nooeqar.exe nic ho nedá pryč

Zpráva

Jarda62 · #1 Příspěvek od **Jarda62** » 03 led 2010 15:54

Dobrý den, dnes sem zapl počítač a vyskočilo na me toto okno:

Samozdřejmě sem na nic neklikal. Teď mě už neotravuje ale v pc je na 100% nějaká havěť. Třeba nooeqar.exe. Dával sem kontrolu přes Spybota a když dohledal tak sem dal opravit a PROGRAM PŘESTAL PRACOVAT. A i na podruhé to udělalo. Tak jsem ještě zapnul Eset online Scanner a zas ROGRAM PŘESTAL PRACOVAT. A ještě procesor mi jel na 100% teď už mi jede cca. na 60% v klidu.
Mám W7 takže log asi nebude kompletní. Díky každému za radu

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jarda62 at 2010-01-03 15:49:06
Microsoft Windows 7 Ultimate
System drive C: has 12 GB (30%) free of 41 GB
Total RAM: 2038 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:24, on 3.1.2010
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\QIP Infium\infium.exe
C:\Users\Jarda62\nooeqar.exe
C:\Program Files\PNotes\PNotes.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jarda62\Documents\MOZILLA\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jarda62.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Infium] "D:\QIP Infium\infium.exe" /isolated /autorun
O4 - HKCU\..\Run: [nooeqar] C:\Users\Jarda62\nooeqar.exe
O4 - HKCU\..\Run: [PUT2VIDQLG] C:\Users\Jarda62\AppData\Local\Temp\c.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: PNotes.lnk = C:\Program Files\PNotes\PNotes.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4776 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3018842908-357977327-1249027298-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3018842908-357977327-1249027298-1001UA.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"Google Update"=C:\Users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-22 133104]
"Infium"=D:\QIP Infium\infium.exe [2009-12-26 6025168]
"nooeqar"=C:\Users\Jarda62\nooeqar.exe [2010-01-03 73728]
"PUT2VIDQLG"=C:\Users\Jarda62\AppData\Local\Temp\c.exe [2010-01-03 176640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2009-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-22 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

C:\Users\Jarda62\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
PNotes.lnk - C:\Program Files\PNotes\PNotes.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll [2009-04-22 236032]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-03 15:49:06 ----D---- C:\rsit
2010-01-03 14:28:56 ----A---- C:\Windows\msb.exe
2010-01-03 13:45:53 ----A---- C:\Windows\msa.exe
2010-01-03 13:45:30 ----A---- C:\Windows\system32\sshnas.dll
2010-01-01 02:50:16 ----D---- C:\Program Files\FileHippo.com
2009-12-31 20:25:44 ----D---- C:\Users\Jarda62\AppData\Roaming\Microsoft Games
2009-12-28 13:22:09 ----D---- C:\Program Files\SystemRequirementsLab
2009-12-19 21:57:01 ----D---- C:\ProgramData\Google
2009-12-19 15:07:50 ----D---- C:\Users\Jarda62\AppData\Roaming\esmska
2009-12-15 20:34:22 ----A---- C:\Windows\system32\javaws.exe
2009-12-15 20:34:22 ----A---- C:\Windows\system32\javaw.exe
2009-12-15 20:34:22 ----A---- C:\Windows\system32\java.exe
2009-12-12 11:50:28 ----D---- C:\Program Files\Microsoft Works
2009-12-12 11:50:14 ----D---- C:\Program Files\Microsoft Visual Studio
2009-12-12 11:50:14 ----D---- C:\Program Files\Common Files\DESIGNER
2009-12-12 11:50:02 ----D---- C:\Program Files\Microsoft.NET
2009-12-12 11:47:22 ----D---- C:\ProgramData\Microsoft Help
2009-12-12 11:46:29 ----RHD---- C:\MSOCache
2009-12-06 15:11:55 ----D---- C:\Program Files\pspvc
2009-12-06 15:11:55 ----A---- C:\Windows\pspvc_path.ini
2009-12-06 11:37:06 ----D---- C:\Users\Jarda62\AppData\Roaming\Download Manager
2009-12-05 21:51:15 ----D---- C:\Shoty
2009-12-05 21:50:53 ----D---- C:\Program Files\ScreenShots
2009-12-05 19:55:20 ----D---- C:\Intel
2009-12-04 12:50:20 ----A---- C:\Windows\system32\wvc1dmod.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\vp7vfw.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\sipr3260.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\Pncrt.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\drv43260.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\drv33260.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\drv23260.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\cook3260.dll
2009-12-04 12:50:19 ----D---- C:\Program Files\VSO

======List of files/folders modified in the last 1 months======

2010-01-03 15:49:19 ----D---- C:\Windows\Temp
2010-01-03 15:47:47 ----D---- C:\Program Files\Mozilla Firefox
2010-01-03 15:46:30 ----SHD---- C:\System Volume Information
2010-01-03 15:36:00 ----D---- C:\ProgramData\Spyware Terminator
2010-01-03 15:36:00 ----D---- C:\Program Files\Spyware Terminator
2010-01-03 15:30:57 ----D---- C:\Users\Jarda62\AppData\Roaming\Spyware Terminator
2010-01-03 15:19:49 ----D---- C:\Windows\System32
2010-01-03 15:19:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-03 15:19:48 ----D---- C:\Windows\inf
2010-01-03 15:16:26 ----D---- C:\Windows\system32\Tasks
2010-01-03 15:15:44 ----D---- C:\Windows\system32\LogFiles
2010-01-03 15:10:33 ----D---- C:\Windows\system32\config
2010-01-03 15:07:53 ----D---- C:\Windows\system32\catroot2
2010-01-03 15:04:02 ----D---- C:\Windows\Tasks
2010-01-03 14:29:43 ----D---- C:\Windows
2010-01-03 14:28:26 ----D---- C:\Windows\Minidump
2010-01-03 13:51:56 ----D---- C:\Windows\Prefetch
2010-01-03 13:47:26 ----D---- C:\Program Files\SpeedFan
2010-01-03 13:45:48 ----D---- C:\Windows\system32\drivers
2010-01-02 18:39:41 ----D---- C:\Users\Jarda62\AppData\Roaming\Skype
2010-01-02 17:05:59 ----D---- C:\ProgramData\TrackMania
2010-01-01 16:13:43 ----RD---- C:\Program Files
2010-01-01 12:22:10 ----SHD---- C:\Windows\Installer
2010-01-01 12:22:07 ----D---- C:\Windows\winsxs
2009-12-28 13:22:06 ----D---- C:\Users\Jarda62\AppData\Roaming\SystemRequirementsLab
2009-12-25 20:14:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-21 14:26:55 ----D---- C:\Program Files\WinRAR
2009-12-20 14:07:28 ----D---- C:\Users\Jarda62\AppData\Roaming\WinRAR
2009-12-19 21:57:01 ----HD---- C:\ProgramData
2009-12-19 21:57:01 ----D---- C:\Program Files\Google
2009-12-18 19:42:40 ----D---- C:\Users\Jarda62\AppData\Roaming\Hamachi
2009-12-15 20:34:18 ----D---- C:\Program Files\Java
2009-12-12 12:13:36 ----RSD---- C:\Windows\assembly
2009-12-12 12:05:55 ----SD---- C:\Users\Jarda62\AppData\Roaming\Microsoft
2009-12-12 11:55:05 ----RSD---- C:\Windows\Fonts
2009-12-12 11:55:02 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-12 11:53:18 ----D---- C:\Windows\ShellNew
2009-12-12 11:50:16 ----D---- C:\Program Files\Microsoft Office
2009-12-12 11:50:14 ----D---- C:\Program Files\Common Files
2009-12-11 18:53:54 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-10 19:00:00 ----A---- C:\Windows\system32\ff_vfw.dll
2009-12-06 15:12:46 ----D---- C:\Program Files\AviSynth 2.5
2009-12-06 11:30:47 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-05 20:49:43 ----D---- C:\Users\Jarda62\AppData\Roaming\vlc
2009-12-05 19:56:13 ----D---- C:\Windows\system32\catroot
2009-12-05 19:55:54 ----D---- C:\Windows\system32\DriverStore
2009-12-05 19:55:51 ----D---- C:\Windows\system32\Lang
2009-12-05 14:36:47 ----D---- C:\Windows\system32\oobe
2009-12-04 13:27:02 ----D---- C:\Users\Jarda62\AppData\Roaming\Vso
2009-12-04 12:50:24 ----A---- C:\Users\Jarda62\AppData\Roaming\inst.exe

Jarda62 · #2 Příspěvek od **Jarda62** » 03 led 2010 16:40

Když kombofix dodělal a systém se zapnul tak nooeqar.exe už neni zpuštěný a cpu jede už i na 0%...

ComboFix 10-01-02.05 - Jarda62 03.01.2010 16:27:44.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1250.420.1033.18.2038.1258 [GMT 1:00]
Spuštěný z: c:\users\Jarda62\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jarda62\AppData\Roaming\Desktopicon
c:\users\Jarda62\AppData\Roaming\Desktopicon\config.ini
c:\users\Jarda62\AppData\Roaming\inst.exe
c:\users\Jarda62\nooeqar.exe
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-03 do 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-03 14:49 . 2010-01-03 14:49 -------- d-----w- C:\rsit
2010-01-01 01:50 . 2010-01-01 01:50 -------- d-----w- c:\program files\FileHippo.com
2009-12-31 19:25 . 2009-12-31 19:25 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Microsoft Games
2009-12-28 12:22 . 2009-12-28 12:22 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-28 12:22 . 2009-12-28 12:22 138240 ----a-w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-28 12:22 . 2009-12-28 12:22 138240 ----a-w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-28 12:22 . 2009-12-28 12:22 138240 ----a-w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-28 12:22 . 2009-12-28 12:22 138240 ----a-w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-19 14:07 . 2009-12-19 15:45 -------- d-----w- c:\users\Jarda62\AppData\Roaming\esmska
2009-12-12 10:50 . 2009-12-12 10:54 -------- d-----w- c:\program files\Microsoft Works
2009-12-12 10:50 . 2009-12-12 10:50 -------- d-----w- c:\program files\Microsoft.NET
2009-12-12 10:47 . 2009-12-12 10:47 -------- d-----w- c:\users\Jarda62\AppData\Local\Microsoft Help
2009-12-12 10:47 . 2009-12-12 11:14 -------- d-----w- c:\programdata\Microsoft Help
2009-12-12 10:46 . 2009-12-12 10:46 -------- d-----r- C:\MSOCache
2009-12-06 18:32 . 2007-12-30 04:01 307200 ----a-w- c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-12-06 18:32 . 2007-12-30 04:01 172032 ----a-w- c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-12-06 18:32 . 2007-12-30 04:01 90112 ----a-w- c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-12-06 14:11 . 2009-12-06 14:12 -------- d-----w- c:\program files\pspvc
2009-12-06 10:37 . 2009-12-06 10:37 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Download Manager
2009-12-05 20:51 . 2009-12-05 20:52 -------- d-----w- C:\Shoty
2009-12-05 20:50 . 2009-12-05 20:51 -------- d-----w- c:\program files\ScreenShots
2009-12-05 18:55 . 2009-12-05 18:55 -------- d-----w- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 15:31 . 2009-06-11 14:31 622022 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 15:31 . 2009-06-11 14:31 118356 ----a-w- c:\windows\system32\perfc005.dat
2010-01-03 14:36 . 2009-07-12 10:09 -------- d-----w- c:\programdata\Spyware Terminator
2010-01-03 14:36 . 2009-07-12 10:09 -------- d-----w- c:\program files\Spyware Terminator
2010-01-03 14:30 . 2009-07-12 10:09 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Spyware Terminator
2010-01-03 12:47 . 2009-08-14 07:43 -------- d-----w- c:\program files\SpeedFan
2010-01-02 17:39 . 2009-06-11 17:11 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Skype
2010-01-02 16:05 . 2009-07-25 20:31 -------- d-----w- c:\programdata\TrackMania
2009-12-28 12:22 . 2009-08-17 15:03 -------- d-----w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab
2009-12-25 19:14 . 2009-06-17 18:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-19 20:57 . 2009-07-22 13:47 -------- d-----w- c:\program files\Google
2009-12-18 18:42 . 2009-06-24 13:30 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Hamachi
2009-12-15 19:34 . 2009-06-15 17:56 -------- d-----w- c:\program files\Java
2009-12-12 18:35 . 2009-06-11 14:55 85704 ----a-w- c:\users\Jarda62\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-11 17:53 . 2009-10-28 11:14 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-10 18:00 . 2009-10-28 11:14 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-06 14:12 . 2009-07-05 09:06 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-06 10:30 . 2009-06-11 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-05 19:49 . 2009-08-19 12:49 -------- d-----w- c:\users\Jarda62\AppData\Roaming\vlc
2009-12-04 12:27 . 2009-08-14 07:38 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Vso
2009-12-04 11:50 . 2009-08-14 07:38 47360 ----a-w- c:\users\Jarda62\AppData\Roaming\pcouffin.sys
2009-12-04 11:50 . 2009-08-14 07:38 47360 ----a-w- c:\users\Jarda62\AppData\Roaming\pcouffin.sys
2009-12-04 11:50 . 2009-12-04 11:50 -------- d-----w- c:\program files\VSO
2009-11-28 10:55 . 2009-11-28 10:55 -------- d-----w- c:\program files\Lavalys
2009-11-28 10:41 . 2009-11-28 10:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-28 10:41 . 2009-06-15 15:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-28 10:40 . 2009-06-15 15:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-27 15:54 . 2009-06-11 17:12 -------- d-----w- c:\users\Jarda62\AppData\Roaming\skypePM
2009-11-25 15:12 . 2009-11-25 15:12 -------- d-----w- c:\program files\Download YouTube Video
2009-11-21 09:30 . 2009-11-21 09:30 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-18 15:46 . 2009-08-21 16:11 -------- d-----w- c:\users\Jarda62\AppData\Roaming\dvdcss
2009-11-16 19:22 . 2009-11-16 19:22 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-11-15 13:26 . 2009-11-15 13:26 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-15 13:26 . 2009-11-15 13:26 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-15 13:26 . 2009-11-15 13:26 -------- d-----w- c:\program files\OpenAL
2009-11-06 18:08 . 2009-11-06 16:06 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Ventrilo
2009-11-06 16:09 . 2009-11-06 16:09 -------- d-----w- c:\program files\Ventrilo
2009-11-06 16:08 . 2009-11-06 16:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-05 18:01 . 2009-11-03 21:43 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-05 17:11 . 2009-11-05 17:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 19:42 . 2009-09-30 12:29 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 14:57 . 2009-07-19 23:05 1002008 ----a-w- c:\windows\system32\igxpun.exe
2009-10-13 01:16 . 2009-10-13 01:16 49152 ----a-w- c:\windows\system32\drivers\l160x86.sys
2009-10-11 03:17 . 2009-06-15 17:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-22 133104]
"Infium"="d:\qip infium\infium.exe" [2009-12-26 6025168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\Jarda62\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PNotes.lnk - c:\program files\PNotes\PNotes.exe [2009-10-6 699392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-08-14 15:04 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-22 13:47 133104 ----atw- c:\users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

R0 amdxata;amdxata;c:\windows\System32\drivers\amdxata.sys [22.4.2009 3:07 23120]
R0 CLFS;Systém souborů CLFS;c:\windows\System32\clfs.sys [22.4.2009 4:08 249424]
R0 CNG;CNG;c:\windows\System32\drivers\cng.sys [22.4.2009 4:31 369056]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [22.4.2009 4:19 58448]
R0 fvevol;Ovladač filtru nástroje Bitlocker Drive Encryption;c:\windows\System32\drivers\fvevol.sys [22.4.2009 4:10 194488]
R0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [22.4.2009 4:08 13904]
R0 KSecPkg;KSecPkg;c:\windows\System32\drivers\ksecpkg.sys [22.4.2009 4:32 133200]
R0 msisadrv;msisadrv;c:\windows\System32\drivers\msisadrv.sys [22.4.2009 4:08 13904]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [22.4.2009 4:08 42576]
R0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [22.4.2009 4:19 173648]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [22.4.2009 1:36 17488]
R0 storflt;Diskový ovladač filtru akcelerace sběrnice virtuálního počítače;c:\windows\System32\drivers\vmstorfl.sys [22.4.2009 11:23 40912]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\System32\drivers\vdrvroot.sys [22.4.2009 4:44 32848]
R0 volmgr;Volume Manager Driver;c:\windows\System32\drivers\volmgr.sys [22.4.2009 4:08 52304]
R0 volmgrx;Správce dynamických svazků;c:\windows\System32\drivers\volmgrx.sys [22.4.2009 4:09 297040]
R1 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [22.4.2009 4:20 35328]
R1 CSC;Ovladač souborů pro režim offline;c:\windows\System32\drivers\csc.sys [22.4.2009 4:12 387584]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [22.4.2009 4:11 78336]
R1 discache;System Attribute Cache;c:\windows\System32\drivers\discache.sys [22.4.2009 4:21 32768]
R1 nsiproxy;NSI proxy service driver.;c:\windows\System32\drivers\nsiproxy.sys [22.4.2009 4:09 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [22.4.2009 5:00 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\System32\drivers\RDPREFMP.sys [22.4.2009 5:00 7168]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [12.7.2009 11:09 142592]
R1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;c:\windows\System32\drivers\tdx.sys [22.4.2009 4:09 74240]
R1 Wanarpv6;Ovladač pro vzdálený přístup IPv6 ARP;c:\windows\System32\drivers\wanarp.sys [22.4.2009 4:53 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\System32\drivers\wfplwf.sys [22.4.2009 4:52 9728]
R2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 BFE;Služba BFE (Base Filtering Engine);c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 CscService;Soubory offline;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 DPS;Služba DPS (Diagnostic Policy Service);c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 FDResPub;Publikování prostředků rozpoznávání funkcí;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
R2 gpsvc;Klient zásad skupiny;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 iphlpsvc;Pomocná služba protokolu IP;c:\windows\System32\svchost.exe -k NetSvcs [22.4.2009 4:16 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [22.4.2009 4:51 48128]
R2 luafv;Virtualizace souborů nástroje Řízení uživatelských účtů;c:\windows\System32\drivers\luafv.sys [22.4.2009 4:13 86528]
R2 MpsSvc;Brána Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 NlaSvc;Sledování umístění v síti (NLA);c:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
R2 nsi;Služba rozhraní síťového úložiště;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [22.4.2009 4:33 586752]
R2 Power;Napájení;c:\windows\system32\svchost.exe -k DcomLaunch [22.4.2009 4:16 20992]
R2 ProfSvc;Služba Profil uživatele;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 RpcEptMapper;Mapovač koncových bodů protokolu RPC;c:\windows\system32\svchost.exe -k RPCSS [22.4.2009 4:16 20992]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [22.4.2009 4:52 34816]
R2 UxSms;Správce relací správce oken plochy;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [22.4.2009 4:16 20992]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [13.10.2009 2:16 49152]
R3 bowser;Ovladač podpory prohlížeče;c:\windows\System32\drivers\bowser.sys [22.4.2009 4:11 69632]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\System32\drivers\CompositeBus.sys [22.4.2009 4:43 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [22.4.2009 4:23 720384]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\drivers\monitor.sys [22.4.2009 4:23 23552]
R3 mpsdrv;Ovladač ověření brány Windows Firewall;c:\windows\System32\drivers\mpsdrv.sys [22.4.2009 4:51 60416]
R3 mrxsmb10;Mini-přesměrovač SMB 1.x;c:\windows\System32\drivers\mrxsmb10.sys [22.4.2009 4:11 220672]
R3 mrxsmb20;Mini-přesměrovač SMB 2.0;c:\windows\System32\drivers\mrxsmb20.sys [22.4.2009 4:11 94720]
R3 netprofm;Služba seznamu sítí;c:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\drivers\agilevpn.sys [22.4.2009 4:53 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\drivers\rdpbus.sys [22.4.2009 5:01 18432]
R3 srv2;Ovladač pro server SMB 2.xxx;c:\windows\System32\drivers\srv2.sys [14.10.2009 14:55 306688]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [22.4.2009 4:12 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [22.4.2009 4:52 108032]
R3 umbus;UMBus Enumerator Driver;c:\windows\System32\drivers\umbus.sys [24.6.2009 11:17 39936]
R3 WdiServiceHost;Hostitel diagnostické služby;c:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 WdiSystemHost;Hostitel diagnostického systému;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [15.6.2009 16:03 691696]
S2 MMCSS;Služba Plánovač multimédií;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S2 sppsvc;Ochrana před softwarem;c:\windows\System32\sppsvc.exe [22.4.2009 5:44 3179520]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\System32\drivers\1394ohci.sys [22.4.2009 4:50 162816]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\drivers\acpipmi.sys [22.4.2009 4:13 9728]
S3 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [20.3.2009 16:22 422992]
S3 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [22.4.2009 3:07 297552]
S3 amdsata;amdsata;c:\windows\System32\drivers\amdsata.sys [20.3.2009 16:23 77904]
S3 amdsbs;amdsbs;c:\windows\System32\drivers\amdsbs.sys [28.3.2009 5:45 159312]
S3 AppID;Ovladač AppID;c:\windows\System32\drivers\appid.sys [22.4.2009 4:35 50176]
S3 AppIDSvc;Identita aplikace;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 Appinfo;Informace o aplikaci;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [22.4.2009 3:07 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\drivers\bxvbdx.sys [20.3.2009 16:22 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [22.4.2009 3:01 229888]
S3 BDESVC;Služba BitLocker Drive Encryption;c:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [22.4.2009 5:55 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [22.4.2009 5:56 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [22.4.2009 5:53 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [22.4.2009 5:55 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [22.4.2009 5:55 12160]
S3 CertPropSvc;Šíření certifikátů;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [22.4.2009 4:49 37888]
S3 defragsvc;Defragmentace disku;c:\windows\system32\svchost.exe -k defragsvc [22.4.2009 4:16 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\drivers\evbdx.sys [20.3.2009 16:22 3100160]
S3 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [20.3.2009 16:23 453712]
S3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 Filetrace;FileTrace;c:\windows\System32\drivers\filetrace.sys [22.4.2009 4:12 28160]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\drivers\fsdepends.sys [22.4.2009 4:12 45648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\System32\drivers\hcw85cir.sys [22.4.2009 3:52 26624]
S3 HomeGroupListener;Naslouchací proces domácí skupiny;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 HomeGroupProvider;Zprostředkovatel domácích skupin;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
S3 HpSAMD;HpSAMD;c:\windows\System32\drivers\HpSAMD.sys [22.4.2009 3:07 67152]
S3 iaStorV;iaStorV;c:\windows\System32\drivers\iaStorV.sys [15.4.2009 3:30 332368]
S3 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [22.4.2009 4:28 65536]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [22.4.2009 4:44 186960]
S3 KeyIso;Izolace klíče CNG;c:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
S3 KtmRm;Služba KTMRM pro koordinátor DTC;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;c:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [22.4.2009 3:07 95824]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [22.4.2009 3:07 89168]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\drivers\lsi_sas2.sys [22.4.2009 3:07 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [22.4.2009 3:07 96848]
S3 megasas;megasas;c:\windows\System32\drivers\megasas.sys [20.3.2009 16:23 30800]
S3 mpio;mpio;c:\windows\System32\drivers\mpio.sys [22.4.2009 4:44 130640]
S3 msahci;msahci;c:\windows\System32\drivers\msahci.sys [22.4.2009 4:44 27728]
S3 msdsm;msdsm;c:\windows\System32\drivers\msdsm.sys [22.4.2009 4:44 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [22.4.2009 4:49 4096]
S3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [22.4.2009 4:09 162896]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\drivers\MTConfig.sys [22.4.2009 4:45 12288]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [22.4.2009 4:50 267264]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\System32\drivers\ndiscap.sys [22.4.2009 4:51 27136]
S3 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [22.4.2009 3:07 44624]
S3 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [15.4.2009 3:30 142416]
S3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe -k PeerDist [22.4.2009 4:16 20992]
S3 pla;Výstrahy a protokolování výkonu;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;c:\windows\System32\svchost.exe -k LocalServicePeerNet [22.4.2009 4:16 20992]
S3 ql2300;ql2300;c:\windows\System32\drivers\ql2300.sys [20.3.2009 16:23 1383504]
S3 ql40xx;ql40xx;c:\windows\System32\drivers\ql40xx.sys [22.4.2009 3:07 105552]
S3 s3cap;s3cap;c:\windows\System32\drivers\vms3cap.sys [22.4.2009 11:23 5632]
S3 scfilter;Ovladač filtru čipových karet třídy PnP;c:\windows\System32\drivers\scfilter.sys [22.4.2009 4:32 26624]
S3 SCPolicySvc;Zásady odebrání čipové karty;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 SDRSVC;Windows Zálohování;c:\windows\system32\svchost.exe -k SDRSVC [22.4.2009 4:16 20992]
S3 SensrSvc;Adaptivní jas;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [22.4.2009 4:44 12288]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [22.4.2009 3:07 77904]
S3 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);c:\windows\System32\drivers\smb.sys [22.4.2009 4:52 71168]
S3 sppuinotify;Služba Oznámení platformy SPP;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 stexstor;stexstor;c:\windows\System32\drivers\stexstor.sys [22.4.2009 3:07 21072]
S3 storvsc;storvsc;c:\windows\System32\drivers\storvsc.sys [22.4.2009 11:23 28240]
S3 TabletInputService;Služba Vstupní panel počítače Tablet PC;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 TBS;Služba TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 THREADORDER;Server pro řazení podprocesů;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 TrustedInstaller;Instalační služba modulů systému Windows;c:\windows\servicing\TrustedInstaller.exe [22.4.2009 4:20 204800]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [22.4.2009 5:00 30208]
S3 UI0Detect;Zjišťování interaktivních služeb;c:\windows\System32\UI0Detect.exe [22.4.2009 4:35 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [22.4.2009 4:23 57424]
S3 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [22.4.2009 4:49 86016]
S3 VaultSvc;Správce pověření;c:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
S3 vhdmp;vhdmp;c:\windows\System32\drivers\vhdmp.sys [22.4.2009 4:44 158288]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [22.4.2009 4:08 52736]
S3 vmbus;vmbus;c:\windows\System32\drivers\vmbus.sys [22.4.2009 11:23 175824]
S3 VMBusHID;VMBusHID;c:\windows\System32\drivers\VMBusHID.sys [22.4.2009 11:23 17920]
S3 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [20.3.2009 16:23 141904]
S3 vwifibus;Ovladač sběrnice Virtual WiFi;c:\windows\System32\drivers\vwifibus.sys [22.4.2009 4:50 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [22.4.2009 4:45 21632]
S3 wbengine;Služba jádra pro zálohování dat na úrovni bloků;c:\windows\System32\wbengine.exe [22.4.2009 4:21 1203200]
S3 WbioSrvc;Biometrická služba systému Windows;c:\windows\system32\svchost.exe -k WbioSvcGroup [22.4.2009 4:16 20992]
S3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [22.4.2009 4:16 20992]
S3 Wd;Wd;c:\windows\System32\drivers\wd.sys [22.4.2009 4:08 19024]
S3 Wecsvc;Sběr událostí systému Windows;c:\windows\system32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 wercplsupport;Podpora ovládacího panelu Oznámení a řešení problémů;c:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 WerSvc;Služba Zasílání zpráv o chybách systému Windows;c:\windows\System32\svchost.exe -k WerSvcGroup [22.4.2009 4:16 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [22.4.2009 4:15 19024]
S3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 Wlansvc;Automatická konfigurace sítě WLAN;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 WPCSvc;Rodičovská kontrola;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
S3 WPDBusEnum;Služba Výčet přenosných zařízení;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 WwanSvc;Automatická konfigurace sítě WWAN;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S4 Mcx2Svc;Služba zařízení Media Center Extender;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - dkmxgl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Obsah adresáře 'Naplánované úlohy'

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018842908-357977327-1249027298-1001Core.job
- c:\users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-19 13:47]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018842908-357977327-1249027298-1001UA.job
- c:\users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-19 13:47]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Jarda62\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-nooeqar - c:\users\Jarda62\nooeqar.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 16:35
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85B4F841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84ead5f0
QueryNameProcedure -> 0x84eb02f0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dkmxgl]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-01-03 16:38:27
ComboFix-quarantined-files.txt 2010-01-03 15:38

Před spuštěním: Volných bajtů: 12 755 353 600
Po spuštění: Volných bajtů: 12 699 033 600

- - End Of File - - 2C8E61576F8759F73067EB731BEE1685

Jarda62 · #3 Příspěvek od **Jarda62** » 03 led 2010 17:29

Asi rychly sken

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-03 17:13:40
Windows 6.1.7100
Running: gmer.exe; Driver: C:\Users\Jarda62\AppData\Local\Temp\uwldrfob.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85DC0400
Device -> \Driver\atapi \Device\Harddisk0\DR0 85B4F841

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

**********************************************************************

tady je to druhý

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-03 17:28:23
Windows 6.1.7100
Running: gmer.exe; Driver: C:\Users\Jarda62\AppData\Local\Temp\uwldrfob.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A162D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A15898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2E1A8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85DC0400

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 85B4F841

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\dkmxgl@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\dkmxgl@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\dkmxgl@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\dkmxgl@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 2085
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 1185
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x03 0x63 0x34 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xD9 0x1B 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0x66 0x2B 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\services\dkmxgl@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\dkmxgl@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\dkmxgl@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\dkmxgl@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x03 0x63 0x34 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0xD9 0x1B 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0x66 0x2B 0xDC ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Snad je to ono

Jarda62 · #4 Příspěvek od **Jarda62** » 03 led 2010 17:47

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 17:46 on 03/01/2010 by Jarda62 (Administrator - Elevation successful)

========== filefind ==========

Searching for "msb.exe"
No files found.

Searching for "msa.exe"
No files found.

Searching for "sshnas.dll"
No files found.

Searching for "dkmxgl.*"
C:\Windows\System32\drivers\dkmxgl.sys --a--- 767488 bytes [12:45 03/01/2010] [16:46 03/01/2010] (Unable to calculate MD5)

Searching for "atapi.sys"
C:\Windows\ERDNT\cache\atapi.sys --a--- 21584 bytes [15:36 03/01/2010] [05:24 22/04/2009] 80C40F7FDFC376E4C5FEEC28B41C119E
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys --a--- 21584 bytes [03:08 22/04/2009] [05:24 22/04/2009] 80C40F7FDFC376E4C5FEEC28B41C119E
C:\Windows\System32\drivers\atapi.sys --a--- 21584 bytes [03:08 22/04/2009] [05:24 22/04/2009] 80C40F7FDFC376E4C5FEEC28B41C119E
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys --a--- 21584 bytes [03:08 22/04/2009] [05:24 22/04/2009] 80C40F7FDFC376E4C5FEEC28B41C119E

-=End Of File=-

Jarda62 · #5 Příspěvek od **Jarda62** » 03 led 2010 18:11

- zvol moznost Uninstall

Muzu dat jen Install

Jarda62 · #6 Příspěvek od **Jarda62** » 03 led 2010 18:18

defogger_disable by jpshortstuff (28.11.09.2)
Log created at 18:16 on 03/01/2010 (Jarda62)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read dkmxgl.sys
SPTD -> Disabled

-=E.O.F=-

Ve slozce Qoobox se nachazi soubory, ktere byly prvne umistneny na adresach:
c:\users\Jarda62\AppData\Roaming\Desktopicon
c:\users\Jarda62\AppData\Roaming\Desktopicon\config.ini
c:\users\Jarda62\AppData\Roaming\inst.exe
maji priponu *.vir - zazalohuj si je nekam do zipu, dle me false detekce. Zatim neobnovuj do puvodniho umistneni. CF by je pokazde zežral.
Mám tam jen tohle

Jarda62 · #7 Příspěvek od **Jarda62** » 03 led 2010 18:22

Uz to mam. Tak a co ted?

Jarda62 · #8 Příspěvek od **Jarda62** » 03 led 2010 18:26

Stahni dle ze stranek SPTD http://www.duplexsecure.com/en/downloads verzi dle sveho operacniho systemu. SPTD for Windows (32 bit) nebo (64b) na plochu
- spust
- zvol moznost Uninstall
- restart PC

Ale tohle sem neudělal. Nemuzu tam dat to Uninstall

Jarda62 · #9 Příspěvek od **Jarda62** » 03 led 2010 19:01

Píše mi to tam.

Current registry file not found
/Device/HarddiskVolume1/Boot/BCD
Restore This File

ANO NE

Co dát?

Jarda62 · #10 Příspěvek od **Jarda62** » 03 led 2010 19:17

ComboFix kdyz sem tam dal ten textak tak to delalo... a ted se me pta na tohle

Jarda62 · #11 Příspěvek od **Jarda62** » 03 led 2010 19:30

A chtelo to poslat nejaky vzorek malware tak sem dal ano a ze sou pry nedostupne servery...

ComboFix 10-01-02.05 - Jarda62 03.01.2010 18:47:32.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1250.420.1033.18.2038.1164 [GMT 1:00]
Spuštěný z: c:\users\Jarda62\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jarda62\Desktop\CFScript.TXT
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

file zipped: c:\windows\System32\drivers\dkmxgl.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\dkmxgl.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DKMXGL
-------\Service_dkmxgl

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-03 do 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-03 18:20 . 2010-01-03 18:20 -------- d-----w- C:\Device
2010-01-03 17:54 . 2010-01-03 18:22 -------- d-----w- c:\users\Jarda62\AppData\Local\temp
2010-01-03 17:54 . 2010-01-03 17:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-03 14:49 . 2010-01-03 14:49 -------- d-----w- C:\rsit
2010-01-01 01:50 . 2010-01-01 01:50 -------- d-----w- c:\program files\FileHippo.com
2009-12-31 19:25 . 2009-12-31 19:25 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Microsoft Games
2009-12-28 12:22 . 2009-12-28 12:22 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-28 12:22 . 2009-12-28 12:22 138240 ----a-w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-28 12:22 . 2009-12-28 12:22 138240 ----a-w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-28 12:22 . 2009-12-28 12:22 138240 ----a-w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-28 12:22 . 2009-12-28 12:22 138240 ----a-w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-19 14:07 . 2009-12-19 15:45 -------- d-----w- c:\users\Jarda62\AppData\Roaming\esmska
2009-12-12 10:50 . 2009-12-12 10:54 -------- d-----w- c:\program files\Microsoft Works
2009-12-12 10:50 . 2009-12-12 10:50 -------- d-----w- c:\program files\Microsoft.NET
2009-12-12 10:47 . 2009-12-12 10:47 -------- d-----w- c:\users\Jarda62\AppData\Local\Microsoft Help
2009-12-12 10:47 . 2009-12-12 11:14 -------- d-----w- c:\programdata\Microsoft Help
2009-12-12 10:46 . 2009-12-12 10:46 -------- d-----r- C:\MSOCache
2009-12-06 18:32 . 2007-12-30 04:01 307200 ----a-w- c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-12-06 18:32 . 2007-12-30 04:01 172032 ----a-w- c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-12-06 18:32 . 2007-12-30 04:01 90112 ----a-w- c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-12-06 14:11 . 2009-12-06 14:12 -------- d-----w- c:\program files\pspvc
2009-12-06 10:37 . 2009-12-06 10:37 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Download Manager
2009-12-05 20:51 . 2009-12-05 20:52 -------- d-----w- C:\Shoty
2009-12-05 20:50 . 2009-12-05 20:51 -------- d-----w- c:\program files\ScreenShots
2009-12-05 18:55 . 2009-12-05 18:55 -------- d-----w- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 15:41 . 2009-08-14 07:43 -------- d-----w- c:\program files\SpeedFan
2010-01-03 15:31 . 2009-06-11 14:31 622022 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 15:31 . 2009-06-11 14:31 118356 ----a-w- c:\windows\system32\perfc005.dat
2010-01-03 14:36 . 2009-07-12 10:09 -------- d-----w- c:\programdata\Spyware Terminator
2010-01-03 14:36 . 2009-07-12 10:09 -------- d-----w- c:\program files\Spyware Terminator
2010-01-03 14:30 . 2009-07-12 10:09 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Spyware Terminator
2010-01-02 17:39 . 2009-06-11 17:11 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Skype
2010-01-02 16:05 . 2009-07-25 20:31 -------- d-----w- c:\programdata\TrackMania
2009-12-28 12:22 . 2009-08-17 15:03 -------- d-----w- c:\users\Jarda62\AppData\Roaming\SystemRequirementsLab
2009-12-25 19:14 . 2009-06-17 18:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-19 20:57 . 2009-07-22 13:47 -------- d-----w- c:\program files\Google
2009-12-18 18:42 . 2009-06-24 13:30 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Hamachi
2009-12-15 19:34 . 2009-06-15 17:56 -------- d-----w- c:\program files\Java
2009-12-12 18:35 . 2009-06-11 14:55 85704 ----a-w- c:\users\Jarda62\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-11 17:53 . 2009-10-28 11:14 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-10 18:00 . 2009-10-28 11:14 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-06 14:12 . 2009-07-05 09:06 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-06 10:30 . 2009-06-11 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-05 19:49 . 2009-08-19 12:49 -------- d-----w- c:\users\Jarda62\AppData\Roaming\vlc
2009-12-04 12:27 . 2009-08-14 07:38 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Vso
2009-12-04 11:50 . 2009-08-14 07:38 47360 ----a-w- c:\users\Jarda62\AppData\Roaming\pcouffin.sys
2009-12-04 11:50 . 2009-08-14 07:38 47360 ----a-w- c:\users\Jarda62\AppData\Roaming\pcouffin.sys
2009-12-04 11:50 . 2009-12-04 11:50 -------- d-----w- c:\program files\VSO
2009-11-28 10:55 . 2009-11-28 10:55 -------- d-----w- c:\program files\Lavalys
2009-11-28 10:41 . 2009-06-15 15:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-28 10:40 . 2009-06-15 15:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-27 15:54 . 2009-06-11 17:12 -------- d-----w- c:\users\Jarda62\AppData\Roaming\skypePM
2009-11-25 15:12 . 2009-11-25 15:12 -------- d-----w- c:\program files\Download YouTube Video
2009-11-21 09:30 . 2009-11-21 09:30 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-18 15:46 . 2009-08-21 16:11 -------- d-----w- c:\users\Jarda62\AppData\Roaming\dvdcss
2009-11-16 19:22 . 2009-11-16 19:22 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-11-15 13:26 . 2009-11-15 13:26 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-15 13:26 . 2009-11-15 13:26 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-15 13:26 . 2009-11-15 13:26 -------- d-----w- c:\program files\OpenAL
2009-11-06 18:08 . 2009-11-06 16:06 -------- d-----w- c:\users\Jarda62\AppData\Roaming\Ventrilo
2009-11-06 16:09 . 2009-11-06 16:09 -------- d-----w- c:\program files\Ventrilo
2009-11-06 16:08 . 2009-11-06 16:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-05 18:01 . 2009-11-03 21:43 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-05 17:11 . 2009-11-05 17:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 19:42 . 2009-09-30 12:29 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 14:57 . 2009-07-19 23:05 1002008 ----a-w- c:\windows\system32\igxpun.exe
2009-10-13 01:16 . 2009-10-13 01:16 49152 ----a-w- c:\windows\system32\drivers\l160x86.sys
2009-10-11 03:17 . 2009-06-15 17:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\atapi.sys ---
Company: Microsoft Corporation
File Description: ATAPI IDE Miniport Driver
File Version: 6.1.7100.0 (winmain_win7rc.090421-1700)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 21584
Created time: 2009-04-22 03:08
Modified time: 2009-04-22 05:24
MD5: 80C40F7FDFC376E4C5FEEC28B41C119E
SHA1: E8B549406D2D70D88F64A0EF3527E545FE366374

--- c:\windows\System32\ntshrui.dll ---
Company: Microsoft Corporation
File Description: Shell extensions for sharing
File Version: 6.1.7100.0 (winmain_win7rc.090421-1700)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. Všechna práva vyhrazena.
Original Filename: ntshrui.dll.mui
File size: 441856
Created time: 2009-04-22 03:40
Modified time: 2009-04-22 05:21
MD5: 59A553A64CC16551F16059DD4D05DF16
SHA1: 9966AAD171148206D3578A8FF75D43C0D9FA134B

((((((((((((((((((((((((((((( SnapShot@2010-01-03_15.35.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-22 08:29 . 2010-01-03 18:23 35442 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-11 14:26 . 2010-01-03 18:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-11 14:26 . 2010-01-03 15:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-11 14:26 . 2010-01-03 18:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-11 14:26 . 2010-01-03 15:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-11 14:26 . 2010-01-03 15:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-11 14:26 . 2010-01-03 18:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-11 19:12 . 2010-01-03 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-11 19:12 . 2010-01-03 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-11 19:12 . 2010-01-03 15:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-11 19:12 . 2010-01-03 18:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-11 19:12 . 2010-01-03 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-11 19:12 . 2010-01-03 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-24 20:07 . 2010-01-03 18:20 2494 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2009-06-11 16:13 . 2010-01-03 18:23 7120 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3018842908-357977327-1249027298-1001_UserData.bin
- 2010-01-03 15:26 . 2010-01-03 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-03 15:26 . 2010-01-03 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-03 15:26 . 2010-01-03 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-03 15:26 . 2010-01-03 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-11 14:24 . 2010-01-03 15:26 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-11 14:24 . 2010-01-03 17:55 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-22 05:57 . 2010-01-02 18:41 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-04-22 05:57 . 2010-01-03 16:04 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-22 133104]
"Infium"="d:\qip infium\infium.exe" [2009-12-26 6025168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\Jarda62\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PNotes.lnk - c:\program files\PNotes\PNotes.exe [2009-10-6 699392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-08-14 15:04 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-22 13:47 133104 ----atw- c:\users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

R0 amdxata;amdxata;c:\windows\System32\drivers\amdxata.sys [22.4.2009 3:07 23120]
R0 CLFS;Systém souborů CLFS;c:\windows\System32\clfs.sys [22.4.2009 4:08 249424]
R0 CNG;CNG;c:\windows\System32\drivers\cng.sys [22.4.2009 4:31 369056]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [22.4.2009 4:19 58448]
R0 fvevol;Ovladač filtru nástroje Bitlocker Drive Encryption;c:\windows\System32\drivers\fvevol.sys [22.4.2009 4:10 194488]
R0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [22.4.2009 4:08 13904]
R0 KSecPkg;KSecPkg;c:\windows\System32\drivers\ksecpkg.sys [22.4.2009 4:32 133200]
R0 msisadrv;msisadrv;c:\windows\System32\drivers\msisadrv.sys [22.4.2009 4:08 13904]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [22.4.2009 4:08 42576]
R0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [22.4.2009 4:19 173648]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [22.4.2009 1:36 17488]
R0 storflt;Diskový ovladač filtru akcelerace sběrnice virtuálního počítače;c:\windows\System32\drivers\vmstorfl.sys [22.4.2009 11:23 40912]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\System32\drivers\vdrvroot.sys [22.4.2009 4:44 32848]
R0 volmgr;Volume Manager Driver;c:\windows\System32\drivers\volmgr.sys [22.4.2009 4:08 52304]
R0 volmgrx;Správce dynamických svazků;c:\windows\System32\drivers\volmgrx.sys [22.4.2009 4:09 297040]
R1 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [22.4.2009 4:20 35328]
R1 CSC;Ovladač souborů pro režim offline;c:\windows\System32\drivers\csc.sys [22.4.2009 4:12 387584]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [22.4.2009 4:11 78336]
R1 discache;System Attribute Cache;c:\windows\System32\drivers\discache.sys [22.4.2009 4:21 32768]
R1 nsiproxy;NSI proxy service driver.;c:\windows\System32\drivers\nsiproxy.sys [22.4.2009 4:09 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [22.4.2009 5:00 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\System32\drivers\RDPREFMP.sys [22.4.2009 5:00 7168]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [12.7.2009 11:09 142592]
R1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;c:\windows\System32\drivers\tdx.sys [22.4.2009 4:09 74240]
R1 Wanarpv6;Ovladač pro vzdálený přístup IPv6 ARP;c:\windows\System32\drivers\wanarp.sys [22.4.2009 4:53 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\System32\drivers\wfplwf.sys [22.4.2009 4:52 9728]
R2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 BFE;Služba BFE (Base Filtering Engine);c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 CscService;Soubory offline;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 DPS;Služba DPS (Diagnostic Policy Service);c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 FDResPub;Publikování prostředků rozpoznávání funkcí;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
R2 gpsvc;Klient zásad skupiny;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 iphlpsvc;Pomocná služba protokolu IP;c:\windows\System32\svchost.exe -k NetSvcs [22.4.2009 4:16 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [22.4.2009 4:51 48128]
R2 luafv;Virtualizace souborů nástroje Řízení uživatelských účtů;c:\windows\System32\drivers\luafv.sys [22.4.2009 4:13 86528]
R2 MMCSS;Služba Plánovač multimédií;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 MpsSvc;Brána Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 NlaSvc;Sledování umístění v síti (NLA);c:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
R2 nsi;Služba rozhraní síťového úložiště;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [22.4.2009 4:33 586752]
R2 Power;Napájení;c:\windows\system32\svchost.exe -k DcomLaunch [22.4.2009 4:16 20992]
R2 ProfSvc;Služba Profil uživatele;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 RpcEptMapper;Mapovač koncových bodů protokolu RPC;c:\windows\system32\svchost.exe -k RPCSS [22.4.2009 4:16 20992]
R2 sppsvc;Ochrana před softwarem;c:\windows\System32\sppsvc.exe [22.4.2009 5:44 3179520]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [22.4.2009 4:52 34816]
R2 UxSms;Správce relací správce oken plochy;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [22.4.2009 4:16 20992]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [13.10.2009 2:16 49152]
R3 bowser;Ovladač podpory prohlížeče;c:\windows\System32\drivers\bowser.sys [22.4.2009 4:11 69632]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\System32\drivers\CompositeBus.sys [22.4.2009 4:43 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [22.4.2009 4:23 720384]
R3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 HomeGroupListener;Naslouchací proces domácí skupiny;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R3 HomeGroupProvider;Zprostředkovatel domácích skupin;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
R3 KeyIso;Izolace klíče CNG;c:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\drivers\monitor.sys [22.4.2009 4:23 23552]
R3 mpsdrv;Ovladač ověření brány Windows Firewall;c:\windows\System32\drivers\mpsdrv.sys [22.4.2009 4:51 60416]
R3 mrxsmb10;Mini-přesměrovač SMB 1.x;c:\windows\System32\drivers\mrxsmb10.sys [22.4.2009 4:11 220672]
R3 mrxsmb20;Mini-přesměrovač SMB 2.0;c:\windows\System32\drivers\mrxsmb20.sys [22.4.2009 4:11 94720]
R3 netprofm;Služba seznamu sítí;c:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\drivers\agilevpn.sys [22.4.2009 4:53 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\drivers\rdpbus.sys [22.4.2009 5:01 18432]
R3 srv2;Ovladač pro server SMB 2.xxx;c:\windows\System32\drivers\srv2.sys [14.10.2009 14:55 306688]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [22.4.2009 4:12 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [22.4.2009 4:52 108032]
R3 umbus;UMBus Enumerator Driver;c:\windows\System32\drivers\umbus.sys [24.6.2009 11:17 39936]
R3 WdiServiceHost;Hostitel diagnostické služby;c:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 WdiSystemHost;Hostitel diagnostického systému;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\System32\drivers\1394ohci.sys [22.4.2009 4:50 162816]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\drivers\acpipmi.sys [22.4.2009 4:13 9728]
S3 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [20.3.2009 16:22 422992]
S3 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [22.4.2009 3:07 297552]
S3 amdsata;amdsata;c:\windows\System32\drivers\amdsata.sys [20.3.2009 16:23 77904]
S3 amdsbs;amdsbs;c:\windows\System32\drivers\amdsbs.sys [28.3.2009 5:45 159312]
S3 AppID;Ovladač AppID;c:\windows\System32\drivers\appid.sys [22.4.2009 4:35 50176]
S3 AppIDSvc;Identita aplikace;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 Appinfo;Informace o aplikaci;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [22.4.2009 3:07 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\drivers\bxvbdx.sys [20.3.2009 16:22 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [22.4.2009 3:01 229888]
S3 BDESVC;Služba BitLocker Drive Encryption;c:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [22.4.2009 5:55 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [22.4.2009 5:56 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [22.4.2009 5:53 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [22.4.2009 5:55 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [22.4.2009 5:55 12160]
S3 CertPropSvc;Šíření certifikátů;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [22.4.2009 4:49 37888]
S3 defragsvc;Defragmentace disku;c:\windows\system32\svchost.exe -k defragsvc [22.4.2009 4:16 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\drivers\evbdx.sys [20.3.2009 16:22 3100160]
S3 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [20.3.2009 16:23 453712]
S3 Filetrace;FileTrace;c:\windows\System32\drivers\filetrace.sys [22.4.2009 4:12 28160]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\drivers\fsdepends.sys [22.4.2009 4:12 45648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\System32\drivers\hcw85cir.sys [22.4.2009 3:52 26624]
S3 HpSAMD;HpSAMD;c:\windows\System32\drivers\HpSAMD.sys [22.4.2009 3:07 67152]
S3 iaStorV;iaStorV;c:\windows\System32\drivers\iaStorV.sys [15.4.2009 3:30 332368]
S3 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [22.4.2009 4:28 65536]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [22.4.2009 4:44 186960]
S3 KtmRm;Služba KTMRM pro koordinátor DTC;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;c:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [22.4.2009 3:07 95824]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [22.4.2009 3:07 89168]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\drivers\lsi_sas2.sys [22.4.2009 3:07 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [22.4.2009 3:07 96848]
S3 megasas;megasas;c:\windows\System32\drivers\megasas.sys [20.3.2009 16:23 30800]
S3 mpio;mpio;c:\windows\System32\drivers\mpio.sys [22.4.2009 4:44 130640]
S3 msahci;msahci;c:\windows\System32\drivers\msahci.sys [22.4.2009 4:44 27728]
S3 msdsm;msdsm;c:\windows\System32\drivers\msdsm.sys [22.4.2009 4:44 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [22.4.2009 4:49 4096]
S3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [22.4.2009 4:09 162896]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\drivers\MTConfig.sys [22.4.2009 4:45 12288]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [22.4.2009 4:50 267264]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\System32\drivers\ndiscap.sys [22.4.2009 4:51 27136]
S3 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [22.4.2009 3:07 44624]
S3 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [15.4.2009 3:30 142416]
S3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe -k PeerDist [22.4.2009 4:16 20992]
S3 pla;Výstrahy a protokolování výkonu;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;c:\windows\System32\svchost.exe -k LocalServicePeerNet [22.4.2009 4:16 20992]
S3 ql2300;ql2300;c:\windows\System32\drivers\ql2300.sys [20.3.2009 16:23 1383504]
S3 ql40xx;ql40xx;c:\windows\System32\drivers\ql40xx.sys [22.4.2009 3:07 105552]
S3 s3cap;s3cap;c:\windows\System32\drivers\vms3cap.sys [22.4.2009 11:23 5632]
S3 scfilter;Ovladač filtru čipových karet třídy PnP;c:\windows\System32\drivers\scfilter.sys [22.4.2009 4:32 26624]
S3 SCPolicySvc;Zásady odebrání čipové karty;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 SDRSVC;Windows Zálohování;c:\windows\system32\svchost.exe -k SDRSVC [22.4.2009 4:16 20992]
S3 SensrSvc;Adaptivní jas;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [22.4.2009 4:44 12288]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [22.4.2009 3:07 77904]
S3 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);c:\windows\System32\drivers\smb.sys [22.4.2009 4:52 71168]
S3 sppuinotify;Služba Oznámení platformy SPP;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 stexstor;stexstor;c:\windows\System32\drivers\stexstor.sys [22.4.2009 3:07 21072]
S3 storvsc;storvsc;c:\windows\System32\drivers\storvsc.sys [22.4.2009 11:23 28240]
S3 TabletInputService;Služba Vstupní panel počítače Tablet PC;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 TBS;Služba TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 THREADORDER;Server pro řazení podprocesů;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 TrustedInstaller;Instalační služba modulů systému Windows;c:\windows\servicing\TrustedInstaller.exe [22.4.2009 4:20 204800]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [22.4.2009 5:00 30208]
S3 UI0Detect;Zjišťování interaktivních služeb;c:\windows\System32\UI0Detect.exe [22.4.2009 4:35 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [22.4.2009 4:23 57424]
S3 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [22.4.2009 4:49 86016]
S3 VaultSvc;Správce pověření;c:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
S3 vhdmp;vhdmp;c:\windows\System32\drivers\vhdmp.sys [22.4.2009 4:44 158288]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [22.4.2009 4:08 52736]
S3 vmbus;vmbus;c:\windows\System32\drivers\vmbus.sys [22.4.2009 11:23 175824]
S3 VMBusHID;VMBusHID;c:\windows\System32\drivers\VMBusHID.sys [22.4.2009 11:23 17920]
S3 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [20.3.2009 16:23 141904]
S3 vwifibus;Ovladač sběrnice Virtual WiFi;c:\windows\System32\drivers\vwifibus.sys [22.4.2009 4:50 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [22.4.2009 4:45 21632]
S3 wbengine;Služba jádra pro zálohování dat na úrovni bloků;c:\windows\System32\wbengine.exe [22.4.2009 4:21 1203200]
S3 WbioSrvc;Biometrická služba systému Windows;c:\windows\system32\svchost.exe -k WbioSvcGroup [22.4.2009 4:16 20992]
S3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [22.4.2009 4:16 20992]
S3 Wd;Wd;c:\windows\System32\drivers\wd.sys [22.4.2009 4:08 19024]
S3 Wecsvc;Sběr událostí systému Windows;c:\windows\system32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 wercplsupport;Podpora ovládacího panelu Oznámení a řešení problémů;c:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 WerSvc;Služba Zasílání zpráv o chybách systému Windows;c:\windows\System32\svchost.exe -k WerSvcGroup [22.4.2009 4:16 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [22.4.2009 4:15 19024]
S3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 Wlansvc;Automatická konfigurace sítě WLAN;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 WPCSvc;Rodičovská kontrola;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
S3 WPDBusEnum;Služba Výčet přenosných zařízení;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 WwanSvc;Automatická konfigurace sítě WWAN;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S4 Mcx2Svc;Služba zařízení Media Center Extender;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [15.6.2009 16:03 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Obsah adresáře 'Naplánované úlohy'

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018842908-357977327-1249027298-1001Core.job
- c:\users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-19 13:47]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3018842908-357977327-1249027298-1001UA.job
- c:\users\Jarda62\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-19 13:47]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\users\Jarda62\AppData\Roaming\Mozilla\Firefox\Profiles\724dr88a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Jarda62\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 19:21
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 19:21
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 19:22
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 19:22
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 19:22
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85B51841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84ead5f0
QueryNameProcedure -> 0x84eb02f0
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3644)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Spyware Terminator\sp_rsser.exe
d:\fraps\fraps.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-03 19:25:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-03 18:25
ComboFix2.txt 2010-01-03 15:38

Před spuštěním: Volných bajtů: 13 533 786 112
Po spuštění: Volných bajtů: 13 336 346 624

- - End Of File - - 5EA71ADCFB86F25EFF1C566D5F2FB8B4

Jarda62 · #12 Příspěvek od **Jarda62** » 03 led 2010 19:49

Tak sem ho upnul. A děkuju moc. Dnes už taky nebudu nic dělat.

Jarda62 · #13 Příspěvek od **Jarda62** » 04 led 2010 17:18

Po domluvě sem se rozhodl přeinstalovat Windowsi z W7 RC na W7 full verzi

Jarda62 · #14 Příspěvek od **Jarda62** » 04 led 2010 20:59

Díky moc za všechno

VIRY.CZ

nooeqar.exe nic ho nedá pryč

nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč

Re: nooeqar.exe nic ho nedá pryč