009-11-09 20:07 . 2009-11-09 20:22 4096 d-----w- g:\program files\Distortion
2009-11-09 20:04 . 2009-11-09 20:07 4096 d-----w- g:\programdata\Protexis
2009-11-09 20:04 . 2000-10-01 23:00 125712 ----a-w- g:\windows\system32\VB6DE.DLL
2009-11-08 16:58 . 2009-11-08 16:58 -------- d-----w- g:\program files\Codemasters
2009-11-08 16:24 . 2009-11-08 16:25 4096 d-----w- g:\program files\DAEMON Tools Lite
2009-11-07 22:42 . 2009-11-07 22:42 -------- d-----w- G:\Boot
2009-11-07 13:13 . 2009-11-07 13:13 413696 ----a-w- g:\windows\system32\wrap_oal.dll
2009-11-07 13:13 . 2009-11-07 13:13 110592 ----a-w- g:\windows\system32\OpenAL32.dll
2009-11-07 13:13 . 2009-04-02 10:33 2873820 ------w- g:\windows\system32\Sens_oal.dll
2009-11-07 13:13 . 2009-11-07 13:13 -------- d-----w- g:\program files\Common Files\Creative Labs Shared
2009-11-07 13:12 . 2009-11-07 13:14 4096 d-----w- g:\program files\Creative
2009-11-07 13:00 . 2009-11-07 21:44 -------- d-----w- g:\programdata\Creative
2009-11-07 13:00 . 2009-07-10 08:07 166912 ----a-w- g:\windows\system32\APOMngr.DLL
2009-11-07 13:00 . 2009-02-06 17:52 73728 ----a-w- g:\windows\system32\CmdRtr.DLL
2009-11-07 12:59 . 2009-09-10 03:10 306688 ----a-w- g:\windows\system32\drivers\srv2.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- g:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- g:\windows\system32\xlivefnt.dll
2009-11-04 16:16 . 2009-11-04 16:16 5079040 ----a-w- g:\windows\system32\drivers\atikmdag.sys
2009-11-04 15:46 . 2009-11-04 15:46 479232 ----a-w- g:\windows\system32\ATIDEMGX.dll
2009-11-04 15:45 . 2009-11-04 15:45 360448 ----a-w- g:\windows\system32\atieclxx.exe
2009-11-04 15:45 . 2009-11-04 15:45 172032 ----a-w- g:\windows\system32\atiesrxx.exe
2009-11-04 15:43 . 2009-11-04 15:43 159744 ----a-w- g:\windows\system32\atitmmxx.dll
2009-11-04 15:43 . 2009-11-04 15:43 356352 ----a-w- g:\windows\system32\atipdlxx.dll
2009-11-04 15:43 . 2009-11-04 15:43 274432 ----a-w- g:\windows\system32\Oemdspif.dll
2009-11-04 15:43 . 2009-11-04 15:43 11776 ----a-w- g:\windows\system32\atimuixx.dll
2009-11-04 15:42 . 2009-11-04 15:42 43520 ----a-w- g:\windows\system32\ati2edxx.dll
2009-11-04 15:23 . 2009-11-04 15:23 3602432 ----a-w- g:\windows\system32\atiumdag.dll
2009-11-04 15:11 . 2009-11-04 15:11 12964352 ----a-w- g:\windows\system32\atioglxx.dll
2009-11-04 15:05 . 2009-11-04 15:05 2899456 ----a-w- g:\windows\system32\atiumdva.dll
2009-11-04 14:52 . 2009-11-04 14:52 52224 ----a-w- g:\windows\system32\atimpc32.dll
2009-11-04 14:52 . 2009-11-04 14:52 52224 ----a-w- g:\windows\system32\amdpcom32.dll
2009-11-04 14:52 . 2009-11-04 14:52 208896 ----a-w- g:\windows\system32\atiadlxx.dll
2009-11-04 14:47 . 2009-11-04 14:47 53248 ----a-w- g:\windows\system32\aticalrt.dll
2009-11-04 14:47 . 2009-11-04 14:47 53248 ----a-w- g:\windows\system32\aticalcl.dll
2009-11-04 14:46 . 2009-11-04 14:46 3547136 ----a-w- g:\windows\system32\aticaldd.dll
2009-11-04 14:37 . 2009-11-04 14:37 53248 ----a-w- g:\windows\system32\drivers\ati2erec.dll
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- g:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- g:\windows\system32\xliveinstallhost.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 19:07 . 2009-08-11 19:35 622022 ----a-w- g:\windows\system32\perfh005.dat
2009-11-29 19:07 . 2009-08-11 19:35 118356 ----a-w- g:\windows\system32\perfc005.dat
2009-11-29 15:52 . 2009-09-02 05:19 4096 d-----w- g:\users\eva\AppData\Roaming\Skype
2009-11-29 15:02 . 2009-09-02 05:20 4096 d-----w- g:\users\eva\AppData\Roaming\skypePM
2009-11-28 07:46 . 2009-08-31 12:39 1 ----a-w- g:\users\Jonas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-27 20:13 . 2009-08-18 17:59 4096 d-----w- g:\users\Jonas\AppData\Roaming\Hamachi
2009-11-27 15:30 . 2009-08-16 07:05 12288 d-----w- g:\program files\Garena
2009-11-24 19:05 . 2009-08-17 06:31 28672 d-----w- g:\users\Jonas\AppData\Roaming\uTorrent
2009-11-22 18:08 . 2009-08-11 18:30 116552 ----a-w- g:\users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-22 11:19 . 2009-08-11 08:22 116552 ----a-w- g:\users\Jonas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-22 07:16 . 2009-08-16 15:49 4096 d-----w- g:\program files\Common Files\Adobe
2009-11-16 12:30 . 2009-08-11 16:22 4096 d--h--w- g:\program files\InstallShield Installation Information
2009-11-15 13:04 . 2009-09-02 05:19 4096 d-----w- g:\program files\Google
2009-11-11 21:40 . 2009-08-11 16:41 12288 d-----w- g:\programdata\Microsoft Help
2009-11-08 16:25 . 2009-08-17 08:26 691696 ----a-w- g:\windows\system32\drivers\sptd.sys
2009-11-08 16:24 . 2009-08-17 08:31 -------- d-----w- g:\programdata\DAEMON Tools Lite
2009-11-04 15:39 . 2009-09-23 22:22 3034624 ----a-w- g:\windows\system32\atidxx32.dll
2009-11-02 19:42 . 2009-10-03 13:13 195456 ------w- g:\windows\system32\MpSigStub.exe
2009-10-16 01:11 . 2009-10-16 01:11 1168896 ----a-w- g:\windows\system32\drivers\P17.sys
2009-10-08 06:54 . 2009-10-08 06:52 -------- d-----w- g:\users\eva\AppData\Roaming\VoipDiscount
2009-10-08 06:06 . 2009-09-22 12:48 4096 d-----w- g:\program files\FlashCatch
2009-10-07 19:06 . 2009-10-07 19:05 -------- d-----w- g:\program files\Okidata
2009-10-07 19:05 . 2009-10-07 19:05 -------- d-----w- g:\users\Jonas\AppData\Roaming\InstallShield
2009-10-07 19:04 . 2009-10-07 19:04 -------- d-----w- g:\programdata\OPPU
2009-10-07 18:10 . 2009-10-07 18:10 4096 d-----w- g:\program files\Advanced IP Scanner
2009-09-30 14:33 . 2009-09-30 14:33 104976 ----a-w- g:\windows\system32\drivers\AtiHdmi.sys
2009-09-24 18:34 . 2009-09-24 18:13 189784 ----a-w- g:\windows\system32\PnkBstrB.exe
2009-09-24 18:13 . 2009-09-24 18:13 75064 ----a-w- g:\windows\system32\PnkBstrA.exe
2009-09-24 18:13 . 2009-09-24 18:13 2373712 ----a-w- g:\windows\system32\pbsvc.exe
2009-09-04 16:44 . 2009-11-11 15:05 515416 ----a-w- g:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-11-11 15:05 238936 ----a-w- g:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-11-11 15:05 69464 ----a-w- g:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-11-11 15:05 453456 ----a-w- g:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-11-11 15:05 235344 ----a-w- g:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-11-11 15:05 1974616 ----a-w- g:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-11-11 15:05 5501792 ----a-w- g:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-11-11 15:05 1892184 ----a-w- g:\windows\system32\D3DX9_42.dll
2009-09-02 05:20 . 2009-09-02 05:20 56 ---ha-w- g:\programdata\ezsidmv.dat
2009-09-01 20:55 . 2009-09-01 20:55 195855 ----a-w- g:\windows\system32\atiicdxx.dat
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- g:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- g:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- g:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="g:\program files\QIP\QIP Infium RetroPack\inf.exe " [X]
"Sidebar"="g:\program files\Windows Sidebar\sidebar.exe" [2009-04-22 1174016]
"swg"="g:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]
"DAEMON Tools Lite"="g:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Steam"="g:\program files\steam\steam.exe" [2009-11-13 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="g:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"RtHDVCpl"="g:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"GrooveMonitor"="g:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="g:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"Adobe Acrobat Speed Launcher"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"ATICustomerCare"="g:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"P17RunE"="P17RunE.dll" - g:\windows\System32\P17RunE.dll [2008-03-28 14848]

g:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - g:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - g:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=g:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 amdxata;amdxata;g:\windows\System32\drivers\amdxata.sys [22.4.2009 3:07 23120]
R0 CLFS;Systém souborů CLFS;g:\windows\System32\clfs.sys [22.4.2009 4:08 249424]
R0 CNG;CNG;g:\windows\System32\drivers\cng.sys [22.4.2009 4:31 369056]
R0 FileInfo;File Information FS MiniFilter;g:\windows\System32\drivers\fileinfo.sys [22.4.2009 4:19 58448]
R0 fvevol;Ovladač filtru nástroje Bitlocker Drive Encryption;g:\windows\System32\drivers\fvevol.sys [22.4.2009 4:10 194488]
R0 hwpolicy;Hardware Policy Driver;g:\windows\System32\drivers\hwpolicy.sys [22.4.2009 4:08 13904]
R0 KSecPkg;KSecPkg;g:\windows\System32\drivers\ksecpkg.sys [22.4.2009 4:32 133200]
R0 msisadrv;msisadrv;g:\windows\System32\drivers\msisadrv.sys [22.4.2009 4:08 13904]
R0 pcw;Performance Counters for Windows Driver;g:\windows\System32\drivers\pcw.sys [22.4.2009 4:08 42576]
R0 rdyboost;ReadyBoost;g:\windows\System32\drivers\rdyboost.sys [22.4.2009 4:19 173648]
R0 spldr;Security Processor Loader Driver;g:\windows\System32\drivers\spldr.sys [22.4.2009 1:36 17488]
R0 storflt;Diskový ovladač filtru akcelerace sběrnice virtuálního počítače;g:\windows\System32\drivers\vmstorfl.sys [22.4.2009 11:23 40912]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;g:\windows\System32\drivers\vdrvroot.sys [22.4.2009 4:44 32848]
R0 volmgr;Volume Manager Driver;g:\windows\System32\drivers\volmgr.sys [22.4.2009 4:08 52304]
R0 volmgrx;Správce dynamických svazků;g:\windows\System32\drivers\volmgrx.sys [22.4.2009 4:09 297040]
R1 blbdrive;blbdrive;g:\windows\System32\drivers\blbdrive.sys [22.4.2009 4:20 35328]
R1 CSC;Ovladač souborů pro režim offline;g:\windows\System32\drivers\csc.sys [22.4.2009 4:12 387584]
R1 DfsC;DFS Namespace Client Driver;g:\windows\System32\drivers\dfsc.sys [22.4.2009 4:11 78336]
R1 discache;System Attribute Cache;g:\windows\System32\drivers\discache.sys [22.4.2009 4:21 32768]
R1 ehdrv;ehdrv;g:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 nsiproxy;NSI proxy service driver.;g:\windows\System32\drivers\nsiproxy.sys [22.4.2009 4:09 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;g:\windows\System32\drivers\RDPENCDD.sys [22.4.2009 5:00 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;g:\windows\System32\drivers\RDPREFMP.sys [22.4.2009 5:00 7168]
R1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;g:\windows\System32\drivers\tdx.sys [22.4.2009 4:09 74240]
R1 Wanarpv6;Ovladač pro vzdálený přístup IPv6 ARP;g:\windows\System32\drivers\wanarp.sys [22.4.2009 4:53 63488]
R1 WfpLwf;WFP Lightweight Filter;g:\windows\System32\drivers\wfplwf.sys [22.4.2009 4:52 9728]
R2 AMD External Events Utility;AMD External Events Utility;g:\windows\System32\atiesrxx.exe [4.11.2009 16:45 172032]
R2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 BFE;Služba BFE (Base Filtering Engine);g:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 CscService;Soubory offline;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 DPS;Služba DPS (Diagnostic Policy Service);g:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 ekrn;ESET Service;g:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;g:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 gpsvc;Klient zásad skupiny;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 iphlpsvc;Pomocná služba protokolu IP;g:\windows\System32\svchost.exe -k NetSvcs [22.4.2009 4:16 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;g:\windows\System32\drivers\lltdio.sys [22.4.2009 4:51 48128]
R2 luafv;Virtualizace souborů nástroje Řízení uživatelských účtů;g:\windows\System32\drivers\luafv.sys [22.4.2009 4:13 86528]
R2 MpsSvc;Brána Windows Firewall;g:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 NlaSvc;Sledování umístění v síti (NLA);g:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
R2 nsi;Služba rozhraní síťového úložiště;g:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R2 PEAUTH;PEAUTH;g:\windows\System32\drivers\PEAuth.sys [22.4.2009 4:33 586752]
R2 Power;Napájení;g:\windows\system32\svchost.exe -k DcomLaunch [22.4.2009 4:16 20992]
R2 ProfSvc;Služba Profil uživatele;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 RpcEptMapper;Mapovač koncových bodů protokolu RPC;g:\windows\system32\svchost.exe -k RPCSS [22.4.2009 4:16 20992]
R2 SysMain;Superfetch;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;g:\windows\System32\drivers\tcpipreg.sys [22.4.2009 4:52 34816]
R2 UxSms;Správce relací správce oken plochy;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 WinDefend;Windows Defender;g:\windows\System32\svchost.exe -k secsvcs [22.4.2009 4:16 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;g:\windows\System32\drivers\1394ohci.sys [22.4.2009 4:50 162816]
R3 Appinfo;Informace o aplikaci;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R3 bowser;Ovladač podpory prohlížeče;g:\windows\System32\drivers\bowser.sys [22.4.2009 4:11 69632]
R3 CompositeBus;Composite Bus Enumerator Driver;g:\windows\System32\drivers\CompositeBus.sys [22.4.2009 4:43 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;g:\windows\System32\drivers\dxgkrnl.sys [22.4.2009 4:23 720384]
R3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;g:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 monitor;Microsoft Monitor Class Function Driver Service;g:\windows\System32\drivers\monitor.sys [22.4.2009 4:23 23552]
R3 mpsdrv;Ovladač ověření brány Windows Firewall;g:\windows\System32\drivers\mpsdrv.sys [22.4.2009 4:51 60416]
R3 mrxsmb10;Mini-přesměrovač SMB 1.x;g:\windows\System32\drivers\mrxsmb10.sys [22.4.2009 4:11 220672]
R3 mrxsmb20;Mini-přesměrovač SMB 2.0;g:\windows\System32\drivers\mrxsmb20.sys [22.4.2009 4:11 94720]
R3 netprofm;Služba seznamu sítí;g:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);g:\windows\System32\drivers\agilevpn.sys [22.4.2009 4:53 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;g:\windows\System32\drivers\rdpbus.sys [22.4.2009 5:01 18432]
R3 RTL8167;Realtek 8167 NT Driver;g:\windows\System32\drivers\Rt86win7.sys [20.3.2009 16:22 139776]
R3 srv2;Ovladač pro server SMB 2.xxx;g:\windows\System32\drivers\srv2.sys [7.11.2009 13:59 306688]
R3 srvnet;srvnet;g:\windows\System32\drivers\srvnet.sys [22.4.2009 4:12 113664]
R3 TrustedInstaller;Instalační služba modulů systému Windows;g:\windows\servicing\TrustedInstaller.exe [22.4.2009 4:20 204800]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;g:\windows\System32\drivers\tunnel.sys [22.4.2009 4:52 108032]
R3 umbus;UMBus Enumerator Driver;g:\windows\System32\drivers\umbus.sys [22.4.2009 4:50 39936]
R3 WdiServiceHost;Hostitel diagnostické služby;g:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 WdiSystemHost;Hostitel diagnostického systému;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S0 sptd;sptd;g:\windows\System32\drivers\sptd.sys [17.8.2009 9:26 691696]
S2 gupdate;Služba Google Update (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [18.9.2009 10:55 133104]
S2 MMCSS;Služba Plánovač multimédií;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S2 sppsvc;Ochrana před softwarem;g:\windows\System32\sppsvc.exe [22.4.2009 5:44 3179520]
S3 AcpiPmi;ACPI Power Meter Driver;g:\windows\System32\drivers\acpipmi.sys [22.4.2009 4:13 9728]
S3 adp94xx;adp94xx;g:\windows\System32\drivers\adp94xx.sys [20.3.2009 16:22 422992]
S3 adpahci;adpahci;g:\windows\System32\drivers\adpahci.sys [22.4.2009 3:07 297552]
S3 amdsata;amdsata;g:\windows\System32\drivers\amdsata.sys [20.3.2009 16:23 77904]
S3 amdsbs;amdsbs;g:\windows\System32\drivers\amdsbs.sys [28.3.2009 5:45 159312]
S3 AppID;Ovladač AppID;g:\windows\System32\drivers\appid.sys [22.4.2009 4:35 50176]
S3 AppIDSvc;Identita aplikace;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 arcsas;arcsas;g:\windows\System32\drivers\arcsas.sys [22.4.2009 3:07 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;g:\windows\System32\drivers\bxvbdx.sys [20.3.2009 16:22 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;g:\windows\System32\drivers\b57nd60x.sys [22.4.2009 3:01 229888]
S3 BDESVC;Služba BitLocker Drive Encryption;g:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;g:\windows\System32\drivers\BrFiltLo.sys [22.4.2009 5:55 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;g:\windows\System32\drivers\BrFiltUp.sys [22.4.2009 5:56 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);g:\windows\System32\drivers\BrSerId.sys [22.4.2009 5:53 272128]
S3 BrSerWdm;Brother WDM Serial driver;g:\windows\System32\drivers\BrSerWdm.sys [22.4.2009 5:55 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;g:\windows\System32\drivers\BrUsbMdm.sys [22.4.2009 5:55 12160]
S3 CertPropSvc;Šíření certifikátů;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 circlass;Consumer IR Devices;g:\windows\System32\drivers\circlass.sys [22.4.2009 4:49 37888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;g:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7.11.2009 14:13 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [15.11.2009 9:35 25832]
S3 defragsvc;Defragmentace disku;g:\windows\system32\svchost.exe -k defragsvc [22.4.2009 4:16 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;g:\windows\System32\drivers\evbdx.sys [20.3.2009 16:22 3100160]
S3 elxstor;elxstor;g:\windows\System32\drivers\elxstor.sys [20.3.2009 16:23 453712]
S3 FDResPub;Publikování prostředků rozpoznávání funkcí;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 Filetrace;FileTrace;g:\windows\System32\drivers\filetrace.sys [22.4.2009 4:12 28160]
S3 FontCache;Mezipaměť písem Windows;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 FsDepends;File System Dependency Minifilter;g:\windows\System32\drivers\fsdepends.sys [22.4.2009 4:12 45648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;g:\windows\System32\drivers\hcw85cir.sys [22.4.2009 3:52 26624]
S3 HomeGroupListener;Naslouchací proces domácí skupiny;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 HomeGroupProvider;Zprostředkovatel domácích skupin;g:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
S3 HpSAMD;HpSAMD;g:\windows\System32\drivers\HpSAMD.sys [22.4.2009 3:07 67152]
S3 iaStorV;iaStorV;g:\windows\System32\drivers\iaStorV.sys [15.4.2009 3:30 332368]
S3 IPMIDRV;IPMIDRV;g:\windows\System32\drivers\IPMIDrv.sys [22.4.2009 4:28 65536]
S3 iScsiPrt;iScsiPort Driver;g:\windows\System32\drivers\msiscsi.sys [22.4.2009 4:44 186960]
S3 KeyIso;Izolace klíče CNG;g:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
S3 KtmRm;Služba KTMRM pro koordinátor DTC;g:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;g:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 LSI_FC;LSI_FC;g:\windows\System32\drivers\lsi_fc.sys [22.4.2009 3:07 95824]
S3 LSI_SAS;LSI_SAS;g:\windows\System32\drivers\lsi_sas.sys [22.4.2009 3:07 89168]
S3 LSI_SAS2;LSI_SAS2;g:\windows\System32\drivers\lsi_sas2.sys [22.4.2009 3:07 54864]
S3 LSI_SCSI;LSI_SCSI;g:\windows\System32\drivers\lsi_scsi.sys [22.4.2009 3:07 96848]
S3 megasas;megasas;g:\windows\System32\drivers\megasas.sys [20.3.2009 16:23 30800]
S3 mpio;mpio;g:\windows\System32\drivers\mpio.sys [22.4.2009 4:44 130640]
S3 msahci;msahci;g:\windows\System32\drivers\msahci.sys [22.4.2009 4:44 27728]
S3 msdsm;msdsm;g:\windows\System32\drivers\msdsm.sys [22.4.2009 4:44 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;g:\windows\System32\drivers\mshidkmdf.sys [22.4.2009 4:49 4096]
S3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 MsRPC;MsRPC;g:\windows\System32\drivers\msrpc.sys [22.4.2009 4:09 162896]
S3 MTConfig;Microsoft Input Configuration Driver;g:\windows\System32\drivers\MTConfig.sys [22.4.2009 4:45 12288]
S3 NativeWifiP;NativeWiFi Filter;g:\windows\System32\drivers\nwifi.sys [22.4.2009 4:50 267264]
S3 NdisCap;NDIS Capture LightWeight Filter;g:\windows\System32\drivers\ndiscap.sys [22.4.2009 4:51 27136]
S3 nfrd960;nfrd960;g:\windows\System32\drivers\nfrd960.sys [22.4.2009 3:07 44624]
S3 nvstor;nvstor;g:\windows\System32\drivers\nvstor.sys [15.4.2009 3:30 142416]
S3 PcaSvc;Program Compatibility Assistant Service;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 PeerDistSvc;BranchCache;g:\windows\System32\svchost.exe -k PeerDist [22.4.2009 4:16 20992]
S3 pla;Výstrahy a protokolování výkonu;g:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;g:\windows\System32\svchost.exe -k LocalServicePeerNet [22.4.2009 4:16 20992]
S3 ql2300;ql2300;g:\windows\System32\drivers\ql2300.sys [20.3.2009 16:23 1383504]
S3 ql40xx;ql40xx;g:\windows\System32\drivers\ql40xx.sys [22.4.2009 3:07 105552]
S3 s3cap;s3cap;g:\windows\System32\drivers\vms3cap.sys [22.4.2009 11:23 5632]
S3 scfilter;Ovladač filtru čipových karet třídy PnP;g:\windows\System32\drivers\scfilter.sys [22.4.2009 4:32 26624]
S3 SCPolicySvc;Zásady odebrání čipové karty;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 SDRSVC;Windows Zálohování;g:\windows\system32\svchost.exe -k SDRSVC [22.4.2009 4:16 20992]
S3 SensrSvc;Adaptivní jas;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 SessionEnv;Remote Desktop Configuration;g:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;g:\windows\System32\drivers\sffp_mmc.sys [22.4.2009 4:44 12288]
S3 SiSRaid4;SiSRaid4;g:\windows\System32\drivers\sisraid4.sys [22.4.2009 3:07 77904]
S3 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);g:\windows\System32\drivers\smb.sys [22.4.2009 4:52 71168]
S3 sppuinotify;Služba Oznámení platformy SPP;g:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 stexstor;stexstor;g:\windows\System32\drivers\stexstor.sys [22.4.2009 3:07 21072]
S3 storvsc;storvsc;g:\windows\System32\drivers\storvsc.sys [22.4.2009 11:23 28240]
S3 TabletInputService;Služba Vstupní panel počítače Tablet PC;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 TBS;Služba TPM Base Services;g:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 THREADORDER;Server pro řazení podprocesů;g:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;g:\windows\System32\drivers\tssecsrv.sys [22.4.2009 5:00 30208]
S3 UI0Detect;Zjišťování interaktivních služeb;g:\windows\System32\UI0Detect.exe [22.4.2009 4:35 35840]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;g:\windows\System32\drivers\ULILAN51.SYS [11.8.2009 19:13 28672]
S3 ULI526X;ULi M526X 10/100 Ethernet Controller Driver;g:\windows\System32\drivers\ULILAN32.SYS [30.6.2006 3:39 30720]
S3 uliagpkx;Uli AGP Bus Filter;g:\windows\System32\drivers\ULIAGPKX.SYS [22.4.2009 4:23 57424]
S3 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 usbcir;eHome Infrared Receiver (USBCIR);g:\windows\System32\drivers\usbcir.sys [22.4.2009 4:49 86016]
S3 VaultSvc;Správce pověření;g:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
S3 vhdmp;vhdmp;g:\windows\System32\drivers\vhdmp.sys [22.4.2009 4:44 158288]
S3 ViaC7;VIA C7 Processor Driver;g:\windows\System32\drivers\viac7.sys [22.4.2009 4:08 52736]
S3 vmbus;vmbus;g:\windows\System32\drivers\vmbus.sys [22.4.2009 11:23 175824]
S3 VMBusHID;VMBusHID;g:\windows\System32\drivers\VMBusHID.sys [22.4.2009 11:23 17920]
S3 vsmraid;vsmraid;g:\windows\System32\drivers\vsmraid.sys [20.3.2009 16:23 141904]
S3 vwifibus;Ovladač sběrnice Virtual WiFi;g:\windows\System32\drivers\vwifibus.sys [22.4.2009 4:50 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;g:\windows\System32\drivers\wacompen.sys [22.4.2009 4:45 21632]
S3 wbengine;Služba jádra pro zálohování dat na úrovni bloků;g:\windows\System32\wbengine.exe [22.4.2009 4:21 1203200]
S3 WbioSrvc;Biometrická služba systému Windows;g:\windows\system32\svchost.exe -k WbioSvcGroup [22.4.2009 4:16 20992]
S3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;g:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 WcsPlugInService;Windows Color System;g:\windows\system32\svchost.exe -k wcssvc [22.4.2009 4:16 20992]
S3 Wd;Wd;g:\windows\System32\drivers\wd.sys [22.4.2009 4:08 19024]
S3 Wecsvc;Sběr událostí systému Windows;g:\windows\system32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 wercplsupport;Podpora ovládacího panelu Oznámení a řešení problémů;g:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 WerSvc;Služba Zasílání zpráv o chybách systému Windows;g:\windows\System32\svchost.exe -k WerSvcGroup [22.4.2009 4:16 20992]
S3 WIMMount;WIMMount;g:\windows\System32\drivers\wimmount.sys [22.4.2009 4:15 19024]
S3 WinRM;Vzdálená správa systému Windows (WS-Management);g:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 Wlansvc;Automatická konfigurace sítě WLAN;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 WPCSvc;Rodičovská kontrola;g:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
S3 WPDBusEnum;Služba Výčet přenosných zařízení;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 WSDPrintDevice;WSD Print Support via UMB;g:\windows\System32\drivers\WSDPrint.sys [22.4.2009 5:18 17920]
S3 WwanSvc;Automatická konfigurace sítě WWAN;g:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S4 Mcx2Svc;Služba zařízení Media Center Extender;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Obsah adresáře 'Naplánované úlohy'

2009-11-29 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 09:55]

2009-11-29 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 09:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/" onclick="window.open(this.href);return false;
IE: Append Link Target to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - g:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6626A7B9-C86C-4320-A8DC-E8233A1385C8} = 192.168.5.1
Handler: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - g:\program files\Google\Chrome Frame\Application\4.0.255.0\npchrome_tab.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
AddRemove-DAEMON Tools Toolbar - g:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-EasyLearnPC_is1 - f:\easylearnpc\unins000.exe
AddRemove-QIP 2005 - g:\program files\QIP\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-29 21:06
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\g:\users\Jonas\AppData\Local\Temp\ZNECD7D.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2009-11-29 21:08
ComboFix-quarantined-files.txt 2009-11-29 20:08

Před spuštěním: Volných bajtů: 1 244 177 350 656
Po spuštění: Volných bajtů: 1 244 264 599 552

- - End Of File - - 694E7AF4CFA294224EA86B066515C9D4

Re: prosim o kontrolu

Napsal: 30 lis 2009 16:20
od jaro3
těch ovladačů a služeb!

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
g:\programdata\ezsidmv.dat
g:\users\Jonas\AppData\Local\Temp\ZNECD7D.tmp

Folder::
g:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP

Driver::
GarenaPEngine

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
g:\windows\system32\APOMngr.DLL
g:\windows\system32\xliveinstallhost.exe
g:\windows\system32\xliveinstall.dll
g:\program files\QIP\QIP Infium RetroPack\inf.exe

Vlož sem pak odkazy na stránky s výsledky.

Re: prosim o kontrolu

Napsal: 30 lis 2009 17:08
od jojkos
ComboFix 09-11-29.02 - Jonas 30.11.2009 17:16.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1250.420.1033.18.3582.2961 [GMT 1:00]
Spuštěný z: g:\users\Jonas\Desktop\ComboFix.exe
Použité ovládací přepínače :: g:\users\Jonas\Desktop\CFScript.txt
* Rezidentní štít AV je zapnutý


FILE ::
"g:\programdata\ezsidmv.dat"
"g:\users\Jonas\AppData\Local\Temp\ZNECD7D.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\programdata\ezsidmv.dat
g:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
g:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE


((((((((((((((((((((((((( Soubory vytvořené od 2009-10-28 do 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-30 16:24 . 2009-11-30 16:26 4096 d-----w- g:\users\Jonas\AppData\Local\temp
2009-11-30 16:24 . 2009-11-30 16:24 -------- d-----w- g:\users\Public\AppData\Local\temp
2009-11-30 16:24 . 2009-11-30 16:24 -------- d-----w- g:\users\eva\AppData\Local\temp
2009-11-30 16:24 . 2009-11-30 16:24 -------- d-----w- g:\users\Default\AppData\Local\temp
2009-11-30 09:28 . 2009-11-30 09:28 399872 ----a-w- g:\programdata\Microsoft\Windows Defender\LocalCopy\{FA415696-22E3-370D-706B-215A979B37B0}-GarenaTV_UI.dll
2009-11-30 09:28 . 2009-11-30 09:28 165376 ----a-w- g:\programdata\Microsoft\Windows Defender\LocalCopy\{ECDC6869-A107-B82E-CE78-AA6FD49B5CFB}-WC3Ass.dll
2009-11-30 09:28 . 2009-11-30 09:28 156160 ----a-w- g:\programdata\Microsoft\Windows Defender\LocalCopy\{64638592-DF6B-74B4-859D-86E396D633F6}-WC3Ladder.dll
2009-11-30 07:41 . 2009-11-30 07:41 -------- d-----w- g:\users\eva\AppData\Local\Adobe
2009-11-29 19:32 . 2009-11-29 19:36 -------- d-----w- g:\users\Jonas\AppData\Local\Adobe
2009-11-29 18:34 . 2009-11-29 18:34 -------- d-----w- g:\users\Jonas\AppData\Roaming\Malwarebytes
2009-11-29 18:34 . 2009-09-10 13:54 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 18:34 . 2009-11-29 18:34 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware
2009-11-29 18:34 . 2009-11-29 18:34 -------- d-----w- g:\programdata\Malwarebytes
2009-11-29 18:34 . 2009-09-10 13:53 19160 ----a-w- g:\windows\system32\drivers\mbam.sys
2009-11-29 17:23 . 2009-11-30 11:05 -------- d-----w- G:\Prodlouzena
2009-11-28 11:12 . 2009-11-28 11:12 -------- d-----w- g:\program files\QIP
2009-11-25 20:06 . 2009-11-25 20:06 -------- d-----w- g:\programdata\ATI
2009-11-25 20:03 . 2009-11-25 20:03 10134 ----a-r- g:\users\Jonas\AppData\Roaming\Microsoft\Installer\{A548C254-03BB-22F8-1064-899487B3CF85}\ARPPRODUCTICON.exe
2009-11-25 20:03 . 2009-11-25 20:04 -------- d-----w- g:\program files\ATI
2009-11-25 20:02 . 2009-11-25 20:04 -------- d-----w- g:\program files\ATI Technologies
2009-11-15 08:39 . 2009-11-15 08:39 -------- d-----w- g:\programdata\Media Center Programs
2009-11-15 08:27 . 2009-11-15 08:39 -------- d-----w- g:\program files\Common Files\BioWare
2009-11-15 08:27 . 2009-11-15 08:35 -------- d-----w- g:\program files\Dragon Age
2009-11-13 14:17 . 2009-11-28 07:14 -------- d-----w- g:\program files\Common Files\Steam
2009-11-13 14:17 . 2009-11-30 16:26 8192 d-----w- g:\program files\Steam
2009-11-11 05:57 . 2009-11-11 05:57 -------- d-----w- g:\program files\Activision
2009-11-09 20:27 . 2009-11-09 20:27 -------- d-----w- g:\program files\Jesusonic
2009-11-09 20:07 . 2009-11-09 20:22 -------- d-----w- g:\program files\Distortion
2009-11-09 20:04 . 2009-11-09 20:07 -------- d-----w- g:\programdata\Protexis
2009-11-09 20:04 . 2000-10-01 23:00 125712 ----a-w- g:\windows\system32\VB6DE.DLL
2009-11-08 16:58 . 2009-11-08 16:58 -------- d-----w- g:\program files\Codemasters
2009-11-08 16:24 . 2009-11-08 16:25 4096 d-----w- g:\program files\DAEMON Tools Lite
2009-11-07 22:42 . 2009-11-30 16:24 4096 d-----w- G:\Boot
2009-11-07 13:13 . 2009-11-07 13:13 413696 ----a-w- g:\windows\system32\wrap_oal.dll
2009-11-07 13:13 . 2009-11-07 13:13 110592 ----a-w- g:\windows\system32\OpenAL32.dll
2009-11-07 13:13 . 2009-04-02 10:33 2873820 ------w- g:\windows\system32\Sens_oal.dll
2009-11-07 13:13 . 2009-11-07 13:13 -------- d-----w- g:\program files\Common Files\Creative Labs Shared
2009-11-07 13:12 . 2009-11-07 13:14 4096 d-----w- g:\program files\Creative
2009-11-07 13:00 . 2009-11-07 21:44 -------- d-----w- g:\programdata\Creative
2009-11-07 13:00 . 2009-07-10 08:07 166912 ----a-w- g:\windows\system32\APOMngr.DLL
2009-11-07 13:00 . 2009-02-06 17:52 73728 ----a-w- g:\windows\system32\CmdRtr.DLL
2009-11-07 12:59 . 2009-09-10 03:10 306688 ----a-w- g:\windows\system32\drivers\srv2.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- g:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- g:\windows\system32\xlivefnt.dll
2009-11-04 16:16 . 2009-11-04 16:16 5079040 ----a-w- g:\windows\system32\drivers\atikmdag.sys
2009-11-04 15:46 . 2009-11-04 15:46 479232 ----a-w- g:\windows\system32\ATIDEMGX.dll
2009-11-04 15:45 . 2009-11-04 15:45 360448 ----a-w- g:\windows\system32\atieclxx.exe
2009-11-04 15:45 . 2009-11-04 15:45 172032 ----a-w- g:\windows\system32\atiesrxx.exe
2009-11-04 15:43 . 2009-11-04 15:43 159744 ----a-w- g:\windows\system32\atitmmxx.dll
2009-11-04 15:43 . 2009-11-04 15:43 356352 ----a-w- g:\windows\system32\atipdlxx.dll
2009-11-04 15:43 . 2009-11-04 15:43 274432 ----a-w- g:\windows\system32\Oemdspif.dll
2009-11-04 15:43 . 2009-11-04 15:43 11776 ----a-w- g:\windows\system32\atimuixx.dll
2009-11-04 15:42 . 2009-11-04 15:42 43520 ----a-w- g:\windows\system32\ati2edxx.dll
2009-11-04 15:23 . 2009-11-04 15:23 3602432 ----a-w- g:\windows\system32\atiumdag.dll
2009-11-04 15:11 . 2009-11-04 15:11 12964352 ----a-w- g:\windows\system32\atioglxx.dll
2009-11-04 15:05 . 2009-11-04 15:05 2899456 ----a-w- g:\windows\system32\atiumdva.dll
2009-11-04 14:52 . 2009-11-04 14:52 52224 ----a-w- g:\windows\system32\atimpc32.dll
2009-11-04 14:52 . 2009-11-04 14:52 52224 ----a-w- g:\windows\system32\amdpcom32.dll
2009-11-04 14:52 . 2009-11-04 14:52 208896 ----a-w- g:\windows\system32\atiadlxx.dll
2009-11-04 14:47 . 2009-11-04 14:47 53248 ----a-w- g:\windows\system32\aticalrt.dll
2009-11-04 14:47 . 2009-11-04 14:47 53248 ----a-w- g:\windows\system32\aticalcl.dll
2009-11-04 14:46 . 2009-11-04 14:46 3547136 ----a-w- g:\windows\system32\aticaldd.dll
2009-11-04 14:37 . 2009-11-04 14:37 53248 ----a-w- g:\windows\system32\drivers\ati2erec.dll
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- g:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- g:\windows\system32\xliveinstallhost.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 14:44 . 2009-09-02 05:19 4096 d-----w- g:\users\eva\AppData\Roaming\Skype
2009-11-30 07:44 . 2009-09-02 05:20 4096 d-----w- g:\users\eva\AppData\Roaming\skypePM
2009-11-29 22:57 . 2009-08-11 19:35 625276 ----a-w- g:\windows\system32\perfh005.dat
2009-11-29 22:57 . 2009-08-11 19:35 119546 ----a-w- g:\windows\system32\perfc005.dat
2009-11-29 20:14 . 2009-08-31 12:39 1 ----a-w- g:\users\Jonas\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-27 20:13 . 2009-08-18 17:59 4096 d-----w- g:\users\Jonas\AppData\Roaming\Hamachi
2009-11-27 15:30 . 2009-08-16 07:05 12288 d-----w- g:\program files\Garena
2009-11-24 19:05 . 2009-08-17 06:31 28672 d-----w- g:\users\Jonas\AppData\Roaming\uTorrent
2009-11-24 14:06 . 2009-11-24 14:06 4096 d-----w- g:\program files\Ventrilo
2009-11-24 14:06 . 2009-11-15 08:39 4096 d-----w- g:\program files\Common Files\Wise Installation Wizard
2009-11-22 18:08 . 2009-08-11 18:30 116552 ----a-w- g:\users\eva\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-22 11:19 . 2009-08-11 08:22 116552 ----a-w- g:\users\Jonas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-22 07:16 . 2009-08-16 15:49 4096 d-----w- g:\program files\Common Files\Adobe
2009-11-16 13:09 . 2009-11-16 13:09 -------- d-----w- g:\programdata\Futuremark
2009-11-16 12:30 . 2009-11-16 12:30 -------- d-----w- g:\program files\Common Files\Futuremark Shared
2009-11-16 12:30 . 2009-08-11 16:22 4096 d--h--w- g:\program files\InstallShield Installation Information
2009-11-16 12:28 . 2009-11-16 12:28 -------- d-----w- g:\program files\Futuremark
2009-11-15 13:04 . 2009-09-02 05:19 4096 d-----w- g:\program files\Google
2009-11-15 08:43 . 2009-11-15 08:43 -------- d-----w- g:\programdata\BioWare
2009-11-15 08:40 . 2009-11-15 08:40 8192 d-----w- g:\program files\AGEIA Technologies
2009-11-11 21:40 . 2009-08-11 16:41 12288 d-----w- g:\programdata\Microsoft Help
2009-11-08 16:25 . 2009-08-17 08:26 691696 ----a-w- g:\windows\system32\drivers\sptd.sys
2009-11-08 16:24 . 2009-08-17 08:31 -------- d-----w- g:\programdata\DAEMON Tools Lite
2009-11-04 15:39 . 2009-09-23 22:22 3034624 ----a-w- g:\windows\system32\atidxx32.dll
2009-11-02 19:42 . 2009-10-03 13:13 195456 ------w- g:\windows\system32\MpSigStub.exe
2009-10-16 01:11 . 2009-10-16 01:11 1168896 ----a-w- g:\windows\system32\drivers\P17.sys
2009-10-08 06:54 . 2009-10-08 06:52 -------- d-----w- g:\users\eva\AppData\Roaming\VoipDiscount
2009-10-08 06:06 . 2009-09-22 12:48 4096 d-----w- g:\program files\FlashCatch
2009-10-07 19:06 . 2009-10-07 19:05 -------- d-----w- g:\program files\Okidata
2009-10-07 19:05 . 2009-10-07 19:05 -------- d-----w- g:\users\Jonas\AppData\Roaming\InstallShield
2009-10-07 19:04 . 2009-10-07 19:04 -------- d-----w- g:\programdata\OPPU
2009-10-07 18:10 . 2009-10-07 18:10 4096 d-----w- g:\program files\Advanced IP Scanner
2009-09-30 14:33 . 2009-09-30 14:33 104976 ----a-w- g:\windows\system32\drivers\AtiHdmi.sys
2009-09-24 18:34 . 2009-09-24 18:13 189784 ----a-w- g:\windows\system32\PnkBstrB.exe
2009-09-24 18:13 . 2009-09-24 18:13 75064 ----a-w- g:\windows\system32\PnkBstrA.exe
2009-09-24 18:13 . 2009-09-24 18:13 2373712 ----a-w- g:\windows\system32\pbsvc.exe
2009-09-04 16:44 . 2009-11-11 15:05 515416 ----a-w- g:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-11-11 15:05 238936 ----a-w- g:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-11-11 15:05 69464 ----a-w- g:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-11-11 15:05 453456 ----a-w- g:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-11-11 15:05 235344 ----a-w- g:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-11-11 15:05 1974616 ----a-w- g:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-11-11 15:05 5501792 ----a-w- g:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-11-11 15:05 1892184 ----a-w- g:\windows\system32\D3DX9_42.dll
2009-09-01 20:55 . 2009-09-01 20:55 195855 ----a-w- g:\windows\system32\atiicdxx.dat
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- g:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- g:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- g:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="g:\program files\QIP\QIP Infium RetroPack\inf.exe " [X]
"Sidebar"="g:\program files\Windows Sidebar\sidebar.exe" [2009-04-22 1174016]
"swg"="g:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]
"DAEMON Tools Lite"="g:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Steam"="g:\program files\steam\steam.exe" [2009-11-13 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="g:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"RtHDVCpl"="g:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"GrooveMonitor"="g:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="g:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"Adobe Acrobat Speed Launcher"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"ATICustomerCare"="g:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"P17RunE"="P17RunE.dll" - g:\windows\System32\P17RunE.dll [2008-03-28 14848]

g:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - g:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - g:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=g:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 amdxata;amdxata;g:\windows\System32\drivers\amdxata.sys [22.4.2009 3:07 23120]
R0 CLFS;Systém souborů CLFS;g:\windows\System32\clfs.sys [22.4.2009 4:08 249424]
R0 CNG;CNG;g:\windows\System32\drivers\cng.sys [22.4.2009 4:31 369056]
R0 FileInfo;File Information FS MiniFilter;g:\windows\System32\drivers\fileinfo.sys [22.4.2009 4:19 58448]
R0 fvevol;Ovladač filtru nástroje Bitlocker Drive Encryption;g:\windows\System32\drivers\fvevol.sys [22.4.2009 4:10 194488]
R0 hwpolicy;Hardware Policy Driver;g:\windows\System32\drivers\hwpolicy.sys [22.4.2009 4:08 13904]
R0 KSecPkg;KSecPkg;g:\windows\System32\drivers\ksecpkg.sys [22.4.2009 4:32 133200]
R0 msisadrv;msisadrv;g:\windows\System32\drivers\msisadrv.sys [22.4.2009 4:08 13904]
R0 pcw;Performance Counters for Windows Driver;g:\windows\System32\drivers\pcw.sys [22.4.2009 4:08 42576]
R0 rdyboost;ReadyBoost;g:\windows\System32\drivers\rdyboost.sys [22.4.2009 4:19 173648]
R0 spldr;Security Processor Loader Driver;g:\windows\System32\drivers\spldr.sys [22.4.2009 1:36 17488]
R0 storflt;Diskový ovladač filtru akcelerace sběrnice virtuálního počítače;g:\windows\System32\drivers\vmstorfl.sys [22.4.2009 11:23 40912]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;g:\windows\System32\drivers\vdrvroot.sys [22.4.2009 4:44 32848]
R0 volmgr;Volume Manager Driver;g:\windows\System32\drivers\volmgr.sys [22.4.2009 4:08 52304]
R0 volmgrx;Správce dynamických svazků;g:\windows\System32\drivers\volmgrx.sys [22.4.2009 4:09 297040]
R1 blbdrive;blbdrive;g:\windows\System32\drivers\blbdrive.sys [22.4.2009 4:20 35328]
R1 CSC;Ovladač souborů pro režim offline;g:\windows\System32\drivers\csc.sys [22.4.2009 4:12 387584]
R1 DfsC;DFS Namespace Client Driver;g:\windows\System32\drivers\dfsc.sys [22.4.2009 4:11 78336]
R1 discache;System Attribute Cache;g:\windows\System32\drivers\discache.sys [22.4.2009 4:21 32768]
R1 ehdrv;ehdrv;g:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 nsiproxy;NSI proxy service driver.;g:\windows\System32\drivers\nsiproxy.sys [22.4.2009 4:09 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;g:\windows\System32\drivers\RDPENCDD.sys [22.4.2009 5:00 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;g:\windows\System32\drivers\RDPREFMP.sys [22.4.2009 5:00 7168]
R1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;g:\windows\System32\drivers\tdx.sys [22.4.2009 4:09 74240]
R1 Wanarpv6;Ovladač pro vzdálený přístup IPv6 ARP;g:\windows\System32\drivers\wanarp.sys [22.4.2009 4:53 63488]
R1 WfpLwf;WFP Lightweight Filter;g:\windows\System32\drivers\wfplwf.sys [22.4.2009 4:52 9728]
R2 AMD External Events Utility;AMD External Events Utility;g:\windows\System32\atiesrxx.exe [4.11.2009 16:45 172032]
R2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 BFE;Služba BFE (Base Filtering Engine);g:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 CscService;Soubory offline;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 DPS;Služba DPS (Diagnostic Policy Service);g:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 ekrn;ESET Service;g:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;g:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 gpsvc;Klient zásad skupiny;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 iphlpsvc;Pomocná služba protokolu IP;g:\windows\System32\svchost.exe -k NetSvcs [22.4.2009 4:16 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;g:\windows\System32\drivers\lltdio.sys [22.4.2009 4:51 48128]
R2 luafv;Virtualizace souborů nástroje Řízení uživatelských účtů;g:\windows\System32\drivers\luafv.sys [22.4.2009 4:13 86528]
R2 MMCSS;Služba Plánovač multimédií;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 MpsSvc;Brána Windows Firewall;g:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 NlaSvc;Sledování umístění v síti (NLA);g:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
R2 nsi;Služba rozhraní síťového úložiště;g:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R2 PEAUTH;PEAUTH;g:\windows\System32\drivers\PEAuth.sys [22.4.2009 4:33 586752]
R2 Power;Napájení;g:\windows\system32\svchost.exe -k DcomLaunch [22.4.2009 4:16 20992]
R2 ProfSvc;Služba Profil uživatele;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 RpcEptMapper;Mapovač koncových bodů protokolu RPC;g:\windows\system32\svchost.exe -k RPCSS [22.4.2009 4:16 20992]
R2 sppsvc;Ochrana před softwarem;g:\windows\System32\sppsvc.exe [22.4.2009 5:44 3179520]
R2 SysMain;Superfetch;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;g:\windows\System32\drivers\tcpipreg.sys [22.4.2009 4:52 34816]
R2 UxSms;Správce relací správce oken plochy;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 WinDefend;Windows Defender;g:\windows\System32\svchost.exe -k secsvcs [22.4.2009 4:16 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;g:\windows\System32\drivers\1394ohci.sys [22.4.2009 4:50 162816]
R3 Appinfo;Informace o aplikaci;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R3 bowser;Ovladač podpory prohlížeče;g:\windows\System32\drivers\bowser.sys [22.4.2009 4:11 69632]
R3 CompositeBus;Composite Bus Enumerator Driver;g:\windows\System32\drivers\CompositeBus.sys [22.4.2009 4:43 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;g:\windows\System32\drivers\dxgkrnl.sys [22.4.2009 4:23 720384]
R3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;g:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 FDResPub;Publikování prostředků rozpoznávání funkcí;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
R3 HomeGroupListener;Naslouchací proces domácí skupiny;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R3 HomeGroupProvider;Zprostředkovatel domácích skupin;g:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
R3 KeyIso;Izolace klíče CNG;g:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
R3 monitor;Microsoft Monitor Class Function Driver Service;g:\windows\System32\drivers\monitor.sys [22.4.2009 4:23 23552]
R3 mpsdrv;Ovladač ověření brány Windows Firewall;g:\windows\System32\drivers\mpsdrv.sys [22.4.2009 4:51 60416]
R3 mrxsmb10;Mini-přesměrovač SMB 1.x;g:\windows\System32\drivers\mrxsmb10.sys [22.4.2009 4:11 220672]
R3 mrxsmb20;Mini-přesměrovač SMB 2.0;g:\windows\System32\drivers\mrxsmb20.sys [22.4.2009 4:11 94720]
R3 netprofm;Služba seznamu sítí;g:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 PcaSvc;Program Compatibility Assistant Service;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);g:\windows\System32\drivers\agilevpn.sys [22.4.2009 4:53 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;g:\windows\System32\drivers\rdpbus.sys [22.4.2009 5:01 18432]
R3 RTL8167;Realtek 8167 NT Driver;g:\windows\System32\drivers\Rt86win7.sys [20.3.2009 16:22 139776]
R3 srv2;Ovladač pro server SMB 2.xxx;g:\windows\System32\drivers\srv2.sys [7.11.2009 13:59 306688]
R3 srvnet;srvnet;g:\windows\System32\drivers\srvnet.sys [22.4.2009 4:12 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;g:\windows\System32\drivers\tunnel.sys [22.4.2009 4:52 108032]
R3 umbus;UMBus Enumerator Driver;g:\windows\System32\drivers\umbus.sys [22.4.2009 4:50 39936]
R3 WdiServiceHost;Hostitel diagnostické služby;g:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 WdiSystemHost;Hostitel diagnostického systému;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S2 gupdate;Služba Google Update (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [18.9.2009 10:55 133104]
S3 AcpiPmi;ACPI Power Meter Driver;g:\windows\System32\drivers\acpipmi.sys [22.4.2009 4:13 9728]
S3 adp94xx;adp94xx;g:\windows\System32\drivers\adp94xx.sys [20.3.2009 16:22 422992]
S3 adpahci;adpahci;g:\windows\System32\drivers\adpahci.sys [22.4.2009 3:07 297552]
S3 amdsata;amdsata;g:\windows\System32\drivers\amdsata.sys [20.3.2009 16:23 77904]
S3 amdsbs;amdsbs;g:\windows\System32\drivers\amdsbs.sys [28.3.2009 5:45 159312]
S3 AppID;Ovladač AppID;g:\windows\System32\drivers\appid.sys [22.4.2009 4:35 50176]
S3 AppIDSvc;Identita aplikace;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 arcsas;arcsas;g:\windows\System32\drivers\arcsas.sys [22.4.2009 3:07 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;g:\windows\System32\drivers\bxvbdx.sys [20.3.2009 16:22 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;g:\windows\System32\drivers\b57nd60x.sys [22.4.2009 3:01 229888]
S3 BDESVC;Služba BitLocker Drive Encryption;g:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;g:\windows\System32\drivers\BrFiltLo.sys [22.4.2009 5:55 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;g:\windows\System32\drivers\BrFiltUp.sys [22.4.2009 5:56 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);g:\windows\System32\drivers\BrSerId.sys [22.4.2009 5:53 272128]
S3 BrSerWdm;Brother WDM Serial driver;g:\windows\System32\drivers\BrSerWdm.sys [22.4.2009 5:55 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;g:\windows\System32\drivers\BrUsbMdm.sys [22.4.2009 5:55 12160]
S3 CertPropSvc;Šíření certifikátů;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 circlass;Consumer IR Devices;g:\windows\System32\drivers\circlass.sys [22.4.2009 4:49 37888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;g:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7.11.2009 14:13 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [15.11.2009 9:35 25832]
S3 defragsvc;Defragmentace disku;g:\windows\system32\svchost.exe -k defragsvc [22.4.2009 4:16 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;g:\windows\System32\drivers\evbdx.sys [20.3.2009 16:22 3100160]
S3 elxstor;elxstor;g:\windows\System32\drivers\elxstor.sys [20.3.2009 16:23 453712]
S3 Filetrace;FileTrace;g:\windows\System32\drivers\filetrace.sys [22.4.2009 4:12 28160]
S3 FontCache;Mezipaměť písem Windows;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 FsDepends;File System Dependency Minifilter;g:\windows\System32\drivers\fsdepends.sys [22.4.2009 4:12 45648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;g:\windows\System32\drivers\hcw85cir.sys [22.4.2009 3:52 26624]
S3 HpSAMD;HpSAMD;g:\windows\System32\drivers\HpSAMD.sys [22.4.2009 3:07 67152]
S3 iaStorV;iaStorV;g:\windows\System32\drivers\iaStorV.sys [15.4.2009 3:30 332368]
S3 IPMIDRV;IPMIDRV;g:\windows\System32\drivers\IPMIDrv.sys [22.4.2009 4:28 65536]
S3 iScsiPrt;iScsiPort Driver;g:\windows\System32\drivers\msiscsi.sys [22.4.2009 4:44 186960]
S3 KtmRm;Služba KTMRM pro koordinátor DTC;g:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;g:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 LSI_FC;LSI_FC;g:\windows\System32\drivers\lsi_fc.sys [22.4.2009 3:07 95824]
S3 LSI_SAS;LSI_SAS;g:\windows\System32\drivers\lsi_sas.sys [22.4.2009 3:07 89168]
S3 LSI_SAS2;LSI_SAS2;g:\windows\System32\drivers\lsi_sas2.sys [22.4.2009 3:07 54864]
S3 LSI_SCSI;LSI_SCSI;g:\windows\System32\drivers\lsi_scsi.sys [22.4.2009 3:07 96848]
S3 megasas;megasas;g:\windows\System32\drivers\megasas.sys [20.3.2009 16:23 30800]
S3 mpio;mpio;g:\windows\System32\drivers\mpio.sys [22.4.2009 4:44 130640]
S3 msahci;msahci;g:\windows\System32\drivers\msahci.sys [22.4.2009 4:44 27728]
S3 msdsm;msdsm;g:\windows\System32\drivers\msdsm.sys [22.4.2009 4:44 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;g:\windows\System32\drivers\mshidkmdf.sys [22.4.2009 4:49 4096]
S3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 MsRPC;MsRPC;g:\windows\System32\drivers\msrpc.sys [22.4.2009 4:09 162896]
S3 MTConfig;Microsoft Input Configuration Driver;g:\windows\System32\drivers\MTConfig.sys [22.4.2009 4:45 12288]
S3 NativeWifiP;NativeWiFi Filter;g:\windows\System32\drivers\nwifi.sys [22.4.2009 4:50 267264]
S3 NdisCap;NDIS Capture LightWeight Filter;g:\windows\System32\drivers\ndiscap.sys [22.4.2009 4:51 27136]
S3 nfrd960;nfrd960;g:\windows\System32\drivers\nfrd960.sys [22.4.2009 3:07 44624]
S3 nvstor;nvstor;g:\windows\System32\drivers\nvstor.sys [15.4.2009 3:30 142416]
S3 PeerDistSvc;BranchCache;g:\windows\System32\svchost.exe -k PeerDist [22.4.2009 4:16 20992]
S3 pla;Výstrahy a protokolování výkonu;g:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;g:\windows\System32\svchost.exe -k LocalServicePeerNet [22.4.2009 4:16 20992]
S3 ql2300;ql2300;g:\windows\System32\drivers\ql2300.sys [20.3.2009 16:23 1383504]
S3 ql40xx;ql40xx;g:\windows\System32\drivers\ql40xx.sys [22.4.2009 3:07 105552]
S3 s3cap;s3cap;g:\windows\System32\drivers\vms3cap.sys [22.4.2009 11:23 5632]
S3 scfilter;Ovladač filtru čipových karet třídy PnP;g:\windows\System32\drivers\scfilter.sys [22.4.2009 4:32 26624]
S3 SCPolicySvc;Zásady odebrání čipové karty;g:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 SDRSVC;Windows Zálohování;g:\windows\system32\svchost.exe -k SDRSVC [22.4.2009 4:16 20992]
S3 SensrSvc;Adaptivní jas;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 SessionEnv;Remote Desktop Configuration;g:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;g:\windows\System32\drivers\sffp_mmc.sys [22.4.2009 4:44 12288]
S3 SiSRaid4;SiSRaid4;g:\windows\System32\drivers\sisraid4.sys [22.4.2009 3:07 77904]
S3 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);g:\windows\System32\drivers\smb.sys [22.4.2009 4:52 71168]
S3 sppuinotify;Služba Oznámení platformy SPP;g:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 stexstor;stexstor;g:\windows\System32\drivers\stexstor.sys [22.4.2009 3:07 21072]
S3 storvsc;storvsc;g:\windows\System32\drivers\storvsc.sys [22.4.2009 11:23 28240]
S3 TabletInputService;Služba Vstupní panel počítače Tablet PC;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 TBS;Služba TPM Base Services;g:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 THREADORDER;Server pro řazení podprocesů;g:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 TrustedInstaller;Instalační služba modulů systému Windows;g:\windows\servicing\TrustedInstaller.exe [22.4.2009 4:20 204800]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;g:\windows\System32\drivers\tssecsrv.sys [22.4.2009 5:00 30208]
S3 UI0Detect;Zjišťování interaktivních služeb;g:\windows\System32\UI0Detect.exe [22.4.2009 4:35 35840]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;g:\windows\System32\drivers\ULILAN51.SYS [11.8.2009 19:13 28672]
S3 ULI526X;ULi M526X 10/100 Ethernet Controller Driver;g:\windows\System32\drivers\ULILAN32.SYS [30.6.2006 3:39 30720]
S3 uliagpkx;Uli AGP Bus Filter;g:\windows\System32\drivers\ULIAGPKX.SYS [22.4.2009 4:23 57424]
S3 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha;g:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 usbcir;eHome Infrared Receiver (USBCIR);g:\windows\System32\drivers\usbcir.sys [22.4.2009 4:49 86016]
S3 VaultSvc;Správce pověření;g:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
S3 vhdmp;vhdmp;g:\windows\System32\drivers\vhdmp.sys [22.4.2009 4:44 158288]
S3 ViaC7;VIA C7 Processor Driver;g:\windows\System32\drivers\viac7.sys [22.4.2009 4:08 52736]
S3 vmbus;vmbus;g:\windows\System32\drivers\vmbus.sys [22.4.2009 11:23 175824]
S3 VMBusHID;VMBusHID;g:\windows\System32\drivers\VMBusHID.sys [22.4.2009 11:23 17920]
S3 vsmraid;vsmraid;g:\windows\System32\drivers\vsmraid.sys [20.3.2009 16:23 141904]
S3 vwifibus;Ovladač sběrnice Virtual WiFi;g:\windows\System32\drivers\vwifibus.sys [22.4.2009 4:50 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;g:\windows\System32\drivers\wacompen.sys [22.4.2009 4:45 21632]
S3 wbengine;Služba jádra pro zálohování dat na úrovni bloků;g:\windows\System32\wbengine.exe [22.4.2009 4:21 1203200]
S3 WbioSrvc;Biometrická služba systému Windows;g:\windows\system32\svchost.exe -k WbioSvcGroup [22.4.2009 4:16 20992]
S3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;g:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 WcsPlugInService;Windows Color System;g:\windows\system32\svchost.exe -k wcssvc [22.4.2009 4:16 20992]
S3 Wd;Wd;g:\windows\System32\drivers\wd.sys [22.4.2009 4:08 19024]
S3 Wecsvc;Sběr událostí systému Windows;g:\windows\system32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 wercplsupport;Podpora ovládacího panelu Oznámení a řešení problémů;g:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 WerSvc;Služba Zasílání zpráv o chybách systému Windows;g:\windows\System32\svchost.exe -k WerSvcGroup [22.4.2009 4:16 20992]
S3 WIMMount;WIMMount;g:\windows\System32\drivers\wimmount.sys [22.4.2009 4:15 19024]
S3 WinRM;Vzdálená správa systému Windows (WS-Management);g:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 Wlansvc;Automatická konfigurace sítě WLAN;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 WPCSvc;Rodičovská kontrola;g:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
S3 WPDBusEnum;Služba Výčet přenosných zařízení;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 WSDPrintDevice;WSD Print Support via UMB;g:\windows\System32\drivers\WSDPrint.sys [22.4.2009 5:18 17920]
S3 WwanSvc;Automatická konfigurace sítě WWAN;g:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S4 Mcx2Svc;Služba zařízení Media Center Extender;g:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Obsah adresáře 'Naplánované úlohy'

2009-11-30 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 09:55]

2009-11-30 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 09:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/" onclick="window.open(this.href);return false;
IE: Append Link Target to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - g:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6626A7B9-C86C-4320-A8DC-E8233A1385C8} = 192.168.5.1
Handler: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - g:\program files\Google\Chrome Frame\Application\4.0.255.0\npchrome_tab.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:26
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:26
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:26
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:26
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:26
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:26
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:26
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:27
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:27
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:27
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-11-30 17:27
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84CE31F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84d12488
QueryNameProcedure -> 0x84d12618
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
g:\program files\Creative\Shared Files\CTAudSvc.exe
g:\windows\system32\atieclxx.exe
g:\program files\Bonjour\mDNSResponder.exe
g:\windows\system32\PnkBstrA.exe
g:\windows\system32\taskhost.exe
g:\windows\system32\conhost.exe
g:\windows\System32\rundll32.exe
g:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
g:\program files\OpenOffice.org 3\program\soffice.exe
g:\program files\OpenOffice.org 3\program\soffice.bin
g:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
g:\program files\Windows Media Player\wmpnetwk.exe
g:\program files\Internet Explorer\iexplore.exe
g:\program files\Internet Explorer\iexplore.exe
g:\program files\Internet Explorer\iexplore.exe
g:\program files\Internet Explorer\iexplore.exe
g:\program files\Internet Explorer\iexplore.exe
g:\program files\Internet Explorer\iexplore.exe
g:\program files\Internet Explorer\iexplore.exe
g:\program files\Google\Chrome Frame\Application\chrome.exe
g:\program files\Google\Chrome Frame\Application\chrome.exe
g:\program files\Google\Chrome Frame\Application\chrome.exe
g:\program files\Microsoft Office\Office12\OUTLOOK.EXE
g:\program files\Skype\Toolbars\Shared\SkypeNames.exe
.
**************************************************************************
.
Celkový čas: 2009-11-30 17:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-30 16:31

Před spuštěním: Volných bajtů: 1 240 475 877 376
Po spuštění: Volných bajtů: 1 240 365 572 096

- - End Of File - - 3E23EB343FD1FA14C5697FD3CE857F75


http://www.virustotal.com/cs/analisis/0 ... 1259596991" onclick="window.open(this.href);return false;
http://www.virustotal.com/cs/analisis/f ... 1259597062" onclick="window.open(this.href);return false;
http://www.virustotal.com/cs/analisis/3 ... 1259597074" onclick="window.open(this.href);return false;
http://www.virustotal.com/cs/analisis/9 ... 1259597119" onclick="window.open(this.href);return false;

Re: prosim o kontrolu

Napsal: 30 lis 2009 17:59
od jaro3
Stáhni si RootRepeal

Rozbal si archív třeba do C:\RootRepeal
Poklepej na RootRepeal.exe ke startu programu ( ve vistě pravým a vybrat spustit jako administrátor).
Klikni v dolní části na Files a potom na Scan .
Objeví se dialog.okno, dej zatržítko na disk, který chceš skenovat( nejčastěji na C:\ , a potom na OK.
Program začne skenovat zatržený disk. Když sken skončí , budou tam vypsané soubory, ale ne všechny musí být legitimní. Klikni na Save Report a ulož si log do dokumentů. Vlož sem prosím celý jeho obsah.

Takže, nabootuj z instalačního CD/DVD, přihlas se s k Windows přes konzoli pro zotavení (musíš znát heslo do profilu Administrator) a do příkazového řádku zadej:

Kód: Vybrat vše

fixmbr
Odentruj a po oznámení, že MBR byl přepsán, zadej

Kód: Vybrat vše

exit
PC se restartuje.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz