Generic.Application.CoinMiner jak odstrnit respektive ...

Zpráva

Berger · #1 Příspěvek od **Berger** » 13 úno 2018 12:36

Provozuji stařičký server s Windows Server 2003, funguje jako souborový a terminálový server pro jednu aplikaci.
Poslední měsíc řeším stále dokola jeden problém na serveru se mi spouští hpset.exe což je Generic.Application.CoinMiner.1.AC3C66B1. Je to BitCoinMiner pokaždé ho stopnu, smažu všechny 4 soubory s nim spojené, projedu server antivirem ten nic nenajde vše se zda OK a třeba za dva dny opět procesor vytížen na 100%.
Otázka číslo jedna kudy a jak se tento BitCoinMiner mlže na server dostávat?
Otázka číslo dva, jaký free antivir byste doporučili na Windows Server, měl jsme tam ESET File Security, ale skončilo nám předplatné a nechce se mi do toho zase vrážet peníze.

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by SPRAVCE at 2018-02-13 12:43:45
Microsoft(R) Windows(R) Server 2003, Standard Edition Service Pack 2
System drive C: has 204 GB (85%) free of 238 GB
Total RAM: 3965 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:52, on 13.2.2018
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.23707)
Boot mode: Normal

Running processes:
C:\Documents and Settings\SPRAVCE\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET File Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\cmd.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\ESET\ESET File Security\egui.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
c:\Temp2\RSIT.exe
C:\Program Files\trend micro\SPRAVCE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3500746537-2576807321-775964137-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'lwww')
O4 - HKUS\S-1-5-21-3500746537-2576807321-775964137-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'chlum')
O4 - HKUS\S-1-5-21-3500746537-2576807321-775964137-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'panelaky')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\spravce\windows\system32\mswsock.dll' missing
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://*.1.im.cz
O15 - ESC Trusted Zone: http://onecare.live.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.mysql.com
O15 - ESC Trusted Zone: http://www.seznam.cz
O15 - ESC Trusted Zone: http://search.sklik.cz
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://127.0.0.1
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283756918796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1392253363656
O17 - HKLM\System\CCS\Services\Tcpip\..\{22FA61C4-B77A-47D8-B9D8-0A27C19CC4A1}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7306DB75-7E41-4E05-B78E-4A03C5B80042}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC9B5424-F2E4-43AA-92A4-40CBCB017789}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Documents and Settings\SPRAVCE\WINDOWS\system32\browseui.dll (file missing)
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Documents and Settings\SPRAVCE\WINDOWS\system32\browseui.dll (file missing)
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET File Security\ehttpsrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET File Security\ekrn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7135 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\záloha dat.job - C:\WINDOWS\system32\ntbackup.exe  backup "@C:\Documents and Settings\SPRAVCE\Local Settings\Data aplikací\Microsoft\Windows NT\NTBackup\data\090315 - konfigurace obsahu záloh.bks" /a /d "Sada vytvořena 9.3.2015 v 13:59" /v:no /r:no /rs:no /hc:off /m normal /j "záloha dat" /l:s /f "D:\DATA\JILKOVA\! ZÁLOHA SERVER !\Backup.bkf" 

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\SPRAVCE\Data aplikací\Mozilla\Firefox\Profiles\yyvoi4s0.default

prefs.js - "browser.startup.homepage" -  "http://www.google.com/"
prefs.js - "extensions.enabledItems" -  "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


C:\Program Files\Mozilla Firefox\components\
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Documents and Settings\SPRAVCE\Data aplikací\Mozilla\Firefox\Profiles\yyvoi4s0.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"C-Media Mixer"=Mixer.exe /startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVXMRSYNC_TM]
c:\windows\temp\smss.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
C:\WINDOWS\system32\crypt32.dll [2015-06-26 603648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
C:\WINDOWS\system32\cryptnet.dll [2007-02-17 62464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
C:\WINDOWS\system32\cscdll.dll [2007-02-17 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
C:\WINDOWS\system32\dimsntfy.dll [2007-02-17 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
C:\WINDOWS\system32\sclgntfy.dll [2005-03-25 21504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
C:\WINDOWS\system32\WlNotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll [2015-02-19 8367104]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll [2015-02-19 8367104]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll [2015-06-16 236544]
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll [2007-02-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll [2009-06-26 1033216]
Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll [2009-06-26 1033216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2015-02-19 8367104]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=RASSFM
KDCSVC
WDIGEST
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ias]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpcdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpwd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdpipe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdtcp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\termservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ShowSuperHidden"=1
"HonorAutoRunSetting"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\wincmd\WINCMD32.EXE"="C:\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"E:\WD Discovery Software\WD Discovery.exe"="E:\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe"="C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"C:\Documents and Settings\SPRAVCE\Local Settings\Temp\TeamViewer\Version8\TeamViewer.exe"="C:\Documents and Settings\SPRAVCE\Local Settings\Temp\TeamViewer\Version8\TeamViewer.exe:*:Enabled:TeamViewer 8"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.I420"=msh263.drv
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2018-02-13 12:43:45 ----D---- C:\rsit
2018-02-13 12:43:45 ----D---- C:\Program Files\trend micro
2018-02-10 16:47:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2018-02-10 16:47:56 ----D---- C:\Program Files\ESET
2018-02-08 12:08:08 ----A---- C:\WINDOWS\system32\ZLhp1020.DLL

======List of files/folders modified in the last 1 month======

2018-02-13 12:43:47 ----D---- C:\WINDOWS\Temp
2018-02-13 12:43:45 ----RD---- C:\Program Files
2018-02-13 12:43:38 ----D---- C:\WINDOWS\system32\CatRoot2
2018-02-13 12:43:33 ----D---- C:\TEMP
2018-02-13 12:43:06 ----D---- C:\Temp2
2018-02-13 12:39:13 ----D---- C:\LWWW
2018-02-13 11:39:04 ----SHD---- C:\RECYCLER
2018-02-12 20:10:10 ----SHD---- C:\System Volume Information
2018-02-12 20:00:08 ----D---- C:\WINDOWS\system32\inetsrv
2018-02-11 17:29:45 ----D---- C:\WINDOWS
2018-02-11 17:26:16 ----AD---- C:\WINDOWS\system32
2018-02-11 17:26:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-11 17:21:55 ----D---- C:\WINDOWS\system32\LServer
2018-02-10 17:24:08 ----D---- C:\WINDOWS\system32\drivers
2018-02-10 17:00:00 ----SHD---- C:\WINDOWS\Installer
2018-02-10 16:59:46 ----SHD---- C:\Config.Msi
2018-02-10 16:59:27 ----D---- C:\WINDOWS\inf
2018-02-10 00:41:49 ----D---- C:\ClavZal

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\WINDOWS\system32\DRIVERS\ACPI.sys [2007-02-17 194560]
R0 atapi;Standardní řadič disku IDE či ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2007-02-17 96768]
R0 Compbatt;Microsoft Composite Battery Driver; C:\WINDOWS\system32\DRIVERS\compbatt.sys [2007-02-17 10624]
R0 crcdisk;Ovladač filtru disku CRC; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 17920]
R0 DfsDriver;DfsDriver; C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-17 34816]
R0 Disk;Ovladač disku; C:\WINDOWS\system32\DRIVERS\disk.sys [2007-02-17 39936]
R0 dmio;Ovladač správce logických disků; C:\WINDOWS\System32\drivers\dmio.sys [2007-02-17 151552]
R0 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2005-03-25 7680]
R0 FltMgr;FltMgr; C:\WINDOWS\system32\drivers\fltmgr.sys [2013-01-07 132096]
R0 Ftdisk;Ovladač správce svazků; C:\WINDOWS\system32\DRIVERS\ftdisk.sys [2007-02-17 137216]
R0 isapnp;Řadič Plug and Play sběrnice ISA/EISA; C:\WINDOWS\system32\DRIVERS\isapnp.sys [2007-02-17 38912]
R0 KSecDD;KSecDD; C:\WINDOWS\system32\drivers\KSecDD.sys [2015-06-27 136192]
R0 MountMgr;Správce přípojných bodů; C:\WINDOWS\system32\drivers\MountMgr.sys [2007-02-17 46592]
R0 Mup;Služba Multiple UNC Provider; C:\WINDOWS\system32\drivers\Mup.sys [2011-04-12 103424]
R0 NDIS;Systémový ovladač NDIS; C:\WINDOWS\system32\drivers\NDIS.sys [2007-02-17 210432]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2007-02-17 61312]
R0 PartMgr;Správce oddílů; C:\WINDOWS\system32\drivers\PartMgr.sys [2007-02-17 25088]
R0 PCI;Řadič sběrnice PCI; C:\WINDOWS\system32\DRIVERS\pci.sys [2007-02-17 75264]
R0 PCIIde;PCIIde; C:\WINDOWS\system32\DRIVERS\pciide.sys [2005-03-25 5632]
R0 VolSnap;Paměťové svazky; C:\WINDOWS\system32\DRIVERS\volsnap.sys [2012-08-22 153600]
R1 AFD;AFD; C:\WINDOWS\System32\drivers\afd.sys [2014-05-30 150528]
R1 Beep;Beep; C:\WINDOWS\system32\drivers\Beep.sys [2005-03-25 6144]
R1 CV2K1;CommView Network Monitor; C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2017-04-26 9906]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2017-12-05 215328]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2017-12-05 160736]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2017-12-05 60992]
R1 Fips;Fips; C:\WINDOWS\system32\drivers\Fips.sys [2007-02-17 45568]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\system32\DRIVERS\i8042prt.sys [2007-02-17 55296]
R1 IPSec;Ovladač IPSEC; C:\WINDOWS\system32\DRIVERS\ipsec.sys [2007-02-17 82432]
R1 Kbdclass;Ovladač třídy klávesnic; C:\WINDOWS\system32\DRIVERS\kbdclass.sys [2007-02-17 25600]
R1 mnmdd;mnmdd; C:\WINDOWS\system32\drivers\mnmdd.sys [2005-03-25 6144]
R1 Mouclass;Ovladač třídy myší; C:\WINDOWS\system32\DRIVERS\mouclass.sys [2005-03-25 23040]
R1 MRxSmb;MRXSMB; C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2011-07-06 439296]
R1 Msfs;Msfs; C:\WINDOWS\system32\drivers\Msfs.sys [2007-02-17 21504]
R1 NetBIOS;Rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\netbios.sys [2007-02-17 34816]
R1 NetBT;Rozhraní NetBios nad protokolem TCP/IP; C:\WINDOWS\system32\DRIVERS\netbt.sys [2007-02-17 180224]
R1 Npfs;Npfs; C:\WINDOWS\system32\drivers\Npfs.sys [2007-02-17 32256]
R1 Null;Null; C:\WINDOWS\system32\drivers\Null.sys [2005-03-25 4608]
R1 RasAcd;Ovladač automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\DRIVERS\rasacd.sys [2005-03-25 10752]
R1 Rdbss;Rdbss; C:\WINDOWS\system32\DRIVERS\rdbss.sys [2010-02-24 177664]
R1 RDPCDD;RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [2005-03-25 6144]
R1 Serial;Ovladač sériového portu; C:\WINDOWS\system32\DRIVERS\serial.sys [2007-02-17 65536]
R1 Tcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\DRIVERS\tcpip.sys [2014-09-15 400896]
R1 TermDD;Ovladač terminálového zařízení; C:\WINDOWS\system32\DRIVERS\termdd.sys [2007-02-17 41608]
R1 ts_lb;ts_lb; C:\WINDOWS\system32\drivers\ts_lb.sys [2012-10-06 25704]
R1 VgaSave;Grafický řadič VGA; C:\WINDOWS\System32\drivers\vga.sys [2007-02-17 23552]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2007-02-17 11264]
R2 Parvdm;Parvdm; C:\WINDOWS\system32\DRIVERS\parvdm.sys [2005-03-25 8704]
R3 audstub;Prázdný zvukový ovladač; C:\WINDOWS\system32\DRIVERS\audstub.sys [2003-03-25 5120]
R3 Gpc;Obecné třídění paketů; C:\WINDOWS\system32\DRIVERS\msgpc.sys [2007-02-17 39424]
R3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2007-02-17 21504]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-03-25 11776]
R3 HTTP;Služba HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [2010-04-19 294400]
R3 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-02-17 40448]
R3 IpNat;IP Network Address Translator; C:\WINDOWS\system32\DRIVERS\ipnat.sys [2007-02-17 119296]
R3 mssmbios;Ovladač Microsoft System Management BIOS; C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2007-02-17 19968]
R3 NdisTapi;Ovladač Remote Access NDIS TAPI; C:\WINDOWS\system32\DRIVERS\ndistapi.sys [2011-07-08 12288]
R3 Ndisuio;Protokol NDIS uživatelského režimu V/V; C:\WINDOWS\system32\DRIVERS\ndisuio.sys [2007-02-17 16384]
R3 NdisWan;Ovladač Remote Access NDIS WAN; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [2007-02-17 89600]
R3 NDProxy;Služba NDIS Proxy; C:\WINDOWS\system32\drivers\NDProxy.sys [2013-11-27 40960]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-09-20 22016]
R3 Parport;Ovladač paralelního portu; C:\WINDOWS\system32\DRIVERS\parport.sys [2007-02-17 81408]
R3 PptpMiniport;Připojení WAN Miniport (PPTP); C:\WINDOWS\system32\DRIVERS\raspptp.sys [2007-02-17 59904]
R3 Ptilink;Direct Parallel Link Driver; C:\WINDOWS\system32\DRIVERS\ptilink.sys [2007-02-17 20480]
R3 Rasl2tp;WAN Miniport (L2TP); C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [2007-02-17 65536]
R3 RasPppoe;Ovladač pro vzdálený přístup PPPOE; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2007-02-17 40960]
R3 Raspti;Přímé propojení paralelním kabelem; C:\WINDOWS\system32\DRIVERS\raspti.sys [2007-02-17 19968]
R3 rdpdr;Ovladač přesměrovače zařízení terminálového serveru; C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2007-02-17 200192]
R3 RDPWD;RDPWD; C:\WINDOWS\system32\drivers\RDPWD.sys [2012-05-02 152200]
R3 RTL8169;Ovladač Realtek RTL8169 Gigabit Ethernet Adapter NT; C:\WINDOWS\system32\DRIVERS\RT8169xp.sys [2003-03-25 28544]
R3 serenum;Ovladač filtru Serenum; C:\WINDOWS\system32\DRIVERS\serenum.sys [2007-02-17 17920]
R3 Srv;Srv; C:\WINDOWS\system32\DRIVERS\srv.sys [2011-02-17 381952]
R3 swenum;Softwarový ovladač sběrnice; C:\WINDOWS\system32\DRIVERS\swenum.sys [2007-02-17 4736]
R3 TDTCP;TDTCP; C:\WINDOWS\system32\drivers\TDTCP.sys [2007-02-17 24200]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft; C:\WINDOWS\system32\DRIVERS\tscomm.sys [2013-07-23 43208]
R3 Update;Ovladač aktualizace mikrokódu; C:\WINDOWS\system32\DRIVERS\update.sys [2007-05-28 365056]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2013-07-20 30720]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-17 60416]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2013-07-20 17664]
R3 Wanarp;Ovladač Remote Access IP ARP; C:\WINDOWS\system32\DRIVERS\wanarp.sys [2007-02-17 36352]
R4 Ntfs;Ntfs; C:\WINDOWS\system32\drivers\Ntfs.sys [2007-02-17 589824]
S1 Cdrom;Ovladač jednotky CD-ROM; C:\WINDOWS\system32\DRIVERS\cdrom.sys [2007-02-17 52224]
S1 Changer;Changer; C:\WINDOWS\system32\drivers\Changer.sys []
S1 i2omgmt;i2omgmt; C:\WINDOWS\system32\drivers\i2omgmt.sys []
S1 imapi;CD-Burning Filter Driver; C:\WINDOWS\system32\DRIVERS\imapi.sys [2007-02-17 43520]
S1 redbook;Digital CD Audio Playback Filter Driver; C:\WINDOWS\system32\DRIVERS\redbook.sys [2007-02-17 61952]
S1 Sfloppy;Sfloppy; C:\WINDOWS\system32\drivers\Sfloppy.sys [2005-03-25 12288]
S3 aec;Microsoft Kernel Acoustic Echo Canceller; C:\WINDOWS\system32\drivers\aec.sys [2007-02-17 140288]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-02-17 61952]
S3 AsyncMac;Ovladač asynchronních médií připojení RAS; C:\WINDOWS\system32\DRIVERS\asyncmac.sys [2005-03-25 16384]
S3 Atmarpc;Protokol ATM ARP Client; C:\WINDOWS\system32\DRIVERS\atmarpc.sys [2007-02-17 59392]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
S3 DMusic;Syntezátor Microsoft Kernel DLS; C:\WINDOWS\system32\drivers\DMusic.sys [2007-02-17 54784]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\WINDOWS\system32\drivers\drmkaud.sys [2003-03-25 5632]
S3 Fdc;Ovladač řadiče disketové jednotky; C:\WINDOWS\system32\DRIVERS\fdc.sys [2007-02-17 24576]
S3 Flpydisk;Ovladač disketové jednotky; C:\WINDOWS\system32\DRIVERS\flpydisk.sys [2005-03-25 18432]
S3 gameenum;Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\gameenum.sys [2003-03-25 10112]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-07-08 144384]
S3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2010-11-23 26752]
S3 Ip6Fw;Ovladač IPv6 brány firewall systému Windows; C:\WINDOWS\system32\drivers\ip6fw.sys [2007-02-17 36352]
S3 IpFilterDriver;IP Traffic Filter Driver; C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [2007-02-17 32768]
S3 IpInIp;IP in IP Tunnel Driver; C:\WINDOWS\system32\DRIVERS\ipinip.sys []
S3 IRENUM;Služba čítače výčtu IR; C:\WINDOWS\system32\DRIVERS\irenum.sys [2007-02-17 12800]
S3 kmixer;Směšovač Microsoft Kernel Wave Audio Mixer; C:\WINDOWS\system32\drivers\kmixer.sys [2007-02-17 169472]
S3 Modem;Modem; C:\WINDOWS\system32\drivers\Modem.sys [2007-02-17 31232]
S3 MRxDAV;Přesměrovač klienta WebDav; C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2014-12-19 188928]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\WINDOWS\system32\drivers\MSKSSRV.sys [2007-02-17 7936]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\WINDOWS\system32\drivers\MSPCLOCK.sys [2007-02-17 5760]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\WINDOWS\system32\drivers\MSPQM.sys [2007-02-17 5376]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-02-17 58368]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-09-20 53632]
S3 PDCOMP;PDCOMP; C:\WINDOWS\system32\drivers\PDCOMP.sys []
S3 PDFRAME;PDFRAME; C:\WINDOWS\system32\drivers\PDFRAME.sys []
S3 PDRELI;PDRELI; C:\WINDOWS\system32\drivers\PDRELI.sys []
S3 PDRFRAME;PDRFRAME; C:\WINDOWS\system32\drivers\PDRFRAME.sys []
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2003-03-25 18974]
S3 Secdrv;Secdrv; C:\WINDOWS\system32\DRIVERS\secdrv.sys [2007-11-13 20480]
S3 splitter;Microsoft Kernel Audio Splitter; C:\WINDOWS\system32\drivers\splitter.sys [2007-02-17 7680]
S3 swmidi;Microsoft Kernel GS Wavetable Synthesizer; C:\WINDOWS\system32\drivers\swmidi.sys [2007-02-17 58368]
S3 sysaudio;Microsoft Kernel System Audio Device; C:\WINDOWS\system32\drivers\sysaudio.sys [2007-02-17 60928]
S3 TDPIPE;TDPIPE; C:\WINDOWS\system32\drivers\TDPIPE.sys [2007-02-17 12936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-17 28160]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2007-02-17 24064]
S3 WDICA;WDICA; C:\WINDOWS\system32\drivers\WDICA.sys []
S3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver; C:\WINDOWS\system32\drivers\wdmaud.sys [2007-02-17 83968]
S3 WLBS;Vyrovnávání zatížení sítě; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 177152]
S4 Abiosdsk;Abiosdsk; C:\WINDOWS\system32\drivers\Abiosdsk.sys []
S4 ACPIEC;ACPIEC; C:\WINDOWS\system32\drivers\ACPIEC.sys [2005-03-25 13312]
S4 adpu160m;adpu160m; C:\WINDOWS\system32\drivers\adpu160m.sys []
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 afcnt;afcnt; C:\WINDOWS\system32\drivers\afcnt.sys []
S4 aic78u2;aic78u2; C:\WINDOWS\system32\drivers\aic78u2.sys []
S4 aic78xx;aic78xx; C:\WINDOWS\system32\drivers\aic78xx.sys []
S4 AliIde;AliIde; C:\WINDOWS\system32\drivers\AliIde.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys [2007-02-17 7680]
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys [2007-02-17 43520]
S4 Atdisk;Atdisk; C:\WINDOWS\system32\drivers\Atdisk.sys []
S4 cbidf2k;cbidf2k; C:\WINDOWS\system32\drivers\cbidf2k.sys [2005-03-25 15360]
S4 cd20xrnt;cd20xrnt; C:\WINDOWS\system32\drivers\cd20xrnt.sys []
S4 Cdfs;Cdfs; C:\WINDOWS\system32\drivers\Cdfs.sys [2007-02-17 65536]
S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 69120]
S4 CmdIde;CmdIde; C:\WINDOWS\system32\drivers\CmdIde.sys []
S4 Cpqarray;Cpqarray; C:\WINDOWS\system32\drivers\Cpqarray.sys []
S4 cpqarry2;cpqarry2; C:\WINDOWS\system32\drivers\cpqarry2.sys []
S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []
S4 cpqfcalm;cpqfcalm; C:\WINDOWS\system32\drivers\cpqfcalm.sys []
S4 dac2w2k;dac2w2k; C:\WINDOWS\system32\drivers\dac2w2k.sys []
S4 dac960nt;dac960nt; C:\WINDOWS\system32\drivers\dac960nt.sys []
S4 dellcerc;dellcerc; C:\WINDOWS\system32\drivers\dellcerc.sys []
S4 dmboot;dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [2007-02-17 268800]
S4 dpti2o;dpti2o; C:\WINDOWS\system32\drivers\dpti2o.sys []
S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []
S4 Fastfat;Fastfat; C:\WINDOWS\system32\drivers\Fastfat.sys [2014-09-05 151040]
S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys [2007-02-17 23552]
S4 hpn;hpn; C:\WINDOWS\system32\drivers\hpn.sys []
S4 hpt3xx;hpt3xx; C:\WINDOWS\system32\drivers\hpt3xx.sys []
S4 i2omp;i2omp; C:\WINDOWS\system32\drivers\i2omp.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 ipsraidn;ipsraidn; C:\WINDOWS\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []
S4 mraid35x;mraid35x; C:\WINDOWS\system32\drivers\mraid35x.sys []
S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []
S4 Pcmcia;Pcmcia; C:\WINDOWS\system32\drivers\Pcmcia.sys [2007-02-17 121856]
S4 perc2;perc2; C:\WINDOWS\system32\drivers\perc2.sys []
S4 perc2hib;perc2hib; C:\WINDOWS\system32\drivers\perc2hib.sys []
S4 ql1080;ql1080; C:\WINDOWS\system32\drivers\ql1080.sys []
S4 Ql10wnt;Ql10wnt; C:\WINDOWS\system32\drivers\Ql10wnt.sys []
S4 ql12160;ql12160; C:\WINDOWS\system32\drivers\ql12160.sys []
S4 ql1240;ql1240; C:\WINDOWS\system32\drivers\ql1240.sys []
S4 ql1280;ql1280; C:\WINDOWS\system32\drivers\ql1280.sys []
S4 ql2100;ql2100; C:\WINDOWS\system32\drivers\ql2100.sys []
S4 ql2200;ql2200; C:\WINDOWS\system32\drivers\ql2200.sys []
S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []
S4 Simbad;Simbad; C:\WINDOWS\system32\drivers\Simbad.sys []
S4 sym_hi;sym_hi; C:\WINDOWS\system32\drivers\sym_hi.sys []
S4 sym_u3;sym_u3; C:\WINDOWS\system32\drivers\sym_u3.sys []
S4 symc810;symc810; C:\WINDOWS\system32\drivers\symc810.sys []
S4 symc8xx;symc8xx; C:\WINDOWS\system32\drivers\symc8xx.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []
S4 TosIde;TosIde; C:\WINDOWS\system32\drivers\TosIde.sys []
S4 Udfs;Udfs; C:\WINDOWS\system32\drivers\Udfs.sys [2007-02-17 67584]
S4 ultra;ultra; C:\WINDOWS\system32\drivers\ultra.sys []
S4 ViaIde;ViaIde; C:\WINDOWS\system32\drivers\ViaIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Služba vyhledávání zkušeností aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 AudioSrv;Zvuk systému Windows; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Browser;Prohledávání počítačů; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 CryptSvc;Šifrování; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 DcomLaunch;Spouštěč procesů serveru DCOM; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 Dhcp;Klient DHCP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 dmserver;Správce logických disků; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Dnscache;Klient DNS; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET File Security\ekrn.exe [2017-12-05 1995184]
R2 ERSvc;Zasílání zpráv o chybách; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Eventlog;Protokol událostí; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 EventSystem;Systém událostí COM+; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 helpsvc;Nápověda a odborná pomoc; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 lanmanserver;Server; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 lanmanworkstation;Pracovní stanice; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 LmHosts;Podpora rozhraní NetBIOS nad protokolem TCP/IP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 MSDTC;Koordinátor DTC; C:\WINDOWS\system32\msdtc.exe [2008-07-23 6144]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 PlugPlay;Plug and Play; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 PolicyAgent;Služby IPSEC; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 ProtectedStorage;Chráněné úložiště; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 RemoteRegistry;Vzdálený registr; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 RpcSs;Vzdálené volání procedur (RPC); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SamSs;Správce zabezpečení účtů; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 seclogon;Sekundární přihlašování; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 SENS;Oznamování systémových událostí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SharedAccess;Brána Firewall / Sdílení připojení k Internetu (ICS); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ShellHWDetection;Rozpoznávání hardwaru; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Schedule;Plánovač úloh; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Spooler;Zařazování tisku; C:\WINDOWS\system32\spoolsv.exe [2010-08-17 58880]
R2 TermServLicensing;Správa licencí Terminálového serveru; C:\WINDOWS\system32\lserver.exe [2007-02-17 351744]
R2 TrkWks;Klient služby sledování distribuovaných propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 W32Time;Systémový čas; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 W3SVC;Služba Publikování na webu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 winmgmt;Služba WMI; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 wuauserv;Automatické aktualizace; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WZCSVC;Konfigurace bezdrátových zařízení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 ALG;Služba brány aplikačního rozhraní; C:\WINDOWS\System32\alg.exe [2007-02-17 45056]
R3 HTTPFilter;Služba HTTP SSL; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R3 Netman;Síťová připojení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 Nla;Sledování umístění v síti (NLA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 RasMan;Správce vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 TapiSrv;Telefonní subsystém; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 TermService;Terminálová služba; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Ias;Ias; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S2 Iprip;Iprip; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
S2 SysmonLog;Výstrahy a protokolování výkonu; C:\WINDOWS\system32\smlogsvc.exe [2007-02-17 96768]
S3 AppMgmt;Správa aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 BITS;Služba inteligentního přenosu na pozadí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 COMSysApp;Systémové aplikace modelu COM+; C:\WINDOWS\system32\dllhost.exe [2007-02-17 5632]
S3 Dfs;Systém souborů DFS; C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 164864]
S3 dmadmin;Služba správy pro Správce logických disků; C:\WINDOWS\System32\dmadmin.exe [2007-02-17 235008]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET File Security\ehttpsrv.exe [2017-12-05 43640]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 147624]
S3 MSIServer;Služba Windows Installer; C:\WINDOWS\system32\msiexec.exe [2015-06-26 96256]
S3 Netlogon;Přihlašování k síti; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
S3 NtFrs;Replikace souborů; C:\WINDOWS\system32\ntfrs.exe [2007-02-17 792576]
S3 NtLmSsp;Zprostředkovatel zabezpečení NT LM; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
S3 NtmsSvc;Vyměnitelné úložiště; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 RasAuto;Správce automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 RDSessMgr;Správce relací nápovědy ke vzdálené ploše; C:\WINDOWS\system32\sessmgr.exe [2007-02-17 124928]
S3 RpcLocator;Lokátor vzdáleného volání procedur (RPC); C:\WINDOWS\system32\locator.exe [2005-03-25 71680]
S3 RSoPProv;Poskytovatel výsledné sady zásad; C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 67072]
S3 sacsvr;Pomocník pro práci se speciální konzolou pro správu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 SCardSvr;Smart Card; C:\WINDOWS\System32\SCardSvr.exe [2007-02-17 92160]
S3 swprv;Microsoft Software Shadow Copy Provider; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2007-02-17 39424]
S3 UPS;Nepřerušitelný zdroj napájení (UPS); C:\WINDOWS\System32\ups.exe [2005-03-25 16896]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-17 353280]
S3 VSS;Stínová kopie svazku; C:\WINDOWS\System32\vssvc.exe [2007-02-17 837632]
S3 WinHttpAutoProxySvc;Služba WinHTTP WPAD; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 Wmi;Rozšíření ovladače WMI; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 WmiApSrv;Adaptér výkonu služby WMI; C:\WINDOWS\system32\wbem\wmiapsrv.exe [2007-02-17 127488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 xmlprov;Služba pro síťová ustanovení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 Alerter;Výstrahy; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 CiSvc;Indexing Service; C:\WINDOWS\system32\cisvc.exe [2007-02-17 6656]
S4 ClipSrv;Síťová schránka; C:\WINDOWS\system32\clipsrv.exe [2005-03-25 32256]
S4 HidServ;Přístup k zařízením standardu HID; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 ImapiService;Služba modelu COM pro zápis na disk CD (IMAPI); C:\WINDOWS\system32\imapi.exe [2007-02-17 157184]
S4 IsmServ;Mezisíťové zasílání zpráv; C:\WINDOWS\System32\ismserv.exe [2007-02-17 40448]
S4 kdc;Centrum distribuce klíčů modulu Kerberos; C:\WINDOWS\System32\lsass.exe [2005-03-25 16384]
S4 LicenseService;Protokolování licence; C:\WINDOWS\System32\llssrv.exe [2007-02-17 94720]
S4 Messenger;Kurýrní služba; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 mnmsrvc;NetMeeting - Vzdálené sdílení plochy; C:\WINDOWS\system32\mnmsrvc.exe [2007-02-17 32768]
S4 NetDDE;Služba DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetDDEdsdm;Správce DSDM služby DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RemoteAccess;Směrování a vzdálený přístup; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 stisvc;Načítání obrázků (WIA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Themes;Motivy; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 TrkSvr;Server sledování distribuovaného propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-02-17 71168]
S4 WebClient;Webový klient; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 13 úno 2018 13:08

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

CoinMinery na PC umísťují sami "těžaři".

Berger · #3 Příspěvek od **Berger** » 13 úno 2018 15:15

Bohužel AdwCleaner 7.0.8.0 nelze na Windows Server 2003 spustit, při pokusu o spuštěni to zahlásí, že nejde o platnou aplikaci Win32.
Bud se tomu nelíbí OS nebo procesor, ale je tam Intel Core2 Duo E7400 což je pravda deset let starý CPU, ale není to až takový pravěk.

#4 Příspěvek od **Rudy** » 13 úno 2018 15:17

Zkuste některou starší verzi: https://adwcleaner.en.uptodown.com/windows/old . Zkusil bych pětkovou.

Berger · #5 Příspěvek od **Berger** » 13 úno 2018 15:33

Pustil jsme poslední pětkovou verzi

Kód: Vybrat vše

# AdwCleaner v5.009 - Logfile created 13/02/2018 at 15:22:31
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Local]
# Operating system : Microsoft Windows Server 2003 Service Pack 2 (x86)
# Username : SPRAVCE - SERVER
# Running from : C:\Documents and Settings\SPRAVCE\Dokumenty\Stažené soubory\adwcleaner-5-009-multi-win.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\eSupport.com
Folder Found : C:\WINDOWS\system32\NetMon

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [923 bytes] ##########

#6 Příspěvek od **Rudy** » 13 úno 2018 16:02

V ADW ještě klikněte na mazání, restartujte a dejte nový log RSIT.

Berger · #7 Příspěvek od **Berger** » 13 úno 2018 18:06

Musel jsem počkat až se přestane používat databaze běžící na serveru , spustil AdwCleaner v5.009 po scan dal Clean , restartovalo to server, co se dělo po čas restartu netuším, dělám to vzdáleně, po najeti spustil RSIT a log viz níže.
První čeho jsme si všiml, je fakt že smss.exe se teď spoušti od jinud než předtím, ale smss.exe jsme již podezříval dříve a nechl ho prověřit https://www.virustotal.com/#/file/2b731 ... /detection a tvrdi, že je OK

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by SPRAVCE at 2018-02-13 12:43:45
Microsoft(R) Windows(R) Server 2003, Standard Edition Service Pack 2
System drive C: has 204 GB (85%) free of 238 GB
Total RAM: 3965 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:52, on 13.2.2018
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.23707)
Boot mode: Normal

Running processes:
C:\Documents and Settings\SPRAVCE\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET File Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\cmd.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\ESET\ESET File Security\egui.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
c:\Temp2\RSIT.exe
C:\Program Files\trend micro\SPRAVCE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3500746537-2576807321-775964137-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'lwww')
O4 - HKUS\S-1-5-21-3500746537-2576807321-775964137-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'chlum')
O4 - HKUS\S-1-5-21-3500746537-2576807321-775964137-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'panelaky')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\spravce\windows\system32\mswsock.dll' missing
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://*.1.im.cz
O15 - ESC Trusted Zone: http://onecare.live.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.mysql.com
O15 - ESC Trusted Zone: http://www.seznam.cz
O15 - ESC Trusted Zone: http://search.sklik.cz
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://127.0.0.1
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283756918796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1392253363656
O17 - HKLM\System\CCS\Services\Tcpip\..\{22FA61C4-B77A-47D8-B9D8-0A27C19CC4A1}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7306DB75-7E41-4E05-B78E-4A03C5B80042}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC9B5424-F2E4-43AA-92A4-40CBCB017789}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Documents and Settings\SPRAVCE\WINDOWS\system32\browseui.dll (file missing)
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Documents and Settings\SPRAVCE\WINDOWS\system32\browseui.dll (file missing)
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET File Security\ehttpsrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET File Security\ekrn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7135 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\záloha dat.job - C:\WINDOWS\system32\ntbackup.exe  backup "@C:\Documents and Settings\SPRAVCE\Local Settings\Data aplikací\Microsoft\Windows NT\NTBackup\data\090315 - konfigurace obsahu záloh.bks" /a /d "Sada vytvořena 9.3.2015 v 13:59" /v:no /r:no /rs:no /hc:off /m normal /j "záloha dat" /l:s /f "D:\DATA\JILKOVA\! ZÁLOHA SERVER !\Backup.bkf" 

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\SPRAVCE\Data aplikací\Mozilla\Firefox\Profiles\yyvoi4s0.default

prefs.js - "browser.startup.homepage" -  "http://www.google.com/"
prefs.js - "extensions.enabledItems" -  "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


C:\Program Files\Mozilla Firefox\components\
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Documents and Settings\SPRAVCE\Data aplikací\Mozilla\Firefox\Profiles\yyvoi4s0.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"C-Media Mixer"=Mixer.exe /startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVXMRSYNC_TM]
c:\windows\temp\smss.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
C:\WINDOWS\system32\crypt32.dll [2015-06-26 603648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
C:\WINDOWS\system32\cryptnet.dll [2007-02-17 62464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
C:\WINDOWS\system32\cscdll.dll [2007-02-17 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
C:\WINDOWS\system32\dimsntfy.dll [2007-02-17 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
C:\WINDOWS\system32\sclgntfy.dll [2005-03-25 21504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
C:\WINDOWS\system32\WlNotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll [2015-02-19 8367104]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll [2015-02-19 8367104]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll [2015-06-16 236544]
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll [2007-02-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll [2009-06-26 1033216]
Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll [2009-06-26 1033216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2015-02-19 8367104]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=RASSFM
KDCSVC
WDIGEST
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ias]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpcdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpwd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdpipe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdtcp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\termservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ShowSuperHidden"=1
"HonorAutoRunSetting"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\wincmd\WINCMD32.EXE"="C:\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"E:\WD Discovery Software\WD Discovery.exe"="E:\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe"="C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"C:\Documents and Settings\SPRAVCE\Local Settings\Temp\TeamViewer\Version8\TeamViewer.exe"="C:\Documents and Settings\SPRAVCE\Local Settings\Temp\TeamViewer\Version8\TeamViewer.exe:*:Enabled:TeamViewer 8"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.I420"=msh263.drv
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2018-02-13 12:43:45 ----D---- C:\rsit
2018-02-13 12:43:45 ----D---- C:\Program Files\trend micro
2018-02-10 16:47:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2018-02-10 16:47:56 ----D---- C:\Program Files\ESET
2018-02-08 12:08:08 ----A---- C:\WINDOWS\system32\ZLhp1020.DLL

======List of files/folders modified in the last 1 month======

2018-02-13 12:43:47 ----D---- C:\WINDOWS\Temp
2018-02-13 12:43:45 ----RD---- C:\Program Files
2018-02-13 12:43:38 ----D---- C:\WINDOWS\system32\CatRoot2
2018-02-13 12:43:33 ----D---- C:\TEMP
2018-02-13 12:43:06 ----D---- C:\Temp2
2018-02-13 12:39:13 ----D---- C:\LWWW
2018-02-13 11:39:04 ----SHD---- C:\RECYCLER
2018-02-12 20:10:10 ----SHD---- C:\System Volume Information
2018-02-12 20:00:08 ----D---- C:\WINDOWS\system32\inetsrv
2018-02-11 17:29:45 ----D---- C:\WINDOWS
2018-02-11 17:26:16 ----AD---- C:\WINDOWS\system32
2018-02-11 17:26:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-11 17:21:55 ----D---- C:\WINDOWS\system32\LServer
2018-02-10 17:24:08 ----D---- C:\WINDOWS\system32\drivers
2018-02-10 17:00:00 ----SHD---- C:\WINDOWS\Installer
2018-02-10 16:59:46 ----SHD---- C:\Config.Msi
2018-02-10 16:59:27 ----D---- C:\WINDOWS\inf
2018-02-10 00:41:49 ----D---- C:\ClavZal

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\WINDOWS\system32\DRIVERS\ACPI.sys [2007-02-17 194560]
R0 atapi;Standardní řadič disku IDE či ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2007-02-17 96768]
R0 Compbatt;Microsoft Composite Battery Driver; C:\WINDOWS\system32\DRIVERS\compbatt.sys [2007-02-17 10624]
R0 crcdisk;Ovladač filtru disku CRC; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 17920]
R0 DfsDriver;DfsDriver; C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-17 34816]
R0 Disk;Ovladač disku; C:\WINDOWS\system32\DRIVERS\disk.sys [2007-02-17 39936]
R0 dmio;Ovladač správce logických disků; C:\WINDOWS\System32\drivers\dmio.sys [2007-02-17 151552]
R0 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2005-03-25 7680]
R0 FltMgr;FltMgr; C:\WINDOWS\system32\drivers\fltmgr.sys [2013-01-07 132096]
R0 Ftdisk;Ovladač správce svazků; C:\WINDOWS\system32\DRIVERS\ftdisk.sys [2007-02-17 137216]
R0 isapnp;Řadič Plug and Play sběrnice ISA/EISA; C:\WINDOWS\system32\DRIVERS\isapnp.sys [2007-02-17 38912]
R0 KSecDD;KSecDD; C:\WINDOWS\system32\drivers\KSecDD.sys [2015-06-27 136192]
R0 MountMgr;Správce přípojných bodů; C:\WINDOWS\system32\drivers\MountMgr.sys [2007-02-17 46592]
R0 Mup;Služba Multiple UNC Provider; C:\WINDOWS\system32\drivers\Mup.sys [2011-04-12 103424]
R0 NDIS;Systémový ovladač NDIS; C:\WINDOWS\system32\drivers\NDIS.sys [2007-02-17 210432]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2007-02-17 61312]
R0 PartMgr;Správce oddílů; C:\WINDOWS\system32\drivers\PartMgr.sys [2007-02-17 25088]
R0 PCI;Řadič sběrnice PCI; C:\WINDOWS\system32\DRIVERS\pci.sys [2007-02-17 75264]
R0 PCIIde;PCIIde; C:\WINDOWS\system32\DRIVERS\pciide.sys [2005-03-25 5632]
R0 VolSnap;Paměťové svazky; C:\WINDOWS\system32\DRIVERS\volsnap.sys [2012-08-22 153600]
R1 AFD;AFD; C:\WINDOWS\System32\drivers\afd.sys [2014-05-30 150528]
R1 Beep;Beep; C:\WINDOWS\system32\drivers\Beep.sys [2005-03-25 6144]
R1 CV2K1;CommView Network Monitor; C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2017-04-26 9906]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2017-12-05 215328]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2017-12-05 160736]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2017-12-05 60992]
R1 Fips;Fips; C:\WINDOWS\system32\drivers\Fips.sys [2007-02-17 45568]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\system32\DRIVERS\i8042prt.sys [2007-02-17 55296]
R1 IPSec;Ovladač IPSEC; C:\WINDOWS\system32\DRIVERS\ipsec.sys [2007-02-17 82432]
R1 Kbdclass;Ovladač třídy klávesnic; C:\WINDOWS\system32\DRIVERS\kbdclass.sys [2007-02-17 25600]
R1 mnmdd;mnmdd; C:\WINDOWS\system32\drivers\mnmdd.sys [2005-03-25 6144]
R1 Mouclass;Ovladač třídy myší; C:\WINDOWS\system32\DRIVERS\mouclass.sys [2005-03-25 23040]
R1 MRxSmb;MRXSMB; C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2011-07-06 439296]
R1 Msfs;Msfs; C:\WINDOWS\system32\drivers\Msfs.sys [2007-02-17 21504]
R1 NetBIOS;Rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\netbios.sys [2007-02-17 34816]
R1 NetBT;Rozhraní NetBios nad protokolem TCP/IP; C:\WINDOWS\system32\DRIVERS\netbt.sys [2007-02-17 180224]
R1 Npfs;Npfs; C:\WINDOWS\system32\drivers\Npfs.sys [2007-02-17 32256]
R1 Null;Null; C:\WINDOWS\system32\drivers\Null.sys [2005-03-25 4608]
R1 RasAcd;Ovladač automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\DRIVERS\rasacd.sys [2005-03-25 10752]
R1 Rdbss;Rdbss; C:\WINDOWS\system32\DRIVERS\rdbss.sys [2010-02-24 177664]
R1 RDPCDD;RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [2005-03-25 6144]
R1 Serial;Ovladač sériového portu; C:\WINDOWS\system32\DRIVERS\serial.sys [2007-02-17 65536]
R1 Tcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\DRIVERS\tcpip.sys [2014-09-15 400896]
R1 TermDD;Ovladač terminálového zařízení; C:\WINDOWS\system32\DRIVERS\termdd.sys [2007-02-17 41608]
R1 ts_lb;ts_lb; C:\WINDOWS\system32\drivers\ts_lb.sys [2012-10-06 25704]
R1 VgaSave;Grafický řadič VGA; C:\WINDOWS\System32\drivers\vga.sys [2007-02-17 23552]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2007-02-17 11264]
R2 Parvdm;Parvdm; C:\WINDOWS\system32\DRIVERS\parvdm.sys [2005-03-25 8704]
R3 audstub;Prázdný zvukový ovladač; C:\WINDOWS\system32\DRIVERS\audstub.sys [2003-03-25 5120]
R3 Gpc;Obecné třídění paketů; C:\WINDOWS\system32\DRIVERS\msgpc.sys [2007-02-17 39424]
R3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2007-02-17 21504]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-03-25 11776]
R3 HTTP;Služba HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [2010-04-19 294400]
R3 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-02-17 40448]
R3 IpNat;IP Network Address Translator; C:\WINDOWS\system32\DRIVERS\ipnat.sys [2007-02-17 119296]
R3 mssmbios;Ovladač Microsoft System Management BIOS; C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2007-02-17 19968]
R3 NdisTapi;Ovladač Remote Access NDIS TAPI; C:\WINDOWS\system32\DRIVERS\ndistapi.sys [2011-07-08 12288]
R3 Ndisuio;Protokol NDIS uživatelského režimu V/V; C:\WINDOWS\system32\DRIVERS\ndisuio.sys [2007-02-17 16384]
R3 NdisWan;Ovladač Remote Access NDIS WAN; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [2007-02-17 89600]
R3 NDProxy;Služba NDIS Proxy; C:\WINDOWS\system32\drivers\NDProxy.sys [2013-11-27 40960]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-09-20 22016]
R3 Parport;Ovladač paralelního portu; C:\WINDOWS\system32\DRIVERS\parport.sys [2007-02-17 81408]
R3 PptpMiniport;Připojení WAN Miniport (PPTP); C:\WINDOWS\system32\DRIVERS\raspptp.sys [2007-02-17 59904]
R3 Ptilink;Direct Parallel Link Driver; C:\WINDOWS\system32\DRIVERS\ptilink.sys [2007-02-17 20480]
R3 Rasl2tp;WAN Miniport (L2TP); C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [2007-02-17 65536]
R3 RasPppoe;Ovladač pro vzdálený přístup PPPOE; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2007-02-17 40960]
R3 Raspti;Přímé propojení paralelním kabelem; C:\WINDOWS\system32\DRIVERS\raspti.sys [2007-02-17 19968]
R3 rdpdr;Ovladač přesměrovače zařízení terminálového serveru; C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2007-02-17 200192]
R3 RDPWD;RDPWD; C:\WINDOWS\system32\drivers\RDPWD.sys [2012-05-02 152200]
R3 RTL8169;Ovladač Realtek RTL8169 Gigabit Ethernet Adapter NT; C:\WINDOWS\system32\DRIVERS\RT8169xp.sys [2003-03-25 28544]
R3 serenum;Ovladač filtru Serenum; C:\WINDOWS\system32\DRIVERS\serenum.sys [2007-02-17 17920]
R3 Srv;Srv; C:\WINDOWS\system32\DRIVERS\srv.sys [2011-02-17 381952]
R3 swenum;Softwarový ovladač sběrnice; C:\WINDOWS\system32\DRIVERS\swenum.sys [2007-02-17 4736]
R3 TDTCP;TDTCP; C:\WINDOWS\system32\drivers\TDTCP.sys [2007-02-17 24200]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft; C:\WINDOWS\system32\DRIVERS\tscomm.sys [2013-07-23 43208]
R3 Update;Ovladač aktualizace mikrokódu; C:\WINDOWS\system32\DRIVERS\update.sys [2007-05-28 365056]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2013-07-20 30720]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-17 60416]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2013-07-20 17664]
R3 Wanarp;Ovladač Remote Access IP ARP; C:\WINDOWS\system32\DRIVERS\wanarp.sys [2007-02-17 36352]
R4 Ntfs;Ntfs; C:\WINDOWS\system32\drivers\Ntfs.sys [2007-02-17 589824]
S1 Cdrom;Ovladač jednotky CD-ROM; C:\WINDOWS\system32\DRIVERS\cdrom.sys [2007-02-17 52224]
S1 Changer;Changer; C:\WINDOWS\system32\drivers\Changer.sys []
S1 i2omgmt;i2omgmt; C:\WINDOWS\system32\drivers\i2omgmt.sys []
S1 imapi;CD-Burning Filter Driver; C:\WINDOWS\system32\DRIVERS\imapi.sys [2007-02-17 43520]
S1 redbook;Digital CD Audio Playback Filter Driver; C:\WINDOWS\system32\DRIVERS\redbook.sys [2007-02-17 61952]
S1 Sfloppy;Sfloppy; C:\WINDOWS\system32\drivers\Sfloppy.sys [2005-03-25 12288]
S3 aec;Microsoft Kernel Acoustic Echo Canceller; C:\WINDOWS\system32\drivers\aec.sys [2007-02-17 140288]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-02-17 61952]
S3 AsyncMac;Ovladač asynchronních médií připojení RAS; C:\WINDOWS\system32\DRIVERS\asyncmac.sys [2005-03-25 16384]
S3 Atmarpc;Protokol ATM ARP Client; C:\WINDOWS\system32\DRIVERS\atmarpc.sys [2007-02-17 59392]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
S3 DMusic;Syntezátor Microsoft Kernel DLS; C:\WINDOWS\system32\drivers\DMusic.sys [2007-02-17 54784]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\WINDOWS\system32\drivers\drmkaud.sys [2003-03-25 5632]
S3 Fdc;Ovladač řadiče disketové jednotky; C:\WINDOWS\system32\DRIVERS\fdc.sys [2007-02-17 24576]
S3 Flpydisk;Ovladač disketové jednotky; C:\WINDOWS\system32\DRIVERS\flpydisk.sys [2005-03-25 18432]
S3 gameenum;Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\gameenum.sys [2003-03-25 10112]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-07-08 144384]
S3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2010-11-23 26752]
S3 Ip6Fw;Ovladač IPv6 brány firewall systému Windows; C:\WINDOWS\system32\drivers\ip6fw.sys [2007-02-17 36352]
S3 IpFilterDriver;IP Traffic Filter Driver; C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [2007-02-17 32768]
S3 IpInIp;IP in IP Tunnel Driver; C:\WINDOWS\system32\DRIVERS\ipinip.sys []
S3 IRENUM;Služba čítače výčtu IR; C:\WINDOWS\system32\DRIVERS\irenum.sys [2007-02-17 12800]
S3 kmixer;Směšovač Microsoft Kernel Wave Audio Mixer; C:\WINDOWS\system32\drivers\kmixer.sys [2007-02-17 169472]
S3 Modem;Modem; C:\WINDOWS\system32\drivers\Modem.sys [2007-02-17 31232]
S3 MRxDAV;Přesměrovač klienta WebDav; C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2014-12-19 188928]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\WINDOWS\system32\drivers\MSKSSRV.sys [2007-02-17 7936]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\WINDOWS\system32\drivers\MSPCLOCK.sys [2007-02-17 5760]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\WINDOWS\system32\drivers\MSPQM.sys [2007-02-17 5376]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-02-17 58368]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-09-20 53632]
S3 PDCOMP;PDCOMP; C:\WINDOWS\system32\drivers\PDCOMP.sys []
S3 PDFRAME;PDFRAME; C:\WINDOWS\system32\drivers\PDFRAME.sys []
S3 PDRELI;PDRELI; C:\WINDOWS\system32\drivers\PDRELI.sys []
S3 PDRFRAME;PDRFRAME; C:\WINDOWS\system32\drivers\PDRFRAME.sys []
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2003-03-25 18974]
S3 Secdrv;Secdrv; C:\WINDOWS\system32\DRIVERS\secdrv.sys [2007-11-13 20480]
S3 splitter;Microsoft Kernel Audio Splitter; C:\WINDOWS\system32\drivers\splitter.sys [2007-02-17 7680]
S3 swmidi;Microsoft Kernel GS Wavetable Synthesizer; C:\WINDOWS\system32\drivers\swmidi.sys [2007-02-17 58368]
S3 sysaudio;Microsoft Kernel System Audio Device; C:\WINDOWS\system32\drivers\sysaudio.sys [2007-02-17 60928]
S3 TDPIPE;TDPIPE; C:\WINDOWS\system32\drivers\TDPIPE.sys [2007-02-17 12936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-17 28160]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2007-02-17 24064]
S3 WDICA;WDICA; C:\WINDOWS\system32\drivers\WDICA.sys []
S3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver; C:\WINDOWS\system32\drivers\wdmaud.sys [2007-02-17 83968]
S3 WLBS;Vyrovnávání zatížení sítě; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 177152]
S4 Abiosdsk;Abiosdsk; C:\WINDOWS\system32\drivers\Abiosdsk.sys []
S4 ACPIEC;ACPIEC; C:\WINDOWS\system32\drivers\ACPIEC.sys [2005-03-25 13312]
S4 adpu160m;adpu160m; C:\WINDOWS\system32\drivers\adpu160m.sys []
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 afcnt;afcnt; C:\WINDOWS\system32\drivers\afcnt.sys []
S4 aic78u2;aic78u2; C:\WINDOWS\system32\drivers\aic78u2.sys []
S4 aic78xx;aic78xx; C:\WINDOWS\system32\drivers\aic78xx.sys []
S4 AliIde;AliIde; C:\WINDOWS\system32\drivers\AliIde.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys [2007-02-17 7680]
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys [2007-02-17 43520]
S4 Atdisk;Atdisk; C:\WINDOWS\system32\drivers\Atdisk.sys []
S4 cbidf2k;cbidf2k; C:\WINDOWS\system32\drivers\cbidf2k.sys [2005-03-25 15360]
S4 cd20xrnt;cd20xrnt; C:\WINDOWS\system32\drivers\cd20xrnt.sys []
S4 Cdfs;Cdfs; C:\WINDOWS\system32\drivers\Cdfs.sys [2007-02-17 65536]
S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 69120]
S4 CmdIde;CmdIde; C:\WINDOWS\system32\drivers\CmdIde.sys []
S4 Cpqarray;Cpqarray; C:\WINDOWS\system32\drivers\Cpqarray.sys []
S4 cpqarry2;cpqarry2; C:\WINDOWS\system32\drivers\cpqarry2.sys []
S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []
S4 cpqfcalm;cpqfcalm; C:\WINDOWS\system32\drivers\cpqfcalm.sys []
S4 dac2w2k;dac2w2k; C:\WINDOWS\system32\drivers\dac2w2k.sys []
S4 dac960nt;dac960nt; C:\WINDOWS\system32\drivers\dac960nt.sys []
S4 dellcerc;dellcerc; C:\WINDOWS\system32\drivers\dellcerc.sys []
S4 dmboot;dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [2007-02-17 268800]
S4 dpti2o;dpti2o; C:\WINDOWS\system32\drivers\dpti2o.sys []
S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []
S4 Fastfat;Fastfat; C:\WINDOWS\system32\drivers\Fastfat.sys [2014-09-05 151040]
S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys [2007-02-17 23552]
S4 hpn;hpn; C:\WINDOWS\system32\drivers\hpn.sys []
S4 hpt3xx;hpt3xx; C:\WINDOWS\system32\drivers\hpt3xx.sys []
S4 i2omp;i2omp; C:\WINDOWS\system32\drivers\i2omp.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 ipsraidn;ipsraidn; C:\WINDOWS\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []
S4 mraid35x;mraid35x; C:\WINDOWS\system32\drivers\mraid35x.sys []
S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []
S4 Pcmcia;Pcmcia; C:\WINDOWS\system32\drivers\Pcmcia.sys [2007-02-17 121856]
S4 perc2;perc2; C:\WINDOWS\system32\drivers\perc2.sys []
S4 perc2hib;perc2hib; C:\WINDOWS\system32\drivers\perc2hib.sys []
S4 ql1080;ql1080; C:\WINDOWS\system32\drivers\ql1080.sys []
S4 Ql10wnt;Ql10wnt; C:\WINDOWS\system32\drivers\Ql10wnt.sys []
S4 ql12160;ql12160; C:\WINDOWS\system32\drivers\ql12160.sys []
S4 ql1240;ql1240; C:\WINDOWS\system32\drivers\ql1240.sys []
S4 ql1280;ql1280; C:\WINDOWS\system32\drivers\ql1280.sys []
S4 ql2100;ql2100; C:\WINDOWS\system32\drivers\ql2100.sys []
S4 ql2200;ql2200; C:\WINDOWS\system32\drivers\ql2200.sys []
S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []
S4 Simbad;Simbad; C:\WINDOWS\system32\drivers\Simbad.sys []
S4 sym_hi;sym_hi; C:\WINDOWS\system32\drivers\sym_hi.sys []
S4 sym_u3;sym_u3; C:\WINDOWS\system32\drivers\sym_u3.sys []
S4 symc810;symc810; C:\WINDOWS\system32\drivers\symc810.sys []
S4 symc8xx;symc8xx; C:\WINDOWS\system32\drivers\symc8xx.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []
S4 TosIde;TosIde; C:\WINDOWS\system32\drivers\TosIde.sys []
S4 Udfs;Udfs; C:\WINDOWS\system32\drivers\Udfs.sys [2007-02-17 67584]
S4 ultra;ultra; C:\WINDOWS\system32\drivers\ultra.sys []
S4 ViaIde;ViaIde; C:\WINDOWS\system32\drivers\ViaIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Služba vyhledávání zkušeností aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 AudioSrv;Zvuk systému Windows; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Browser;Prohledávání počítačů; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 CryptSvc;Šifrování; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 DcomLaunch;Spouštěč procesů serveru DCOM; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 Dhcp;Klient DHCP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 dmserver;Správce logických disků; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Dnscache;Klient DNS; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET File Security\ekrn.exe [2017-12-05 1995184]
R2 ERSvc;Zasílání zpráv o chybách; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Eventlog;Protokol událostí; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 EventSystem;Systém událostí COM+; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 helpsvc;Nápověda a odborná pomoc; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 lanmanserver;Server; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 lanmanworkstation;Pracovní stanice; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 LmHosts;Podpora rozhraní NetBIOS nad protokolem TCP/IP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 MSDTC;Koordinátor DTC; C:\WINDOWS\system32\msdtc.exe [2008-07-23 6144]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 PlugPlay;Plug and Play; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 PolicyAgent;Služby IPSEC; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 ProtectedStorage;Chráněné úložiště; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 RemoteRegistry;Vzdálený registr; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 RpcSs;Vzdálené volání procedur (RPC); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SamSs;Správce zabezpečení účtů; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 seclogon;Sekundární přihlašování; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 SENS;Oznamování systémových událostí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SharedAccess;Brána Firewall / Sdílení připojení k Internetu (ICS); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ShellHWDetection;Rozpoznávání hardwaru; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Schedule;Plánovač úloh; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Spooler;Zařazování tisku; C:\WINDOWS\system32\spoolsv.exe [2010-08-17 58880]
R2 TermServLicensing;Správa licencí Terminálového serveru; C:\WINDOWS\system32\lserver.exe [2007-02-17 351744]
R2 TrkWks;Klient služby sledování distribuovaných propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 W32Time;Systémový čas; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 W3SVC;Služba Publikování na webu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 winmgmt;Služba WMI; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 wuauserv;Automatické aktualizace; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WZCSVC;Konfigurace bezdrátových zařízení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 ALG;Služba brány aplikačního rozhraní; C:\WINDOWS\System32\alg.exe [2007-02-17 45056]
R3 HTTPFilter;Služba HTTP SSL; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R3 Netman;Síťová připojení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 Nla;Sledování umístění v síti (NLA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 RasMan;Správce vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 TapiSrv;Telefonní subsystém; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 TermService;Terminálová služba; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Ias;Ias; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S2 Iprip;Iprip; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
S2 SysmonLog;Výstrahy a protokolování výkonu; C:\WINDOWS\system32\smlogsvc.exe [2007-02-17 96768]
S3 AppMgmt;Správa aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 BITS;Služba inteligentního přenosu na pozadí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 COMSysApp;Systémové aplikace modelu COM+; C:\WINDOWS\system32\dllhost.exe [2007-02-17 5632]
S3 Dfs;Systém souborů DFS; C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 164864]
S3 dmadmin;Služba správy pro Správce logických disků; C:\WINDOWS\System32\dmadmin.exe [2007-02-17 235008]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET File Security\ehttpsrv.exe [2017-12-05 43640]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 147624]
S3 MSIServer;Služba Windows Installer; C:\WINDOWS\system32\msiexec.exe [2015-06-26 96256]
S3 Netlogon;Přihlašování k síti; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
S3 NtFrs;Replikace souborů; C:\WINDOWS\system32\ntfrs.exe [2007-02-17 792576]
S3 NtLmSsp;Zprostředkovatel zabezpečení NT LM; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
S3 NtmsSvc;Vyměnitelné úložiště; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 RasAuto;Správce automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 RDSessMgr;Správce relací nápovědy ke vzdálené ploše; C:\WINDOWS\system32\sessmgr.exe [2007-02-17 124928]
S3 RpcLocator;Lokátor vzdáleného volání procedur (RPC); C:\WINDOWS\system32\locator.exe [2005-03-25 71680]
S3 RSoPProv;Poskytovatel výsledné sady zásad; C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 67072]
S3 sacsvr;Pomocník pro práci se speciální konzolou pro správu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 SCardSvr;Smart Card; C:\WINDOWS\System32\SCardSvr.exe [2007-02-17 92160]
S3 swprv;Microsoft Software Shadow Copy Provider; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2007-02-17 39424]
S3 UPS;Nepřerušitelný zdroj napájení (UPS); C:\WINDOWS\System32\ups.exe [2005-03-25 16896]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-17 353280]
S3 VSS;Stínová kopie svazku; C:\WINDOWS\System32\vssvc.exe [2007-02-17 837632]
S3 WinHttpAutoProxySvc;Služba WinHTTP WPAD; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 Wmi;Rozšíření ovladače WMI; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 WmiApSrv;Adaptér výkonu služby WMI; C:\WINDOWS\system32\wbem\wmiapsrv.exe [2007-02-17 127488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 xmlprov;Služba pro síťová ustanovení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 Alerter;Výstrahy; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 CiSvc;Indexing Service; C:\WINDOWS\system32\cisvc.exe [2007-02-17 6656]
S4 ClipSrv;Síťová schránka; C:\WINDOWS\system32\clipsrv.exe [2005-03-25 32256]
S4 HidServ;Přístup k zařízením standardu HID; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 ImapiService;Služba modelu COM pro zápis na disk CD (IMAPI); C:\WINDOWS\system32\imapi.exe [2007-02-17 157184]
S4 IsmServ;Mezisíťové zasílání zpráv; C:\WINDOWS\System32\ismserv.exe [2007-02-17 40448]
S4 kdc;Centrum distribuce klíčů modulu Kerberos; C:\WINDOWS\System32\lsass.exe [2005-03-25 16384]
S4 LicenseService;Protokolování licence; C:\WINDOWS\System32\llssrv.exe [2007-02-17 94720]
S4 Messenger;Kurýrní služba; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 mnmsrvc;NetMeeting - Vzdálené sdílení plochy; C:\WINDOWS\system32\mnmsrvc.exe [2007-02-17 32768]
S4 NetDDE;Služba DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetDDEdsdm;Správce DSDM služby DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RemoteAccess;Směrování a vzdálený přístup; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 stisvc;Načítání obrázků (WIA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Themes;Motivy; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 TrkSvr;Server sledování distribuovaného propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-02-17 71168]
S4 WebClient;Webový klient; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

-----------------EOF-----------------

#8 Příspěvek od **Rudy** » 13 úno 2018 19:04

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
c:\windows\temp\smss.exe

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVXMRSYNC_TM]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Berger · #9 Příspěvek od **Berger** » 13 úno 2018 23:25

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by SPRAVCE at 2018-02-13 23:16:41
Microsoft(R) Windows(R) Server 2003, Standard Edition Service Pack 2
System drive C: has 205 GB (86%) free of 238 GB
Total RAM: 3965 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:16:44, on 13.2.2018
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.23707)
Boot mode: Normal

Running processes:
C:\Documents and Settings\SPRAVCE\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET File Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\ESET\ESET File Security\egui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\Temp2\RSIT.exe
C:\Program Files\trend micro\SPRAVCE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3500746537-2576807321-775964137-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'lwww')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\spravce\windows\system32\mswsock.dll' missing
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://*.1.im.cz
O15 - ESC Trusted Zone: http://onecare.live.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.mysql.com
O15 - ESC Trusted Zone: http://ad.seznam.cz
O15 - ESC Trusted Zone: http://www.seznam.cz
O15 - ESC Trusted Zone: http://search.sklik.cz
O15 - ESC Trusted Zone: http://www.vkta.cz
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://127.0.0.1
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283756918796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1392253363656
O17 - HKLM\System\CCS\Services\Tcpip\..\{22FA61C4-B77A-47D8-B9D8-0A27C19CC4A1}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7306DB75-7E41-4E05-B78E-4A03C5B80042}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC9B5424-F2E4-43AA-92A4-40CBCB017789}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Documents and Settings\SPRAVCE\WINDOWS\system32\browseui.dll (file missing)
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Documents and Settings\SPRAVCE\WINDOWS\system32\browseui.dll (file missing)
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET File Security\ehttpsrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET File Security\ekrn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6765 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\záloha dat.job - C:\WINDOWS\system32\ntbackup.exe  backup "@C:\Documents and Settings\SPRAVCE\Local Settings\Data aplikací\Microsoft\Windows NT\NTBackup\data\090315 - konfigurace obsahu záloh.bks" /a /d "Sada vytvořena 9.3.2015 v 13:59" /v:no /r:no /rs:no /hc:off /m normal /j "záloha dat" /l:s /f "D:\DATA\JILKOVA\! ZÁLOHA SERVER !\Backup.bkf" 

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\SPRAVCE\Data aplikací\Mozilla\Firefox\Profiles\yyvoi4s0.default

prefs.js - "browser.startup.homepage" -  "http://www.google.com/"
prefs.js - "extensions.enabledItems" -  "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


C:\Program Files\Mozilla Firefox\components\
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Documents and Settings\SPRAVCE\Data aplikací\Mozilla\Firefox\Profiles\yyvoi4s0.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"C-Media Mixer"=Mixer.exe /startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
C:\WINDOWS\system32\crypt32.dll [2015-06-26 603648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
C:\WINDOWS\system32\cryptnet.dll [2007-02-17 62464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
C:\WINDOWS\system32\cscdll.dll [2007-02-17 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
C:\WINDOWS\system32\dimsntfy.dll [2007-02-17 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
C:\WINDOWS\system32\sclgntfy.dll [2005-03-25 21504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
C:\WINDOWS\system32\WlNotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll [2015-02-19 8367104]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll [2015-02-19 8367104]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll [2015-06-16 236544]
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll [2007-02-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll [2009-06-26 1033216]
Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll [2009-06-26 1033216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2015-02-19 8367104]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=RASSFM
KDCSVC
WDIGEST
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ias]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpcdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpwd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdpipe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdtcp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\termservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ShowSuperHidden"=1
"HonorAutoRunSetting"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\wincmd\WINCMD32.EXE"="C:\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"E:\WD Discovery Software\WD Discovery.exe"="E:\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe"="C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"C:\Documents and Settings\SPRAVCE\Local Settings\Temp\TeamViewer\Version8\TeamViewer.exe"="C:\Documents and Settings\SPRAVCE\Local Settings\Temp\TeamViewer\Version8\TeamViewer.exe:*:Enabled:TeamViewer 8"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.I420"=msh263.drv
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2018-02-13 23:09:44 ----D---- C:\_OTM
2018-02-13 17:34:59 ----D---- C:\WINDOWS\system32\netmon
2018-02-13 15:22:27 ----D---- C:\AdwCleaner
2018-02-13 12:43:45 ----D---- C:\rsit
2018-02-13 12:43:45 ----D---- C:\Program Files\trend micro
2018-02-10 16:47:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2018-02-10 16:47:56 ----D---- C:\Program Files\ESET
2018-02-08 12:08:08 ----A---- C:\WINDOWS\system32\ZLhp1020.DLL

======List of files/folders modified in the last 1 month======

2018-02-13 23:16:44 ----D---- C:\TEMP
2018-02-13 23:16:31 ----D---- C:\WINDOWS\Temp
2018-02-13 23:15:40 ----D---- C:\WINDOWS\system32\inetsrv
2018-02-13 23:13:42 ----D---- C:\WINDOWS\system32\LServer
2018-02-13 23:10:55 ----D---- C:\WINDOWS
2018-02-13 23:10:55 ----AD---- C:\WINDOWS\system32
2018-02-13 23:08:22 ----D---- C:\WINDOWS\system32\CatRoot2
2018-02-13 23:08:00 ----D---- C:\Temp2
2018-02-13 17:40:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-13 17:39:03 ----A---- C:\WINDOWS\WINCMD.INI
2018-02-13 15:11:23 ----SD---- C:\WINDOWS\Tasks
2018-02-13 12:43:45 ----RD---- C:\Program Files
2018-02-13 11:39:04 ----SHD---- C:\RECYCLER
2018-02-12 20:10:10 ----SHD---- C:\System Volume Information
2018-02-10 17:24:08 ----D---- C:\WINDOWS\system32\drivers
2018-02-10 17:00:00 ----SHD---- C:\WINDOWS\Installer
2018-02-10 16:59:46 ----SHD---- C:\Config.Msi
2018-02-10 16:59:27 ----D---- C:\WINDOWS\inf


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\WINDOWS\system32\DRIVERS\ACPI.sys [2007-02-17 194560]
R0 atapi;Standardní řadič disku IDE či ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2007-02-17 96768]
R0 Compbatt;Microsoft Composite Battery Driver; C:\WINDOWS\system32\DRIVERS\compbatt.sys [2007-02-17 10624]
R0 crcdisk;Ovladač filtru disku CRC; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 17920]
R0 DfsDriver;DfsDriver; C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-17 34816]
R0 Disk;Ovladač disku; C:\WINDOWS\system32\DRIVERS\disk.sys [2007-02-17 39936]
R0 dmio;Ovladač správce logických disků; C:\WINDOWS\System32\drivers\dmio.sys [2007-02-17 151552]
R0 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2005-03-25 7680]
R0 FltMgr;FltMgr; C:\WINDOWS\system32\drivers\fltmgr.sys [2013-01-07 132096]
R0 Ftdisk;Ovladač správce svazků; C:\WINDOWS\system32\DRIVERS\ftdisk.sys [2007-02-17 137216]
R0 isapnp;Řadič Plug and Play sběrnice ISA/EISA; C:\WINDOWS\system32\DRIVERS\isapnp.sys [2007-02-17 38912]
R0 KSecDD;KSecDD; C:\WINDOWS\system32\drivers\KSecDD.sys [2015-06-27 136192]
R0 MountMgr;Správce přípojných bodů; C:\WINDOWS\system32\drivers\MountMgr.sys [2007-02-17 46592]
R0 Mup;Služba Multiple UNC Provider; C:\WINDOWS\system32\drivers\Mup.sys [2011-04-12 103424]
R0 NDIS;Systémový ovladač NDIS; C:\WINDOWS\system32\drivers\NDIS.sys [2007-02-17 210432]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2007-02-17 61312]
R0 PartMgr;Správce oddílů; C:\WINDOWS\system32\drivers\PartMgr.sys [2007-02-17 25088]
R0 PCI;Řadič sběrnice PCI; C:\WINDOWS\system32\DRIVERS\pci.sys [2007-02-17 75264]
R0 PCIIde;PCIIde; C:\WINDOWS\system32\DRIVERS\pciide.sys [2005-03-25 5632]
R0 VolSnap;Paměťové svazky; C:\WINDOWS\system32\DRIVERS\volsnap.sys [2012-08-22 153600]
R1 AFD;AFD; C:\WINDOWS\System32\drivers\afd.sys [2014-05-30 150528]
R1 Beep;Beep; C:\WINDOWS\system32\drivers\Beep.sys [2005-03-25 6144]
R1 CV2K1;CommView Network Monitor; C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2017-04-26 9906]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2017-12-05 215328]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2017-12-05 160736]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2017-12-05 60992]
R1 Fips;Fips; C:\WINDOWS\system32\drivers\Fips.sys [2007-02-17 45568]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\system32\DRIVERS\i8042prt.sys [2007-02-17 55296]
R1 IPSec;Ovladač IPSEC; C:\WINDOWS\system32\DRIVERS\ipsec.sys [2007-02-17 82432]
R1 Kbdclass;Ovladač třídy klávesnic; C:\WINDOWS\system32\DRIVERS\kbdclass.sys [2007-02-17 25600]
R1 mnmdd;mnmdd; C:\WINDOWS\system32\drivers\mnmdd.sys [2005-03-25 6144]
R1 Mouclass;Ovladač třídy myší; C:\WINDOWS\system32\DRIVERS\mouclass.sys [2005-03-25 23040]
R1 MRxSmb;MRXSMB; C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2011-07-06 439296]
R1 Msfs;Msfs; C:\WINDOWS\system32\drivers\Msfs.sys [2007-02-17 21504]
R1 NetBIOS;Rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\netbios.sys [2007-02-17 34816]
R1 NetBT;Rozhraní NetBios nad protokolem TCP/IP; C:\WINDOWS\system32\DRIVERS\netbt.sys [2007-02-17 180224]
R1 Npfs;Npfs; C:\WINDOWS\system32\drivers\Npfs.sys [2007-02-17 32256]
R1 Null;Null; C:\WINDOWS\system32\drivers\Null.sys [2005-03-25 4608]
R1 RasAcd;Ovladač automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\DRIVERS\rasacd.sys [2005-03-25 10752]
R1 Rdbss;Rdbss; C:\WINDOWS\system32\DRIVERS\rdbss.sys [2010-02-24 177664]
R1 RDPCDD;RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [2005-03-25 6144]
R1 Serial;Ovladač sériového portu; C:\WINDOWS\system32\DRIVERS\serial.sys [2007-02-17 65536]
R1 Tcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\DRIVERS\tcpip.sys [2014-09-15 400896]
R1 TermDD;Ovladač terminálového zařízení; C:\WINDOWS\system32\DRIVERS\termdd.sys [2007-02-17 41608]
R1 ts_lb;ts_lb; C:\WINDOWS\system32\drivers\ts_lb.sys [2012-10-06 25704]
R1 VgaSave;Grafický řadič VGA; C:\WINDOWS\System32\drivers\vga.sys [2007-02-17 23552]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2007-02-17 11264]
R2 Parvdm;Parvdm; C:\WINDOWS\system32\DRIVERS\parvdm.sys [2005-03-25 8704]
R3 audstub;Prázdný zvukový ovladač; C:\WINDOWS\system32\DRIVERS\audstub.sys [2003-03-25 5120]
R3 Gpc;Obecné třídění paketů; C:\WINDOWS\system32\DRIVERS\msgpc.sys [2007-02-17 39424]
R3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2007-02-17 21504]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-03-25 11776]
R3 HTTP;Služba HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [2010-04-19 294400]
R3 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-02-17 40448]
R3 IpNat;IP Network Address Translator; C:\WINDOWS\system32\DRIVERS\ipnat.sys [2007-02-17 119296]
R3 mssmbios;Ovladač Microsoft System Management BIOS; C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2007-02-17 19968]
R3 NdisTapi;Ovladač Remote Access NDIS TAPI; C:\WINDOWS\system32\DRIVERS\ndistapi.sys [2011-07-08 12288]
R3 Ndisuio;Protokol NDIS uživatelského režimu V/V; C:\WINDOWS\system32\DRIVERS\ndisuio.sys [2007-02-17 16384]
R3 NdisWan;Ovladač Remote Access NDIS WAN; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [2007-02-17 89600]
R3 NDProxy;Služba NDIS Proxy; C:\WINDOWS\system32\drivers\NDProxy.sys [2013-11-27 40960]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-09-20 22016]
R3 Parport;Ovladač paralelního portu; C:\WINDOWS\system32\DRIVERS\parport.sys [2007-02-17 81408]
R3 PptpMiniport;Připojení WAN Miniport (PPTP); C:\WINDOWS\system32\DRIVERS\raspptp.sys [2007-02-17 59904]
R3 Ptilink;Direct Parallel Link Driver; C:\WINDOWS\system32\DRIVERS\ptilink.sys [2007-02-17 20480]
R3 Rasl2tp;WAN Miniport (L2TP); C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [2007-02-17 65536]
R3 RasPppoe;Ovladač pro vzdálený přístup PPPOE; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2007-02-17 40960]
R3 Raspti;Přímé propojení paralelním kabelem; C:\WINDOWS\system32\DRIVERS\raspti.sys [2007-02-17 19968]
R3 rdpdr;Ovladač přesměrovače zařízení terminálového serveru; C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2007-02-17 200192]
R3 RDPWD;RDPWD; C:\WINDOWS\system32\drivers\RDPWD.sys [2012-05-02 152200]
R3 RTL8169;Ovladač Realtek RTL8169 Gigabit Ethernet Adapter NT; C:\WINDOWS\system32\DRIVERS\RT8169xp.sys [2003-03-25 28544]
R3 serenum;Ovladač filtru Serenum; C:\WINDOWS\system32\DRIVERS\serenum.sys [2007-02-17 17920]
R3 Srv;Srv; C:\WINDOWS\system32\DRIVERS\srv.sys [2011-02-17 381952]
R3 swenum;Softwarový ovladač sběrnice; C:\WINDOWS\system32\DRIVERS\swenum.sys [2007-02-17 4736]
R3 TDTCP;TDTCP; C:\WINDOWS\system32\drivers\TDTCP.sys [2007-02-17 24200]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft; C:\WINDOWS\system32\DRIVERS\tscomm.sys [2013-07-23 43208]
R3 Update;Ovladač aktualizace mikrokódu; C:\WINDOWS\system32\DRIVERS\update.sys [2007-05-28 365056]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2013-07-20 30720]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-17 60416]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2013-07-20 17664]
R3 Wanarp;Ovladač Remote Access IP ARP; C:\WINDOWS\system32\DRIVERS\wanarp.sys [2007-02-17 36352]
R4 Ntfs;Ntfs; C:\WINDOWS\system32\drivers\Ntfs.sys [2007-02-17 589824]
S1 Cdrom;Ovladač jednotky CD-ROM; C:\WINDOWS\system32\DRIVERS\cdrom.sys [2007-02-17 52224]
S1 Changer;Changer; C:\WINDOWS\system32\drivers\Changer.sys []
S1 i2omgmt;i2omgmt; C:\WINDOWS\system32\drivers\i2omgmt.sys []
S1 imapi;CD-Burning Filter Driver; C:\WINDOWS\system32\DRIVERS\imapi.sys [2007-02-17 43520]
S1 redbook;Digital CD Audio Playback Filter Driver; C:\WINDOWS\system32\DRIVERS\redbook.sys [2007-02-17 61952]
S1 Sfloppy;Sfloppy; C:\WINDOWS\system32\drivers\Sfloppy.sys [2005-03-25 12288]
S3 aec;Microsoft Kernel Acoustic Echo Canceller; C:\WINDOWS\system32\drivers\aec.sys [2007-02-17 140288]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-02-17 61952]
S3 AsyncMac;Ovladač asynchronních médií připojení RAS; C:\WINDOWS\system32\DRIVERS\asyncmac.sys [2005-03-25 16384]
S3 Atmarpc;Protokol ATM ARP Client; C:\WINDOWS\system32\DRIVERS\atmarpc.sys [2007-02-17 59392]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
S3 DMusic;Syntezátor Microsoft Kernel DLS; C:\WINDOWS\system32\drivers\DMusic.sys [2007-02-17 54784]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\WINDOWS\system32\drivers\drmkaud.sys [2003-03-25 5632]
S3 Fdc;Ovladač řadiče disketové jednotky; C:\WINDOWS\system32\DRIVERS\fdc.sys [2007-02-17 24576]
S3 Flpydisk;Ovladač disketové jednotky; C:\WINDOWS\system32\DRIVERS\flpydisk.sys [2005-03-25 18432]
S3 gameenum;Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\gameenum.sys [2003-03-25 10112]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-07-08 144384]
S3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2010-11-23 26752]
S3 Ip6Fw;Ovladač IPv6 brány firewall systému Windows; C:\WINDOWS\system32\drivers\ip6fw.sys [2007-02-17 36352]
S3 IpFilterDriver;IP Traffic Filter Driver; C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [2007-02-17 32768]
S3 IpInIp;IP in IP Tunnel Driver; C:\WINDOWS\system32\DRIVERS\ipinip.sys []
S3 IRENUM;Služba čítače výčtu IR; C:\WINDOWS\system32\DRIVERS\irenum.sys [2007-02-17 12800]
S3 kmixer;Směšovač Microsoft Kernel Wave Audio Mixer; C:\WINDOWS\system32\drivers\kmixer.sys [2007-02-17 169472]
S3 Modem;Modem; C:\WINDOWS\system32\drivers\Modem.sys [2007-02-17 31232]
S3 MRxDAV;Přesměrovač klienta WebDav; C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2014-12-19 188928]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\WINDOWS\system32\drivers\MSKSSRV.sys [2007-02-17 7936]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\WINDOWS\system32\drivers\MSPCLOCK.sys [2007-02-17 5760]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\WINDOWS\system32\drivers\MSPQM.sys [2007-02-17 5376]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-02-17 58368]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-09-20 53632]
S3 PDCOMP;PDCOMP; C:\WINDOWS\system32\drivers\PDCOMP.sys []
S3 PDFRAME;PDFRAME; C:\WINDOWS\system32\drivers\PDFRAME.sys []
S3 PDRELI;PDRELI; C:\WINDOWS\system32\drivers\PDRELI.sys []
S3 PDRFRAME;PDRFRAME; C:\WINDOWS\system32\drivers\PDRFRAME.sys []
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2003-03-25 18974]
S3 Secdrv;Secdrv; C:\WINDOWS\system32\DRIVERS\secdrv.sys [2007-11-13 20480]
S3 splitter;Microsoft Kernel Audio Splitter; C:\WINDOWS\system32\drivers\splitter.sys [2007-02-17 7680]
S3 swmidi;Microsoft Kernel GS Wavetable Synthesizer; C:\WINDOWS\system32\drivers\swmidi.sys [2007-02-17 58368]
S3 sysaudio;Microsoft Kernel System Audio Device; C:\WINDOWS\system32\drivers\sysaudio.sys [2007-02-17 60928]
S3 TDPIPE;TDPIPE; C:\WINDOWS\system32\drivers\TDPIPE.sys [2007-02-17 12936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-17 28160]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2007-02-17 24064]
S3 WDICA;WDICA; C:\WINDOWS\system32\drivers\WDICA.sys []
S3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver; C:\WINDOWS\system32\drivers\wdmaud.sys [2007-02-17 83968]
S3 WLBS;Vyrovnávání zatížení sítě; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 177152]
S4 Abiosdsk;Abiosdsk; C:\WINDOWS\system32\drivers\Abiosdsk.sys []
S4 ACPIEC;ACPIEC; C:\WINDOWS\system32\drivers\ACPIEC.sys [2005-03-25 13312]
S4 adpu160m;adpu160m; C:\WINDOWS\system32\drivers\adpu160m.sys []
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 afcnt;afcnt; C:\WINDOWS\system32\drivers\afcnt.sys []
S4 aic78u2;aic78u2; C:\WINDOWS\system32\drivers\aic78u2.sys []
S4 aic78xx;aic78xx; C:\WINDOWS\system32\drivers\aic78xx.sys []
S4 AliIde;AliIde; C:\WINDOWS\system32\drivers\AliIde.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys [2007-02-17 7680]
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys [2007-02-17 43520]
S4 Atdisk;Atdisk; C:\WINDOWS\system32\drivers\Atdisk.sys []
S4 cbidf2k;cbidf2k; C:\WINDOWS\system32\drivers\cbidf2k.sys [2005-03-25 15360]
S4 cd20xrnt;cd20xrnt; C:\WINDOWS\system32\drivers\cd20xrnt.sys []
S4 Cdfs;Cdfs; C:\WINDOWS\system32\drivers\Cdfs.sys [2007-02-17 65536]
S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 69120]
S4 CmdIde;CmdIde; C:\WINDOWS\system32\drivers\CmdIde.sys []
S4 Cpqarray;Cpqarray; C:\WINDOWS\system32\drivers\Cpqarray.sys []
S4 cpqarry2;cpqarry2; C:\WINDOWS\system32\drivers\cpqarry2.sys []
S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []
S4 cpqfcalm;cpqfcalm; C:\WINDOWS\system32\drivers\cpqfcalm.sys []
S4 dac2w2k;dac2w2k; C:\WINDOWS\system32\drivers\dac2w2k.sys []
S4 dac960nt;dac960nt; C:\WINDOWS\system32\drivers\dac960nt.sys []
S4 dellcerc;dellcerc; C:\WINDOWS\system32\drivers\dellcerc.sys []
S4 dmboot;dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [2007-02-17 268800]
S4 dpti2o;dpti2o; C:\WINDOWS\system32\drivers\dpti2o.sys []
S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []
S4 Fastfat;Fastfat; C:\WINDOWS\system32\drivers\Fastfat.sys [2014-09-05 151040]
S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys [2007-02-17 23552]
S4 hpn;hpn; C:\WINDOWS\system32\drivers\hpn.sys []
S4 hpt3xx;hpt3xx; C:\WINDOWS\system32\drivers\hpt3xx.sys []
S4 i2omp;i2omp; C:\WINDOWS\system32\drivers\i2omp.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 ipsraidn;ipsraidn; C:\WINDOWS\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []
S4 mraid35x;mraid35x; C:\WINDOWS\system32\drivers\mraid35x.sys []
S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []
S4 Pcmcia;Pcmcia; C:\WINDOWS\system32\drivers\Pcmcia.sys [2007-02-17 121856]
S4 perc2;perc2; C:\WINDOWS\system32\drivers\perc2.sys []
S4 perc2hib;perc2hib; C:\WINDOWS\system32\drivers\perc2hib.sys []
S4 ql1080;ql1080; C:\WINDOWS\system32\drivers\ql1080.sys []
S4 Ql10wnt;Ql10wnt; C:\WINDOWS\system32\drivers\Ql10wnt.sys []
S4 ql12160;ql12160; C:\WINDOWS\system32\drivers\ql12160.sys []
S4 ql1240;ql1240; C:\WINDOWS\system32\drivers\ql1240.sys []
S4 ql1280;ql1280; C:\WINDOWS\system32\drivers\ql1280.sys []
S4 ql2100;ql2100; C:\WINDOWS\system32\drivers\ql2100.sys []
S4 ql2200;ql2200; C:\WINDOWS\system32\drivers\ql2200.sys []
S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []
S4 Simbad;Simbad; C:\WINDOWS\system32\drivers\Simbad.sys []
S4 sym_hi;sym_hi; C:\WINDOWS\system32\drivers\sym_hi.sys []
S4 sym_u3;sym_u3; C:\WINDOWS\system32\drivers\sym_u3.sys []
S4 symc810;symc810; C:\WINDOWS\system32\drivers\symc810.sys []
S4 symc8xx;symc8xx; C:\WINDOWS\system32\drivers\symc8xx.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []
S4 TosIde;TosIde; C:\WINDOWS\system32\drivers\TosIde.sys []
S4 Udfs;Udfs; C:\WINDOWS\system32\drivers\Udfs.sys [2007-02-17 67584]
S4 ultra;ultra; C:\WINDOWS\system32\drivers\ultra.sys []
S4 ViaIde;ViaIde; C:\WINDOWS\system32\drivers\ViaIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Služba vyhledávání zkušeností aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 AudioSrv;Zvuk systému Windows; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Browser;Prohledávání počítačů; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 CryptSvc;Šifrování; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 DcomLaunch;Spouštěč procesů serveru DCOM; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 Dhcp;Klient DHCP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 dmserver;Správce logických disků; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Dnscache;Klient DNS; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET File Security\ekrn.exe [2017-12-05 1995184]
R2 ERSvc;Zasílání zpráv o chybách; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Eventlog;Protokol událostí; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 EventSystem;Systém událostí COM+; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 helpsvc;Nápověda a odborná pomoc; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 lanmanserver;Server; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 lanmanworkstation;Pracovní stanice; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 LmHosts;Podpora rozhraní NetBIOS nad protokolem TCP/IP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 MSDTC;Koordinátor DTC; C:\WINDOWS\system32\msdtc.exe [2008-07-23 6144]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 PlugPlay;Plug and Play; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 PolicyAgent;Služby IPSEC; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 ProtectedStorage;Chráněné úložiště; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 RemoteRegistry;Vzdálený registr; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 RpcSs;Vzdálené volání procedur (RPC); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SamSs;Správce zabezpečení účtů; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 seclogon;Sekundární přihlašování; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 SENS;Oznamování systémových událostí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SharedAccess;Brána Firewall / Sdílení připojení k Internetu (ICS); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ShellHWDetection;Rozpoznávání hardwaru; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Schedule;Plánovač úloh; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Spooler;Zařazování tisku; C:\WINDOWS\system32\spoolsv.exe [2010-08-17 58880]
R2 TermServLicensing;Správa licencí Terminálového serveru; C:\WINDOWS\system32\lserver.exe [2007-02-17 351744]
R2 TrkWks;Klient služby sledování distribuovaných propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 W32Time;Systémový čas; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 W3SVC;Služba Publikování na webu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 winmgmt;Služba WMI; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 wuauserv;Automatické aktualizace; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WZCSVC;Konfigurace bezdrátových zařízení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 ALG;Služba brány aplikačního rozhraní; C:\WINDOWS\System32\alg.exe [2007-02-17 45056]
R3 HTTPFilter;Služba HTTP SSL; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R3 Netman;Síťová připojení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 Nla;Sledování umístění v síti (NLA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 RasMan;Správce vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 TapiSrv;Telefonní subsystém; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 TermService;Terminálová služba; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Ias;Ias; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S2 Iprip;Iprip; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
S2 SysmonLog;Výstrahy a protokolování výkonu; C:\WINDOWS\system32\smlogsvc.exe [2007-02-17 96768]
S3 AppMgmt;Správa aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 BITS;Služba inteligentního přenosu na pozadí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 COMSysApp;Systémové aplikace modelu COM+; C:\WINDOWS\system32\dllhost.exe [2007-02-17 5632]
S3 Dfs;Systém souborů DFS; C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 164864]
S3 dmadmin;Služba správy pro Správce logických disků; C:\WINDOWS\System32\dmadmin.exe [2007-02-17 235008]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET File Security\ehttpsrv.exe [2017-12-05 43640]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 147624]
S3 MSIServer;Služba Windows Installer; C:\WINDOWS\system32\msiexec.exe [2015-06-26 96256]
S3 Netlogon;Přihlašování k síti; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
S3 NtFrs;Replikace souborů; C:\WINDOWS\system32\ntfrs.exe [2007-02-17 792576]
S3 NtLmSsp;Zprostředkovatel zabezpečení NT LM; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
S3 NtmsSvc;Vyměnitelné úložiště; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 RasAuto;Správce automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 RDSessMgr;Správce relací nápovědy ke vzdálené ploše; C:\WINDOWS\system32\sessmgr.exe [2007-02-17 124928]
S3 RpcLocator;Lokátor vzdáleného volání procedur (RPC); C:\WINDOWS\system32\locator.exe [2005-03-25 71680]
S3 RSoPProv;Poskytovatel výsledné sady zásad; C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 67072]
S3 sacsvr;Pomocník pro práci se speciální konzolou pro správu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 SCardSvr;Smart Card; C:\WINDOWS\System32\SCardSvr.exe [2007-02-17 92160]
S3 swprv;Microsoft Software Shadow Copy Provider; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2007-02-17 39424]
S3 UPS;Nepřerušitelný zdroj napájení (UPS); C:\WINDOWS\System32\ups.exe [2005-03-25 16896]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-17 353280]
S3 VSS;Stínová kopie svazku; C:\WINDOWS\System32\vssvc.exe [2007-02-17 837632]
S3 WinHttpAutoProxySvc;Služba WinHTTP WPAD; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 Wmi;Rozšíření ovladače WMI; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 WmiApSrv;Adaptér výkonu služby WMI; C:\WINDOWS\system32\wbem\wmiapsrv.exe [2007-02-17 127488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 xmlprov;Služba pro síťová ustanovení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 Alerter;Výstrahy; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 CiSvc;Indexing Service; C:\WINDOWS\system32\cisvc.exe [2007-02-17 6656]
S4 ClipSrv;Síťová schránka; C:\WINDOWS\system32\clipsrv.exe [2005-03-25 32256]
S4 HidServ;Přístup k zařízením standardu HID; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 ImapiService;Služba modelu COM pro zápis na disk CD (IMAPI); C:\WINDOWS\system32\imapi.exe [2007-02-17 157184]
S4 IsmServ;Mezisíťové zasílání zpráv; C:\WINDOWS\System32\ismserv.exe [2007-02-17 40448]
S4 kdc;Centrum distribuce klíčů modulu Kerberos; C:\WINDOWS\System32\lsass.exe [2005-03-25 16384]
S4 LicenseService;Protokolování licence; C:\WINDOWS\System32\llssrv.exe [2007-02-17 94720]
S4 Messenger;Kurýrní služba; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 mnmsrvc;NetMeeting - Vzdálené sdílení plochy; C:\WINDOWS\system32\mnmsrvc.exe [2007-02-17 32768]
S4 NetDDE;Služba DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetDDEdsdm;Správce DSDM služby DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RemoteAccess;Směrování a vzdálený přístup; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 stisvc;Načítání obrázků (WIA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Themes;Motivy; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 TrkSvr;Server sledování distribuovaného propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-02-17 71168]
S4 WebClient;Webový klient; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

-----------------EOF-----------------

#10 Příspěvek od **Rudy** » 14 úno 2018 13:03

Smazáno. Nastala nějaká změna?

Berger · #11 Příspěvek od **Berger** » 17 úno 2018 11:29

Do včerejška klid, dnes ráno opět server vytížen na 100% C:\Recycler\hpset.exe, kromě tohoto exe ve stejném adresáři ještě soubory config.json, hpdriver.exe, xcomd.cmd a samozrejme hpset.exe. V xcomd.cmd je

Kód: Vybrat vše

@echo off
C:\\Recycler\\hpset.exe
pause

v Json

Kód: Vybrat vše

{
    "algo": "cryptonight",  // cryptonight (default) or cryptonight-lite
    "av": 0,                // algorithm variation, 0 auto select
    "background": true,    // true to run the miner in the background
    "colors": true,         // false to disable colored output    
    "cpu-affinity": null,   // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
    "cpu-priority": null,   // set process priority (0 idle, 2 normal to 5 highest)
    "donate-level": 1,      // donate level, mininum 1%
    "log-file": null,       // log all output to a file, example: "c:/some/path/xmrig.log"
    "max-cpu-usage": 75,    // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option.  
    "print-time": 60,       // print hashrate report every N seconds
    "retries": 5,           // number of times to retry before switch to backup server
    "retry-pause": 5,       // time to pause between retries
    "safe": false,          // true to safe adjust threads and av settings for current CPU
    "threads": null,        // number of miner threads
    "pools": [
        {
            "url": "pool.minexmr.com:7777",   // URL of mining server
            "user": "47LxapYtLeUiXApZHgiq9ZfBEz1ncsXHmWfHDvxoY7MaYc3yesHPUnDNiw28fshrMe98o5TjpMuxq87Dn1mJsCkWFHG5S2W.ii",                        // username for mining server
            "pass": "x",                       // password for mining server
            "keepalive": true,                 // send keepalived for prevent timeout (need pool support)
            "nicehash": false                  // enable nicehash/xmrig-proxy support
        }
    ],
    "api": {
        "port": 0,                             // port for the miner API https://github.com/xmrig/xmrig/wiki/API
        "access-token": null,                  // access token for API
        "worker-id": null                      // custom worker-id for API
    }
}

Přikládám RSIT pořizený když probíhala těžba
zatím jsme to opět sestřelil a smazal, ale otázka je jak se to na server dostava.

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by SPRAVCE at 2018-02-17 11:01:58
Microsoft(R) Windows(R) Server 2003, Standard Edition Service Pack 2
System drive C: has 205 GB (86%) free of 238 GB
Total RAM: 3965 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:31, on 17.2.2018
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.23707)
Boot mode: Normal

Running processes:
C:\Documents and Settings\SPRAVCE\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET File Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Recycler\hpset.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\ESET\ESET File Security\egui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\totalcmd\TOTALCMD.EXE
c:\Temp2\RSIT.exe
c:\Temp2\procexp.exe
C:\Program Files\trend micro\SPRAVCE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3500746537-2576807321-775964137-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'lwww')
O4 - HKUS\S-1-5-21-3500746537-2576807321-775964137-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\spravce\windows\system32\mswsock.dll' missing
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://ad.seznam.cz
O15 - ESC Trusted Zone: http://www.seznam.cz
O15 - ESC Trusted Zone: http://search.sklik.cz
O15 - ESC Trusted Zone: http://www.vkta.cz
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://127.0.0.1
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283756918796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1392253363656
O17 - HKLM\System\CCS\Services\Tcpip\..\{22FA61C4-B77A-47D8-B9D8-0A27C19CC4A1}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7306DB75-7E41-4E05-B78E-4A03C5B80042}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC9B5424-F2E4-43AA-92A4-40CBCB017789}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Documents and Settings\SPRAVCE\WINDOWS\system32\browseui.dll (file missing)
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Documents and Settings\SPRAVCE\WINDOWS\system32\browseui.dll (file missing)
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET File Security\ehttpsrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET File Security\ekrn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6979 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ZALOHA KNIHOVNA.job - C:\WINDOWS\system32\ntbackup.exe  backup "@C:\Documents and Settings\SPRAVCE\Local Settings\Data aplikací\Microsoft\Windows NT\NTBackup\data\ZALOHA KNIHOVNA.bks" /n "Backup.bkf vytvořeno 8.12.2009 v 9:31" /d "Sada vytvořena 8.12.2009 v 9:31" /v:no /r:no /rs:no /hc:off /m normal /j "ZALOHA KNIHOVNA" /l:s /f "\\Mybookworld\PUBLIC\Backup.bkf" 
C:\WINDOWS\tasks\záloha dat.job - C:\WINDOWS\system32\ntbackup.exe  backup "@C:\Documents and Settings\SPRAVCE\Local Settings\Data aplikací\Microsoft\Windows NT\NTBackup\data\090315 - konfigurace obsahu záloh.bks" /a /d "Sada vytvořena 9.3.2015 v 13:59" /v:no /r:no /rs:no /hc:off /m normal /j "záloha dat" /l:s /f "D:\DATA\JILKOVA\! ZÁLOHA SERVER !\Backup.bkf" 

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\SPRAVCE\Data aplikací\Mozilla\Firefox\Profiles\yyvoi4s0.default

prefs.js - "browser.startup.homepage" -  "http://www.google.com/"
prefs.js - "extensions.enabledItems" -  "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


C:\Program Files\Mozilla Firefox\components\
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Documents and Settings\SPRAVCE\Data aplikací\Mozilla\Firefox\Profiles\yyvoi4s0.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"C-Media Mixer"=Mixer.exe /startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
C:\WINDOWS\system32\crypt32.dll [2015-06-26 603648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
C:\WINDOWS\system32\cryptnet.dll [2007-02-17 62464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
C:\WINDOWS\system32\cscdll.dll [2007-02-17 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
C:\WINDOWS\system32\dimsntfy.dll [2007-02-17 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
C:\WINDOWS\system32\sclgntfy.dll [2005-03-25 21504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
C:\WINDOWS\system32\WlNotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll [2015-02-19 8367104]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll [2015-02-19 8367104]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll [2015-06-16 236544]
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll [2007-02-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll [2009-06-26 1033216]
Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll [2009-06-26 1033216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2015-02-19 8367104]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=RASSFM
KDCSVC
WDIGEST
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ias]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpcdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpwd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdpipe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdtcp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\termservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ShowSuperHidden"=1
"HonorAutoRunSetting"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\wincmd\WINCMD32.EXE"="C:\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"E:\WD Discovery Software\WD Discovery.exe"="E:\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe"="C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"C:\Documents and Settings\SPRAVCE\Local Settings\Temp\TeamViewer\Version8\TeamViewer.exe"="C:\Documents and Settings\SPRAVCE\Local Settings\Temp\TeamViewer\Version8\TeamViewer.exe:*:Enabled:TeamViewer 8"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.I420"=msh263.drv
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2018-02-13 23:09:44 ----D---- C:\_OTM
2018-02-13 17:34:59 ----D---- C:\WINDOWS\system32\netmon
2018-02-13 15:22:27 ----D---- C:\AdwCleaner
2018-02-13 12:43:45 ----D---- C:\rsit
2018-02-13 12:43:45 ----D---- C:\Program Files\trend micro
2018-02-10 16:47:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2018-02-10 16:47:56 ----D---- C:\Program Files\ESET
2018-02-08 12:08:08 ----A---- C:\WINDOWS\system32\ZLhp1020.DLL

======List of files/folders modified in the last 1 month======

2018-02-17 11:02:02 ----D---- C:\WINDOWS\system32\CatRoot2
2018-02-17 11:01:55 ----D---- C:\WINDOWS\system32\drivers
2018-02-17 11:01:54 ----D---- C:\TEMP
2018-02-17 01:45:59 ----D---- C:\WINDOWS\Temp
2018-02-17 00:45:41 ----D---- C:\ClavZal
2018-02-16 22:02:29 ----SHD---- C:\RECYCLER
2018-02-16 20:00:11 ----D---- C:\WINDOWS\system32\inetsrv
2018-02-15 20:10:03 ----SHD---- C:\System Volume Information
2018-02-13 23:17:45 ----AD---- C:\WINDOWS\system32
2018-02-13 23:17:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-13 23:13:42 ----D---- C:\WINDOWS\system32\LServer
2018-02-13 23:10:55 ----D---- C:\WINDOWS
2018-02-13 23:08:00 ----D---- C:\Temp2
2018-02-13 17:39:03 ----A---- C:\WINDOWS\WINCMD.INI
2018-02-13 15:11:23 ----SD---- C:\WINDOWS\Tasks
2018-02-13 12:43:45 ----RD---- C:\Program Files
2018-02-10 17:00:00 ----SHD---- C:\WINDOWS\Installer
2018-02-10 16:59:46 ----SHD---- C:\Config.Msi
2018-02-10 16:59:27 ----D---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\WINDOWS\system32\DRIVERS\ACPI.sys [2007-02-17 194560]
R0 atapi;Standardní řadič disku IDE či ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2007-02-17 96768]
R0 Compbatt;Microsoft Composite Battery Driver; C:\WINDOWS\system32\DRIVERS\compbatt.sys [2007-02-17 10624]
R0 crcdisk;Ovladač filtru disku CRC; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 17920]
R0 DfsDriver;DfsDriver; C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-17 34816]
R0 Disk;Ovladač disku; C:\WINDOWS\system32\DRIVERS\disk.sys [2007-02-17 39936]
R0 dmio;Ovladač správce logických disků; C:\WINDOWS\System32\drivers\dmio.sys [2007-02-17 151552]
R0 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2005-03-25 7680]
R0 FltMgr;FltMgr; C:\WINDOWS\system32\drivers\fltmgr.sys [2013-01-07 132096]
R0 Ftdisk;Ovladač správce svazků; C:\WINDOWS\system32\DRIVERS\ftdisk.sys [2007-02-17 137216]
R0 isapnp;Řadič Plug and Play sběrnice ISA/EISA; C:\WINDOWS\system32\DRIVERS\isapnp.sys [2007-02-17 38912]
R0 KSecDD;KSecDD; C:\WINDOWS\system32\drivers\KSecDD.sys [2015-06-27 136192]
R0 MountMgr;Správce přípojných bodů; C:\WINDOWS\system32\drivers\MountMgr.sys [2007-02-17 46592]
R0 Mup;Služba Multiple UNC Provider; C:\WINDOWS\system32\drivers\Mup.sys [2011-04-12 103424]
R0 NDIS;Systémový ovladač NDIS; C:\WINDOWS\system32\drivers\NDIS.sys [2007-02-17 210432]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2007-02-17 61312]
R0 PartMgr;Správce oddílů; C:\WINDOWS\system32\drivers\PartMgr.sys [2007-02-17 25088]
R0 PCI;Řadič sběrnice PCI; C:\WINDOWS\system32\DRIVERS\pci.sys [2007-02-17 75264]
R0 PCIIde;PCIIde; C:\WINDOWS\system32\DRIVERS\pciide.sys [2005-03-25 5632]
R0 VolSnap;Paměťové svazky; C:\WINDOWS\system32\DRIVERS\volsnap.sys [2012-08-22 153600]
R1 AFD;AFD; C:\WINDOWS\System32\drivers\afd.sys [2014-05-30 150528]
R1 Beep;Beep; C:\WINDOWS\system32\drivers\Beep.sys [2005-03-25 6144]
R1 CV2K1;CommView Network Monitor; C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2017-04-26 9906]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2017-12-05 215328]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2017-12-05 160736]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2017-12-05 60992]
R1 Fips;Fips; C:\WINDOWS\system32\drivers\Fips.sys [2007-02-17 45568]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\system32\DRIVERS\i8042prt.sys [2007-02-17 55296]
R1 IPSec;Ovladač IPSEC; C:\WINDOWS\system32\DRIVERS\ipsec.sys [2007-02-17 82432]
R1 Kbdclass;Ovladač třídy klávesnic; C:\WINDOWS\system32\DRIVERS\kbdclass.sys [2007-02-17 25600]
R1 mnmdd;mnmdd; C:\WINDOWS\system32\drivers\mnmdd.sys [2005-03-25 6144]
R1 Mouclass;Ovladač třídy myší; C:\WINDOWS\system32\DRIVERS\mouclass.sys [2005-03-25 23040]
R1 MRxSmb;MRXSMB; C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2011-07-06 439296]
R1 Msfs;Msfs; C:\WINDOWS\system32\drivers\Msfs.sys [2007-02-17 21504]
R1 NetBIOS;Rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\netbios.sys [2007-02-17 34816]
R1 NetBT;Rozhraní NetBios nad protokolem TCP/IP; C:\WINDOWS\system32\DRIVERS\netbt.sys [2007-02-17 180224]
R1 Npfs;Npfs; C:\WINDOWS\system32\drivers\Npfs.sys [2007-02-17 32256]
R1 Null;Null; C:\WINDOWS\system32\drivers\Null.sys [2005-03-25 4608]
R1 RasAcd;Ovladač automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\DRIVERS\rasacd.sys [2005-03-25 10752]
R1 Rdbss;Rdbss; C:\WINDOWS\system32\DRIVERS\rdbss.sys [2010-02-24 177664]
R1 RDPCDD;RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [2005-03-25 6144]
R1 Serial;Ovladač sériového portu; C:\WINDOWS\system32\DRIVERS\serial.sys [2007-02-17 65536]
R1 Tcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\DRIVERS\tcpip.sys [2014-09-15 400896]
R1 TermDD;Ovladač terminálového zařízení; C:\WINDOWS\system32\DRIVERS\termdd.sys [2007-02-17 41608]
R1 ts_lb;ts_lb; C:\WINDOWS\system32\drivers\ts_lb.sys [2012-10-06 25704]
R1 VgaSave;Grafický řadič VGA; C:\WINDOWS\System32\drivers\vga.sys [2007-02-17 23552]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2007-02-17 11264]
R2 Parvdm;Parvdm; C:\WINDOWS\system32\DRIVERS\parvdm.sys [2005-03-25 8704]
R3 audstub;Prázdný zvukový ovladač; C:\WINDOWS\system32\DRIVERS\audstub.sys [2003-03-25 5120]
R3 Gpc;Obecné třídění paketů; C:\WINDOWS\system32\DRIVERS\msgpc.sys [2007-02-17 39424]
R3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2007-02-17 21504]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-03-25 11776]
R3 HTTP;Služba HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [2010-04-19 294400]
R3 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-02-17 40448]
R3 IpNat;IP Network Address Translator; C:\WINDOWS\system32\DRIVERS\ipnat.sys [2007-02-17 119296]
R3 mssmbios;Ovladač Microsoft System Management BIOS; C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2007-02-17 19968]
R3 NdisTapi;Ovladač Remote Access NDIS TAPI; C:\WINDOWS\system32\DRIVERS\ndistapi.sys [2011-07-08 12288]
R3 Ndisuio;Protokol NDIS uživatelského režimu V/V; C:\WINDOWS\system32\DRIVERS\ndisuio.sys [2007-02-17 16384]
R3 NdisWan;Ovladač Remote Access NDIS WAN; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [2007-02-17 89600]
R3 NDProxy;Služba NDIS Proxy; C:\WINDOWS\system32\drivers\NDProxy.sys [2013-11-27 40960]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-09-20 22016]
R3 Parport;Ovladač paralelního portu; C:\WINDOWS\system32\DRIVERS\parport.sys [2007-02-17 81408]
R3 PptpMiniport;Připojení WAN Miniport (PPTP); C:\WINDOWS\system32\DRIVERS\raspptp.sys [2007-02-17 59904]
R3 Ptilink;Direct Parallel Link Driver; C:\WINDOWS\system32\DRIVERS\ptilink.sys [2007-02-17 20480]
R3 Rasl2tp;WAN Miniport (L2TP); C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [2007-02-17 65536]
R3 RasPppoe;Ovladač pro vzdálený přístup PPPOE; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2007-02-17 40960]
R3 Raspti;Přímé propojení paralelním kabelem; C:\WINDOWS\system32\DRIVERS\raspti.sys [2007-02-17 19968]
R3 rdpdr;Ovladač přesměrovače zařízení terminálového serveru; C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2007-02-17 200192]
R3 RDPWD;RDPWD; C:\WINDOWS\system32\drivers\RDPWD.sys [2012-05-02 152200]
R3 RTL8169;Ovladač Realtek RTL8169 Gigabit Ethernet Adapter NT; C:\WINDOWS\system32\DRIVERS\RT8169xp.sys [2003-03-25 28544]
R3 serenum;Ovladač filtru Serenum; C:\WINDOWS\system32\DRIVERS\serenum.sys [2007-02-17 17920]
R3 Srv;Srv; C:\WINDOWS\system32\DRIVERS\srv.sys [2011-02-17 381952]
R3 swenum;Softwarový ovladač sběrnice; C:\WINDOWS\system32\DRIVERS\swenum.sys [2007-02-17 4736]
R3 TDTCP;TDTCP; C:\WINDOWS\system32\drivers\TDTCP.sys [2007-02-17 24200]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft; C:\WINDOWS\system32\DRIVERS\tscomm.sys [2013-07-23 43208]
R3 Update;Ovladač aktualizace mikrokódu; C:\WINDOWS\system32\DRIVERS\update.sys [2007-05-28 365056]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2013-07-20 30720]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-17 60416]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2013-07-20 17664]
R3 Wanarp;Ovladač Remote Access IP ARP; C:\WINDOWS\system32\DRIVERS\wanarp.sys [2007-02-17 36352]
R4 Ntfs;Ntfs; C:\WINDOWS\system32\drivers\Ntfs.sys [2007-02-17 589824]
S1 Cdrom;Ovladač jednotky CD-ROM; C:\WINDOWS\system32\DRIVERS\cdrom.sys [2007-02-17 52224]
S1 Changer;Changer; C:\WINDOWS\system32\drivers\Changer.sys []
S1 i2omgmt;i2omgmt; C:\WINDOWS\system32\drivers\i2omgmt.sys []
S1 imapi;CD-Burning Filter Driver; C:\WINDOWS\system32\DRIVERS\imapi.sys [2007-02-17 43520]
S1 redbook;Digital CD Audio Playback Filter Driver; C:\WINDOWS\system32\DRIVERS\redbook.sys [2007-02-17 61952]
S1 Sfloppy;Sfloppy; C:\WINDOWS\system32\drivers\Sfloppy.sys [2005-03-25 12288]
S3 aec;Microsoft Kernel Acoustic Echo Canceller; C:\WINDOWS\system32\drivers\aec.sys [2007-02-17 140288]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-02-17 61952]
S3 AsyncMac;Ovladač asynchronních médií připojení RAS; C:\WINDOWS\system32\DRIVERS\asyncmac.sys [2005-03-25 16384]
S3 Atmarpc;Protokol ATM ARP Client; C:\WINDOWS\system32\DRIVERS\atmarpc.sys [2007-02-17 59392]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
S3 DMusic;Syntezátor Microsoft Kernel DLS; C:\WINDOWS\system32\drivers\DMusic.sys [2007-02-17 54784]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\WINDOWS\system32\drivers\drmkaud.sys [2003-03-25 5632]
S3 Fdc;Ovladač řadiče disketové jednotky; C:\WINDOWS\system32\DRIVERS\fdc.sys [2007-02-17 24576]
S3 Flpydisk;Ovladač disketové jednotky; C:\WINDOWS\system32\DRIVERS\flpydisk.sys [2005-03-25 18432]
S3 gameenum;Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\gameenum.sys [2003-03-25 10112]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-07-08 144384]
S3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2010-11-23 26752]
S3 Ip6Fw;Ovladač IPv6 brány firewall systému Windows; C:\WINDOWS\system32\drivers\ip6fw.sys [2007-02-17 36352]
S3 IpFilterDriver;IP Traffic Filter Driver; C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [2007-02-17 32768]
S3 IpInIp;IP in IP Tunnel Driver; C:\WINDOWS\system32\DRIVERS\ipinip.sys []
S3 IRENUM;Služba čítače výčtu IR; C:\WINDOWS\system32\DRIVERS\irenum.sys [2007-02-17 12800]
S3 kmixer;Směšovač Microsoft Kernel Wave Audio Mixer; C:\WINDOWS\system32\drivers\kmixer.sys [2007-02-17 169472]
S3 Modem;Modem; C:\WINDOWS\system32\drivers\Modem.sys [2007-02-17 31232]
S3 MRxDAV;Přesměrovač klienta WebDav; C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2014-12-19 188928]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\WINDOWS\system32\drivers\MSKSSRV.sys [2007-02-17 7936]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\WINDOWS\system32\drivers\MSPCLOCK.sys [2007-02-17 5760]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\WINDOWS\system32\drivers\MSPQM.sys [2007-02-17 5376]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-02-17 58368]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-09-20 53632]
S3 PDCOMP;PDCOMP; C:\WINDOWS\system32\drivers\PDCOMP.sys []
S3 PDFRAME;PDFRAME; C:\WINDOWS\system32\drivers\PDFRAME.sys []
S3 PDRELI;PDRELI; C:\WINDOWS\system32\drivers\PDRELI.sys []
S3 PDRFRAME;PDRFRAME; C:\WINDOWS\system32\drivers\PDRFRAME.sys []
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2003-03-25 18974]
S3 Secdrv;Secdrv; C:\WINDOWS\system32\DRIVERS\secdrv.sys [2007-11-13 20480]
S3 splitter;Microsoft Kernel Audio Splitter; C:\WINDOWS\system32\drivers\splitter.sys [2007-02-17 7680]
S3 swmidi;Microsoft Kernel GS Wavetable Synthesizer; C:\WINDOWS\system32\drivers\swmidi.sys [2007-02-17 58368]
S3 sysaudio;Microsoft Kernel System Audio Device; C:\WINDOWS\system32\drivers\sysaudio.sys [2007-02-17 60928]
S3 TDPIPE;TDPIPE; C:\WINDOWS\system32\drivers\TDPIPE.sys [2007-02-17 12936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-17 28160]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2007-02-17 24064]
S3 WDICA;WDICA; C:\WINDOWS\system32\drivers\WDICA.sys []
S3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver; C:\WINDOWS\system32\drivers\wdmaud.sys [2007-02-17 83968]
S3 WLBS;Vyrovnávání zatížení sítě; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 177152]
S4 Abiosdsk;Abiosdsk; C:\WINDOWS\system32\drivers\Abiosdsk.sys []
S4 ACPIEC;ACPIEC; C:\WINDOWS\system32\drivers\ACPIEC.sys [2005-03-25 13312]
S4 adpu160m;adpu160m; C:\WINDOWS\system32\drivers\adpu160m.sys []
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 afcnt;afcnt; C:\WINDOWS\system32\drivers\afcnt.sys []
S4 aic78u2;aic78u2; C:\WINDOWS\system32\drivers\aic78u2.sys []
S4 aic78xx;aic78xx; C:\WINDOWS\system32\drivers\aic78xx.sys []
S4 AliIde;AliIde; C:\WINDOWS\system32\drivers\AliIde.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys [2007-02-17 7680]
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys [2007-02-17 43520]
S4 Atdisk;Atdisk; C:\WINDOWS\system32\drivers\Atdisk.sys []
S4 cbidf2k;cbidf2k; C:\WINDOWS\system32\drivers\cbidf2k.sys [2005-03-25 15360]
S4 cd20xrnt;cd20xrnt; C:\WINDOWS\system32\drivers\cd20xrnt.sys []
S4 Cdfs;Cdfs; C:\WINDOWS\system32\drivers\Cdfs.sys [2007-02-17 65536]
S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 69120]
S4 CmdIde;CmdIde; C:\WINDOWS\system32\drivers\CmdIde.sys []
S4 Cpqarray;Cpqarray; C:\WINDOWS\system32\drivers\Cpqarray.sys []
S4 cpqarry2;cpqarry2; C:\WINDOWS\system32\drivers\cpqarry2.sys []
S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []
S4 cpqfcalm;cpqfcalm; C:\WINDOWS\system32\drivers\cpqfcalm.sys []
S4 dac2w2k;dac2w2k; C:\WINDOWS\system32\drivers\dac2w2k.sys []
S4 dac960nt;dac960nt; C:\WINDOWS\system32\drivers\dac960nt.sys []
S4 dellcerc;dellcerc; C:\WINDOWS\system32\drivers\dellcerc.sys []
S4 dmboot;dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [2007-02-17 268800]
S4 dpti2o;dpti2o; C:\WINDOWS\system32\drivers\dpti2o.sys []
S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []
S4 Fastfat;Fastfat; C:\WINDOWS\system32\drivers\Fastfat.sys [2014-09-05 151040]
S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys [2007-02-17 23552]
S4 hpn;hpn; C:\WINDOWS\system32\drivers\hpn.sys []
S4 hpt3xx;hpt3xx; C:\WINDOWS\system32\drivers\hpt3xx.sys []
S4 i2omp;i2omp; C:\WINDOWS\system32\drivers\i2omp.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 ipsraidn;ipsraidn; C:\WINDOWS\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []
S4 mraid35x;mraid35x; C:\WINDOWS\system32\drivers\mraid35x.sys []
S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []
S4 Pcmcia;Pcmcia; C:\WINDOWS\system32\drivers\Pcmcia.sys [2007-02-17 121856]
S4 perc2;perc2; C:\WINDOWS\system32\drivers\perc2.sys []
S4 perc2hib;perc2hib; C:\WINDOWS\system32\drivers\perc2hib.sys []
S4 ql1080;ql1080; C:\WINDOWS\system32\drivers\ql1080.sys []
S4 Ql10wnt;Ql10wnt; C:\WINDOWS\system32\drivers\Ql10wnt.sys []
S4 ql12160;ql12160; C:\WINDOWS\system32\drivers\ql12160.sys []
S4 ql1240;ql1240; C:\WINDOWS\system32\drivers\ql1240.sys []
S4 ql1280;ql1280; C:\WINDOWS\system32\drivers\ql1280.sys []
S4 ql2100;ql2100; C:\WINDOWS\system32\drivers\ql2100.sys []
S4 ql2200;ql2200; C:\WINDOWS\system32\drivers\ql2200.sys []
S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []
S4 Simbad;Simbad; C:\WINDOWS\system32\drivers\Simbad.sys []
S4 sym_hi;sym_hi; C:\WINDOWS\system32\drivers\sym_hi.sys []
S4 sym_u3;sym_u3; C:\WINDOWS\system32\drivers\sym_u3.sys []
S4 symc810;symc810; C:\WINDOWS\system32\drivers\symc810.sys []
S4 symc8xx;symc8xx; C:\WINDOWS\system32\drivers\symc8xx.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []
S4 TosIde;TosIde; C:\WINDOWS\system32\drivers\TosIde.sys []
S4 Udfs;Udfs; C:\WINDOWS\system32\drivers\Udfs.sys [2007-02-17 67584]
S4 ultra;ultra; C:\WINDOWS\system32\drivers\ultra.sys []
S4 ViaIde;ViaIde; C:\WINDOWS\system32\drivers\ViaIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Služba vyhledávání zkušeností aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 AudioSrv;Zvuk systému Windows; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Browser;Prohledávání počítačů; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 CryptSvc;Šifrování; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 DcomLaunch;Spouštěč procesů serveru DCOM; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 Dhcp;Klient DHCP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 dmserver;Správce logických disků; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Dnscache;Klient DNS; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET File Security\ekrn.exe [2017-12-05 1995184]
R2 ERSvc;Zasílání zpráv o chybách; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Eventlog;Protokol událostí; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 EventSystem;Systém událostí COM+; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 helpsvc;Nápověda a odborná pomoc; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]
R2 lanmanserver;Server; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 lanmanworkstation;Pracovní stanice; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 LmHosts;Podpora rozhraní NetBIOS nad protokolem TCP/IP; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 MSDTC;Koordinátor DTC; C:\WINDOWS\system32\msdtc.exe [2008-07-23 6144]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 PlugPlay;Plug and Play; C:\WINDOWS\system32\services.exe [2009-02-09 113664]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 PolicyAgent;Služby IPSEC; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 ProtectedStorage;Chráněné úložiště; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 RemoteRegistry;Vzdálený registr; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 RpcSs;Vzdálené volání procedur (RPC); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SamSs;Správce zabezpečení účtů; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R2 seclogon;Sekundární přihlašování; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 SENS;Oznamování systémových událostí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SharedAccess;Brána Firewall / Sdílení připojení k Internetu (ICS); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ShellHWDetection;Rozpoznávání hardwaru; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Schedule;Plánovač úloh; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Spooler;Zařazování tisku; C:\WINDOWS\system32\spoolsv.exe [2010-08-17 58880]
R2 TermServLicensing;Správa licencí Terminálového serveru; C:\WINDOWS\system32\lserver.exe [2007-02-17 351744]
R2 TrkWks;Klient služby sledování distribuovaných propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 W32Time;Systémový čas; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 W3SVC;Služba Publikování na webu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 winmgmt;Služba WMI; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 wuauserv;Automatické aktualizace; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WZCSVC;Konfigurace bezdrátových zařízení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 ALG;Služba brány aplikačního rozhraní; C:\WINDOWS\System32\alg.exe [2007-02-17 45056]
R3 HTTPFilter;Služba HTTP SSL; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
R3 Netman;Síťová připojení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 Nla;Sledování umístění v síti (NLA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 RasMan;Správce vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 TapiSrv;Telefonní subsystém; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 TermService;Terminálová služba; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Ias;Ias; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S2 Iprip;Iprip; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
S2 SysmonLog;Výstrahy a protokolování výkonu; C:\WINDOWS\system32\smlogsvc.exe [2007-02-17 96768]
S3 AppMgmt;Správa aplikací; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 BITS;Služba inteligentního přenosu na pozadí; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 COMSysApp;Systémové aplikace modelu COM+; C:\WINDOWS\system32\dllhost.exe [2007-02-17 5632]
S3 Dfs;Systém souborů DFS; C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 164864]
S3 dmadmin;Služba správy pro Správce logických disků; C:\WINDOWS\System32\dmadmin.exe [2007-02-17 235008]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET File Security\ehttpsrv.exe [2017-12-05 43640]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-04-26 147624]
S3 MSIServer;Služba Windows Installer; C:\WINDOWS\system32\msiexec.exe [2015-06-26 96256]
S3 Netlogon;Přihlašování k síti; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
S3 NtFrs;Replikace souborů; C:\WINDOWS\system32\ntfrs.exe [2007-02-17 792576]
S3 NtLmSsp;Zprostředkovatel zabezpečení NT LM; C:\WINDOWS\system32\lsass.exe [2005-03-25 16384]
S3 NtmsSvc;Vyměnitelné úložiště; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 RasAuto;Správce automatického připojení pomocí vzdáleného přístupu; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 RDSessMgr;Správce relací nápovědy ke vzdálené ploše; C:\WINDOWS\system32\sessmgr.exe [2007-02-17 124928]
S3 RpcLocator;Lokátor vzdáleného volání procedur (RPC); C:\WINDOWS\system32\locator.exe [2005-03-25 71680]
S3 RSoPProv;Poskytovatel výsledné sady zásad; C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 67072]
S3 sacsvr;Pomocník pro práci se speciální konzolou pro správu; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 SCardSvr;Smart Card; C:\WINDOWS\System32\SCardSvr.exe [2007-02-17 92160]
S3 swprv;Microsoft Software Shadow Copy Provider; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2007-02-17 39424]
S3 UPS;Nepřerušitelný zdroj napájení (UPS); C:\WINDOWS\System32\ups.exe [2005-03-25 16896]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-17 353280]
S3 VSS;Stínová kopie svazku; C:\WINDOWS\System32\vssvc.exe [2007-02-17 837632]
S3 WinHttpAutoProxySvc;Služba WinHTTP WPAD; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 Wmi;Rozšíření ovladače WMI; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 WmiApSrv;Adaptér výkonu služby WMI; C:\WINDOWS\system32\wbem\wmiapsrv.exe [2007-02-17 127488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 xmlprov;Služba pro síťová ustanovení; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 Alerter;Výstrahy; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 CiSvc;Indexing Service; C:\WINDOWS\system32\cisvc.exe [2007-02-17 6656]
S4 ClipSrv;Síťová schránka; C:\WINDOWS\system32\clipsrv.exe [2005-03-25 32256]
S4 HidServ;Přístup k zařízením standardu HID; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 ImapiService;Služba modelu COM pro zápis na disk CD (IMAPI); C:\WINDOWS\system32\imapi.exe [2007-02-17 157184]
S4 IsmServ;Mezisíťové zasílání zpráv; C:\WINDOWS\System32\ismserv.exe [2007-02-17 40448]
S4 kdc;Centrum distribuce klíčů modulu Kerberos; C:\WINDOWS\System32\lsass.exe [2005-03-25 16384]
S4 LicenseService;Protokolování licence; C:\WINDOWS\System32\llssrv.exe [2007-02-17 94720]
S4 Messenger;Kurýrní služba; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 mnmsrvc;NetMeeting - Vzdálené sdílení plochy; C:\WINDOWS\system32\mnmsrvc.exe [2007-02-17 32768]
S4 NetDDE;Služba DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetDDEdsdm;Správce DSDM služby DDE v síti; C:\WINDOWS\system32\netdde.exe [2007-02-17 111104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RemoteAccess;Směrování a vzdálený přístup; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 stisvc;Načítání obrázků (WIA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Themes;Motivy; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 TrkSvr;Server sledování distribuovaného propojení; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-02-17 71168]
S4 WebClient;Webový klient; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

-----------------EOF-----------------

#12 Příspěvek od **Rudy** » 17 úno 2018 11:46

OK. Udělejte kompletní sken MBAM: https://malwarebytes-anti-malware.en.up ... load/42997 a dejte log. Předem nic nemažte. Hlášku vybízející ke stažení novější verze ignorujte, zřejmě by nefungovala.

Berger · #13 Příspěvek od **Berger** » 17 úno 2018 14:56

Provedeno, ale nebylo nalazeno nic, tedy bylo nalezeno
C:\Temp2\RECYCLER.ZIP (RiskWare.BitCoinMiner)
to je, ale mnou za zálohovaný problematicky obsah c:\RECYCLER ve stavu v jaké byl dnes ráno.

Kód: Vybrat vše

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2018.02.17.03

Windows Server 2003 Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
SPRAVCE :: SERVER [administrátor]

Ochrana: Povolena

17.2.2018 14:11:24
MBAM-log-2018-02-17 (14-49-30).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 380848
Uplynulý čas: 24 minut, 9 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Temp2\RECYCLER.ZIP (RiskWare.BitCoinMiner) -> Nebyla provedena žádná instrukce.

(konec)

#14 Příspěvek od **Rudy** » 17 úno 2018 15:08

Takže tam zřejmě nic není.

Berger · #15 Příspěvek od **Berger** » 03 bře 2018 23:20

Rudy píše:Takže tam zřejmě nic není.

Těžko říci, v každém případě 28.2.2018 v 23:25:00 se v tempu opět objevil infikovaný smss.exe , o dvě vteřiny později i nvxmrsync.exe což samotný těžební program.

Kód: Vybrat vše

v 23:28 vidím v logu několik přihlášení uživatele  IUSR_SERVER coz je Zabudovaný účet pro anonymní přístup k internetové informační službě
v 23:30:02 hlasí II7 Proces obsluhující fond aplikací DefaultAppPool byl neočekávaně ukončen. ID procesu je 3776. Kód ukončení procesu je 0x80.
v 23:30:29 mam v logu  :Chybující aplikace smss.exe, verze 0.0.0.0, chybující modul smss.exe, verze 0.0.0.0, adresa chyby 0x00003819.

vzhledeme k casu je jisté, ze ve firmě nikdo nebyl, cili nehrozi utok z vnitřní sítě, žádny uživatel nebyl prijlasen ani přes terminal, bud někdo z venku pouziva nejou dir v II7 nebo tam ještle nekde neco bezi, i když fakt nevim co protože v dany čas se nepoušti ani žadná naplánovaná uloha.
Spousteni infikovaného smss.exe se opět pridalo do pospusteni .takze jsme to znovu sestřelil, promazal, zkontroloval a restartoval.
Ted se to opět tvaři jako čisté otázka je jak dlouho to vydrží a hlavně kde je ta dira.

VIRY.CZ

Generic.Application.CoinMiner jak odstrnit respektive ...

Generic.Application.CoinMiner jak odstrnit respektive ...

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..

Re: Generic.Application.CoinMiner jak odstrnit respektive ..