Problémy se objevily kolem detekce Hacktool.Rootkit - jeho přetrvávající detekce, neustálé výstrahy od Nortnu, kdy je aktérem C:\Windows\System32\svchost.exe, celkově rychlost počítače, další dílčí problémy s Windows Centrem zabezpečení, adobe, atd...
Nevím jestli to je důležité, ale podezřelé konfigurace systému okolo okamžiku první blokace rootkitu (viz. Norton historie zabezpečení):
1.1 ms.exe konfiguroval C:\Users\Jenda\appdata\local\temp\gryxstif.exe
2.1 gryxstif.exe konfiguroval
C:\Users\Jenda\appdata\local\temp\vxckqoyl.sys
2.2 \registry\machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\donotallowexceptions
2.3 \registry\machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\disablenotofications
2.4 \registry\machine\software\microsoft\windows\currentversion\run\windows defender
2.5 \registry\machine\software\microsoft\windows NT\currentversion\winlofon\userinit
3.1 omedqrgy.exe konfiguroval opět C:\Users\Jenda\appdata\local\temp\gryxstif.exe
později ještě
4.1 asghost.exe konfiguroval C:\Windows\System32\SndVol.exe
4.2 asghost.exe konfiguroval \registry\machine\software\microsoft\internet Explorer\extensions\{1009C944-97D5-44A9-DFF54F498968}ClsidExtension
5.1 adobe gamma loader.exe konfiguroval C:\program foles\common files\adobe\calibration\988s5inlt
pak ještě nějaké konfigurace, když začlo v historii zabezpečení naskakovat "zajímavým" tempem..jesli by to mohlo "pomoct" tak, kdyžak napiště a já to prohledám a vypíšu tady zbytek
...snad správně vložím ten log...PS: můžu vložit i logy z Gmeru, jestli to "pomůže"..
_____________________________________________________________________________________
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jenda at 2012-11-03 07:09:46
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 3070 MB (42% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-902740715-3543083593-2925968300-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-902740715-3543083593-2925968300-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\gaotgyes.default
prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7.2, {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.9&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\gaotgyes.default\extensions\
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{800b5000-a755-47e1-992b-48a1c1357f07}
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\gaotgyes.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin.xml
wikipedia-eng.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll [2011-09-22 378736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.DLL [2009-08-22 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2011-02-09 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 70928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll [2011-09-22 378736]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936]
"P2Go_Menu"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-23 7766016]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-16 178712]
"IaNvSrv"=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2008-05-03 33304]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 163840]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-01 6025216]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-01-25 1208320]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-07 1029416]
"CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-22 120832]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2008-02-01 61440]
"PowerForPhone"=C:\Program Files\P4P\P4P.exe [2007-08-03 778240]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2008-08-31 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2008-08-31 47672]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"WD Quick View"=C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [2012-09-19 5236664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Google Update"=C:\Users\Jenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 136176]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"OmeDqrgy"=C:\Users\Jenda\AppData\Local\ggmngrwi\omedqrgy.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave2"=serwvdrv.dll
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.FMVC"=fmcodec.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-11-03 07:04:10 ----D---- C:\Program Files\trend micro
2012-11-03 07:04:08 ----D---- C:\rsit
2012-11-02 21:27:33 ----A---- C:\kwtoypob.sys
2012-10-29 14:09:56 ----SHD---- C:\found.006
2012-10-10 14:02:33 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-10 14:02:33 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-10 14:02:33 ----A---- C:\Windows\system32\crypt32.dll
2012-10-10 14:00:50 ----A---- C:\Windows\system32\wintrust.dll
2012-10-10 13:59:42 ----A---- C:\Windows\system32\tzres.dll
2012-10-10 13:58:53 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-10 13:58:53 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-10-08 20:06:28 ----D---- C:\Users\Jenda\AppData\Roaming\BSplayer Pro
2012-10-08 20:06:27 ----D---- C:\Program Files\Webteh
======List of files/folders modified in the last 1 month======
2012-11-03 07:09:45 ----SHD---- C:\System Volume Information
2012-11-03 07:06:41 ----D---- C:\Windows\Temp
2012-11-03 07:04:10 ----RD---- C:\Program Files
2012-11-02 20:40:58 ----D---- C:\Program Files\gretl
2012-11-02 19:13:47 ----D---- C:\Windows\System32
2012-11-02 19:13:47 ----D---- C:\Windows\inf
2012-11-02 19:13:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-02 17:02:08 ----D---- C:\Users\Jenda\AppData\Roaming\Media Player Classic
2012-11-02 17:02:08 ----D---- C:\Users\Jenda\AppData\Roaming\BitTorrent
2012-11-01 16:38:14 ----A---- C:\Windows\system32\acovcnt.exe
2012-10-31 18:02:34 ----D---- C:\Users\Jenda\AppData\Roaming\ICQ
2012-10-30 21:08:32 ----D---- C:\Program Files\Common Files\ESRI
2012-10-29 19:44:19 ----D---- C:\Program Files\Diablo III
2012-10-29 19:39:39 ----D---- C:\Program Files\ATK Hotkey
2012-10-29 17:11:09 ----D---- C:\Windows\system32\catroot2
2012-10-29 16:51:05 ----D---- C:\Program Files\Diablo II
2012-10-29 16:32:42 ----D---- C:\Program Files\Common Files\LightScribe
2012-10-29 15:42:55 ----D---- C:\Windows\system32\wbem
2012-10-29 15:42:55 ----D---- C:\Windows
2012-10-29 15:41:48 ----D---- C:\Program Files\Common Files\AVerMedia
2012-10-29 15:41:47 ----D---- C:\Program Files\ATKGFNEX
2012-10-29 15:41:40 ----D---- C:\Windows\Tasks
2012-10-29 15:41:40 ----D---- C:\Windows\system32\Tasks
2012-10-29 15:41:39 ----D---- C:\Windows\system32\spool
2012-10-29 15:41:38 ----SHD---- C:\Windows\Installer
2012-10-29 15:41:31 ----D---- C:\ProgramData\P4G
2012-10-29 15:41:18 ----D---- C:\Windows\registration
2012-10-29 13:59:17 ----HD---- C:\ProgramData
2012-10-25 18:23:16 ----D---- C:\ProgramData\Microsoft Help
2012-10-21 12:55:33 ----D---- C:\Windows\Prefetch
2012-10-14 21:39:20 ----D---- C:\Windows\system32\catroot
2012-10-14 21:38:50 ----D---- C:\Program Files\Western Digital
2012-10-14 21:38:17 ----D---- C:\ProgramData\Western Digital
2012-10-11 15:03:56 ----D---- C:\Windows\rescache
2012-10-11 09:31:44 ----D---- C:\Windows\winsxs
2012-10-11 08:39:51 ----D---- C:\Windows\system32\cs-CZ
2012-10-11 00:04:19 ----A---- C:\Windows\system32\mrt.exe
2012-10-08 20:08:04 ----D---- C:\Users\Jenda\AppData\Roaming\BSplayer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaNvStor;Intel(R) Turbo Memory Controller; C:\Windows\system32\DRIVERS\iaNvStor.sys [2008-04-24 226328]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-05-07 317976]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-03 717296]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0308030.006\SYMEFA.SYS [2009-08-22 310320]
R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\N360\0308030.006\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\N360\0308030.006\ccHPx86.sys [2011-09-22 467592]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-08-01 376480]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20121102.001\IDSvix86.sys [2012-09-01 386720]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0308030.006\SRTSPX.SYS [2009-08-22 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-22 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0308030.006\SYMTDI.SYS [2011-09-22 217464]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-10-30 279712]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-10-30 25888]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-09 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-17 146824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-01 106656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-01 2113624]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-25 5632]
R3 kwtoypob;kwtoypob; \??\C:\kwtoypob.sys [2012-11-02 100864]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20121102.008\NAVENG.SYS [2012-09-05 92704]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20121102.008\NAVEX15.SYS [2012-09-05 1601184]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2008-01-25 1090304]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0308030.006\SRTSP.SYS [2009-08-22 308272]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-11-08 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0308030.006\SYMFW.SYS [2011-09-22 89976]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0308030.006\SYMNDISV.SYS [2011-09-22 48760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-07 196400]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\Windows\system32\drivers\AVerFx2hbtv.sys [2009-07-01 436480]
S3 awl0fhm0;awl0fhm0; C:\Windows\system32\drivers\awl0fhm0.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-10 25280]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2012-04-11 11520]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-29 667648]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-10 518696]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-16 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [2011-09-22 117648]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 WDBackup;WD Backup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-09-19 1157056]
R2 WDDriveService;WD Drive Manager; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-19 248248]
R2 WDRulesService;WD Rules; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-09-19 1177536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-12 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
..budu muset rozdělit
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit
Přispějete na provoz fóra?