pri startu se nespusti explorer.exe

Zpráva

skegster · #1 Příspěvek od **skegster** » 23 bře 2010 02:36

Dobry den,
mam takovy mensi problem. Kdyz spustim pocitac, nenaskoci mi explorer.exe. Naskoci mi akorat slozka s dokumenty a jinak cerno. Kdyz si manualne spustim explorer.exe vse pak bezproblemu funguje. Posledni vec co jsem udelal pred zjistenim problemu byla infiltrace"C:\Users\Skegster\AppData\Local\Temp\FDFD.tmp - Win32/Oficla.EJ trojský kůň" a reinstalace ovladacu graficke karty. Rad bych vas poprosil jestli byste se na to nemoli kouknout.
Predem dekuji.

Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Skegster at 2010-03-23 02:23:07
Microsoft Windows 7 Professional Service Pack 3
System drive C: has 22 GB (15%) free of 153 GB
Total RAM: 3071 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:13, on 23.3.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Skegster\Downloads\RSIT.exe
C:\Users\Skegster\Downloads\Skegster.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=explorer.exe rundll32.exe gkrfa
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe

--
End of file - 6194 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-11 2054360]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-17 1549608]
""= []
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"WheelMouse"=C:\ADVANC~1\wh_exec.exe [2007-11-11 98304]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-28 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Skegster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-09-16 384512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Windows\AutoRun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\setup\rsrc\Autorun.exe
shell\dinstall\command - H:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa5b400-f195-11de-84bd-0050fc330f5a}]
shell\AutoRun\command - H:\USBNB.exe

======File associations======

.js - edit -
.js - open -
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
.txt - open -

======List of files/folders created in the last 1 months======

2010-03-23 02:21:11 ----D---- C:\rsit
2010-03-23 01:36:51 ----A---- C:\Windows\ATKPF.ini
2010-03-23 00:58:06 ----A---- C:\Windows\system32\nvhdap32.dll
2010-03-23 00:58:06 ----A---- C:\Windows\system32\nvcohda.dll
2010-03-23 00:58:06 ----A---- C:\Windows\system32\nvapo32v.dll
2010-03-23 00:56:44 ----D---- C:\Windows\system32\AGEIA
2010-03-23 00:56:44 ----D---- C:\Program Files\AGEIA Technologies
2010-03-23 00:52:21 ----A---- C:\Windows\system32\OpenCL.dll
2010-03-23 00:52:19 ----A---- C:\Windows\system32\nvoglv32.dll
2010-03-23 00:52:19 ----A---- C:\Windows\system32\nvencodemft.dll
2010-03-23 00:52:19 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-03-23 00:52:19 ----A---- C:\Windows\system32\nvd3dum.dll
2010-03-23 00:52:19 ----A---- C:\Windows\system32\nvcuvid.dll
2010-03-23 00:52:19 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-03-23 00:52:19 ----A---- C:\Windows\system32\nvcuda.dll
2010-03-23 00:52:17 ----A---- C:\Windows\system32\nvcompiler.dll
2010-03-23 00:52:17 ----A---- C:\Windows\system32\nvcod178.dll
2010-03-23 00:52:17 ----A---- C:\Windows\system32\nvcod.dll
2010-03-23 00:52:15 ----D---- C:\NVIDIA
2010-03-23 00:02:25 ----D---- C:\Program Files\ATKGFNEX
2010-03-23 00:02:00 ----D---- C:\Users\Skegster\AppData\Roaming\InstallShield
2010-03-22 16:32:11 ----D---- C:\Users\Skegster\AppData\Roaming\Instantbird
2010-03-22 16:32:03 ----D---- C:\Program Files\Instantbird 0.2 Beta 2
2010-03-19 16:10:26 ----D---- C:\Users\Skegster\AppData\Roaming\Stereoscopic Player
2010-03-19 16:09:18 ----D---- C:\Program Files\Stereoscopic Player
2010-03-19 15:52:00 ----A---- C:\Windows\GraphEdt.INI
2010-03-19 15:46:07 ----D---- C:\ProgramData\Windows Genuine Advantage
2010-03-17 22:16:30 ----D---- C:\Program Files\WinHex
2010-03-17 16:51:52 ----A---- C:\Windows\IsUninst.exe
2010-03-16 22:04:00 ----D---- C:\Users\Skegster\AppData\Roaming\avidemux
2010-03-16 22:03:27 ----D---- C:\Program Files\Avidemux 2.5
2010-03-16 21:50:10 ----A---- C:\test.txt
2010-03-16 21:50:09 ----D---- C:\Movies
2010-03-16 00:12:33 ----D---- C:\Program Files\Trust
2010-03-13 11:41:51 ----D---- C:\ProgramData\Apple Computer
2010-03-13 11:41:51 ----D---- C:\Program Files\QuickTime
2010-03-13 11:41:07 ----D---- C:\Program Files\Common Files\Apple
2010-03-13 11:40:52 ----D---- C:\Program Files\Apple Software Update
2010-03-13 11:40:51 ----D---- C:\ProgramData\Apple
2010-03-10 20:07:52 ----D---- C:\Users\Skegster\AppData\Roaming\vlc
2010-03-09 20:01:59 ----D---- C:\Users\Skegster\AppData\Roaming\VitySoft
2010-03-09 19:55:04 ----D---- C:\DOWNLOAD
2010-03-08 12:36:39 ----D---- C:\Users\Skegster\AppData\Roaming\Opera
2010-03-08 12:36:23 ----D---- C:\Program Files\Opera
2010-03-07 18:39:35 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-07 15:15:17 ----D---- C:\Program Files\Defraggler
2010-03-07 12:37:52 ----D---- C:\Users\Skegster\AppData\Roaming\Thunderbird
2010-03-07 12:03:16 ----D---- C:\Program Files\Mozilla Thunderbird
2010-03-06 17:48:47 ----D---- C:\Program Files\Common Files\Skype
2010-02-24 21:09:30 ----D---- C:\Program Files\sges-v3
2010-02-24 21:00:01 ----D---- C:\Program Files\NetBeans 6.8
2010-02-24 00:56:23 ----A---- C:\Windows\system32\ssleay32.dll
2010-02-24 00:56:23 ----A---- C:\Windows\system32\libssl32.dll
2010-02-24 00:56:22 ----A---- C:\Windows\system32\libeay32.dll
2010-02-24 00:56:11 ----D---- C:\OpenSSL
2010-02-24 00:36:12 ----D---- C:\Program Files\HHD Software

======List of files/folders modified in the last 1 months======

2010-03-23 02:23:12 ----D---- C:\Windows\Temp
2010-03-23 02:17:10 ----D---- C:\Windows\winsxs
2010-03-23 02:16:45 ----D---- C:\Windows\system32\config
2010-03-23 02:15:44 ----D---- C:\Program Files\Internet Explorer
2010-03-23 02:15:43 ----D---- C:\Windows\System32
2010-03-23 02:14:37 ----SHD---- C:\System Volume Information
2010-03-23 02:09:34 ----D---- C:\Windows
2010-03-23 02:07:11 ----RD---- C:\Program Files
2010-03-23 02:06:30 ----SHD---- C:\Windows\Installer
2010-03-23 02:06:29 ----HD---- C:\ProgramData
2010-03-23 02:05:01 ----D---- C:\Program Files\Common Files
2010-03-23 01:58:54 ----D---- C:\Windows\pss
2010-03-23 01:00:57 ----D---- C:\ProgramData\NVIDIA
2010-03-23 00:58:25 ----D---- C:\Windows\system32\drivers
2010-03-23 00:58:24 ----D---- C:\Windows\system32\catroot
2010-03-23 00:58:24 ----D---- C:\Windows\inf
2010-03-23 00:58:23 ----D---- C:\Windows\system32\DriverStore
2010-03-23 00:02:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-22 23:57:01 ----D---- C:\Program Files\ASUS
2010-03-22 22:59:48 ----D---- C:\Windows\Prefetch
2010-03-22 16:36:34 ----D---- C:\Users\Skegster\AppData\Roaming\AIMP
2010-03-21 19:57:27 ----D---- C:\Windows\system32\catroot2
2010-03-19 19:15:20 ----A---- C:\Windows\win.ini
2010-03-19 15:46:07 ----D---- C:\Windows\Downloaded Program Files
2010-03-18 01:00:13 ----D---- C:\Program Files\Miranda IM
2010-03-17 22:52:37 ----D---- C:\Users\Skegster\AppData\Roaming\Skype
2010-03-17 16:21:40 ----D---- C:\Users\Skegster\AppData\Roaming\skypePM
2010-03-17 15:50:09 ----D---- C:\_serialy
2010-03-16 00:17:56 ----D---- C:\Windows\debug
2010-03-16 00:13:56 ----D---- C:\Advanced Wheel Mouse
2010-03-16 00:12:17 ----D---- C:\Windows\system32\Tasks
2010-03-13 13:32:53 ----D---- C:\Program Files\WinSCP
2010-03-12 14:56:59 ----D---- C:\Users\Skegster\AppData\Roaming\uTorrent
2010-03-09 20:50:08 ----D---- C:\Windows\AppPatch
2010-03-08 00:56:40 ----D---- C:\ProgramData\Real
2010-03-08 00:56:35 ----D---- C:\Users\Skegster\AppData\Roaming\Real
2010-03-07 15:16:02 ----D---- C:\Windows\system32\PolarClock3 dir
2010-03-07 15:13:29 ----D---- C:\Program Files\CCleaner
2010-03-06 17:44:09 ----D---- C:\Program Files\Mozilla Firefox
2010-03-05 10:55:56 ----D---- C:\Program Files\uTorrent
2010-03-02 06:30:12 ----A---- C:\Windows\system32\MRT.exe
2010-02-24 21:34:40 ----D---- C:\wow
2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-24 07:55:19 ----D---- C:\Windows\rescache
2010-02-24 07:15:57 ----D---- C:\Windows\system32\cs-CZ
2010-02-24 07:11:04 ----RSD---- C:\Windows\assembly
2010-02-24 07:11:04 ----D---- C:\Windows\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-09-11 116008]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 95896]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R3 1394ohci;Hostitelský řadič pro rozhraní OHCI standardu 1394; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-08-21 625152]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
R3 HDAudBus;Ovladač sběrnice Microsoft UAA pro zvuk High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
R3 intelppm;Ovladač procesoru Intel; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mouhid;Ovladač myši standardu HID; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-01-08 221184]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2009-07-14 95744]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-11-21 11515752]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-17 223920]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-14 39936]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264]
R3 usbehci;Ovladač miniportu vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\Windows\system32\DRIVERS\usbehci.sys [2009-07-14 41472]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\Windows\system32\DRIVERS\usbhub.sys [2009-07-14 258560]
R3 usbuhci;Ovladač miniportu univerzálního hostitelského řadiče Microsoft USB; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2009-07-14 146176]
R3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys [2009-07-14 19968]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 46976]
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912]
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 40320]
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 bpenum;Intel(R) WiMAX Link Enumerator; C:\Windows\system32\DRIVERS\bpenum.sys [2008-08-24 31744]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-13 11904]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 cpuz132;cpuz132; \??\C:\Users\Skegster\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040]
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys [2009-07-14 15424]
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [2009-07-14 46656]
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624]
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 52608]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [2009-07-14 117312]
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [2009-07-14 142416]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 PSSDK42;PSSDK42; \??\C:\Windows\system32\Drivers\pssdk42.sys [2010-03-17 38976]
S3 PSSDKLBF;PSSDKLBF; \??\C:\Windows\system32\Drivers\pssdklbf.sys [2010-03-17 53312]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-14 12800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-07-14 1285712]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2009-07-14 20480]
S3 usbprint;Třída USB Printer; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-11-20 122984]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-14 22528]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
R3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 BrlAPI;BrlAPI; C:\cygwin\bin\cygrunsrv.exe []
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 94720]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-11 20680]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-14 522752]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-06 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [2006-02-02 57616]
S3 OracleServiceXE;OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-02 59064320]
S3 OracleXEClrAgent;OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [2006-02-02 45056]
S3 OracleXETNSListener;OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 204800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-14 12800]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-14 452608]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [2006-02-02 102400]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 23 bře 2010 02:45

Brzké dobré ranko

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

skegster · #3 Příspěvek od **skegster** » 23 bře 2010 03:06

ok tak dobre brzke rano

log:

ComboFix 10-03-22.02 - Skegster 23.03.2010 2:55.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3071.1797 [GMT 1:00]
Spuštěný z: c:\users\Skegster\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\users\Skegster\logo.png
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\Connect.dll
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-23 do 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 02:01 . 2010-03-23 02:01 -------- d-----w- c:\users\Skegster\AppData\Local\temp
2010-03-23 02:01 . 2010-03-23 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-23 01:21 . 2010-03-23 01:23 -------- d-----w- C:\rsit
2010-03-22 23:58 . 2009-11-12 04:14 66664 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-03-22 23:58 . 2009-11-12 01:09 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2010-03-22 23:58 . 2009-11-12 01:08 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-03-22 23:58 . 2009-11-10 23:15 182888 ----a-w- c:\windows\system32\nvcohda.dll
2010-03-22 23:56 . 2010-03-22 23:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-22 23:56 . 2010-03-22 23:56 -------- d-----w- c:\windows\system32\AGEIA
2010-03-22 23:02 . 2010-03-22 23:02 -------- d-----w- c:\program files\ATKGFNEX
2010-03-22 23:02 . 2010-03-22 23:02 -------- d-----w- c:\users\Skegster\AppData\Roaming\InstallShield
2010-03-22 17:48 . 2005-07-25 10:59 28672 ----a-w- c:\users\Skegster\AppData\Roaming\Thunderbird\Profiles\pwbcj39t.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
2010-03-22 17:31 . 2009-12-25 17:24 81920 ----a-w- c:\users\Skegster\AppData\Roaming\Instantbird\Profiles\ucp9127j.default\extensions\mintrayr@tn123.ath.cx\components\platform\WINNT_x86-msvc\trayToolkit.dll
2010-03-22 17:31 . 2009-12-25 17:24 80384 ----a-w- c:\users\Skegster\AppData\Roaming\Instantbird\Profiles\ucp9127j.default\extensions\mintrayr@tn123.ath.cx\components\platform\WINNT_x86_64-msvc\trayToolkit.dll
2010-03-22 15:32 . 2010-03-22 15:35 -------- d-----w- c:\users\Skegster\AppData\Local\Instantbird
2010-03-22 15:32 . 2010-03-22 15:32 -------- d-----w- c:\users\Skegster\AppData\Roaming\Instantbird
2010-03-22 15:32 . 2010-03-22 23:35 -------- d-----w- c:\program files\Instantbird 0.2 Beta 2
2010-03-19 15:10 . 2010-03-19 15:10 -------- d-----w- c:\users\Skegster\AppData\Roaming\Stereoscopic Player
2010-03-17 21:16 . 2010-03-17 21:25 -------- d-----w- c:\program files\WinHex
2010-03-17 16:14 . 2010-03-17 16:14 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2010-03-17 16:14 . 2010-03-17 16:14 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-03-17 15:51 . 1997-11-19 14:49 303616 ----a-w- c:\windows\IsUninst.exe
2010-03-16 21:04 . 2010-03-16 21:04 -------- d-----w- c:\users\Skegster\AppData\Roaming\avidemux
2010-03-16 21:03 . 2010-03-22 22:07 -------- d-----w- c:\program files\Avidemux 2.5
2010-03-16 20:50 . 2010-03-18 03:10 -------- d-----w- C:\Movies
2010-03-15 23:12 . 2010-03-15 23:12 -------- d-----w- c:\program files\Trust
2010-03-15 19:07 . 2010-03-15 19:08 20833776 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-15 19:07 . 2010-03-15 19:07 8405312 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-15 19:07 . 2010-03-15 19:07 149000 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-15 19:07 . 2010-03-15 19:07 10309448 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-15 19:07 . 2010-03-15 19:07 79368 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-15 19:07 . 2010-03-15 19:07 64000 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-15 19:07 . 2010-03-15 19:07 52288 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-15 19:07 . 2010-03-15 19:07 50688 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-15 19:07 . 2010-03-15 19:07 49152 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-15 19:07 . 2010-03-15 19:07 118784 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-13 10:41 . 2010-03-13 10:42 -------- d-----w- c:\program files\QuickTime
2010-03-13 10:41 . 2010-03-13 10:41 -------- d-----w- c:\programdata\Apple Computer
2010-03-13 10:41 . 2010-03-13 10:41 -------- d-----w- c:\program files\Common Files\Apple
2010-03-13 10:40 . 2010-03-13 10:40 -------- d-----w- c:\users\Skegster\AppData\Local\Apple
2010-03-13 10:40 . 2010-03-13 10:40 -------- d-----w- c:\program files\Apple Software Update
2010-03-13 10:40 . 2010-03-13 10:40 -------- d-----w- c:\programdata\Apple
2010-03-10 19:07 . 2010-03-17 23:53 -------- d-----w- c:\users\Skegster\AppData\Roaming\vlc
2010-03-10 17:56 . 2010-01-29 17:54 188416 ----a-w- c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\extensions\gwt-dev-plugin@google.com\lib\WINNT_x86-msvc\ff36\xpGwtDevPlugin.dll
2010-03-10 17:56 . 2010-01-22 12:58 188416 ----a-w- c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\extensions\gwt-dev-plugin@google.com\lib\WINNT_x86-msvc\ff35\xpGwtDevPlugin.dll
2010-03-10 17:56 . 2010-01-22 12:58 188416 ----a-w- c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\extensions\gwt-dev-plugin@google.com\lib\WINNT_x86-msvc\ff3\xpGwtDevPlugin.dll
2010-03-09 19:01 . 2010-03-09 19:01 -------- d-----w- c:\users\Skegster\AppData\Roaming\VitySoft
2010-03-09 18:55 . 2010-03-17 15:00 -------- d-----w- C:\DOWNLOAD
2010-03-08 11:36 . 2010-03-08 11:36 -------- d-----w- c:\users\Skegster\AppData\Local\Opera
2010-03-08 11:36 . 2010-03-22 12:58 -------- d-----w- c:\program files\Opera
2010-03-07 23:56 . 2010-03-16 23:56 439816 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-07 17:39 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-07 14:15 . 2010-03-07 14:15 -------- d-----w- c:\program files\Defraggler
2010-03-07 11:37 . 2010-03-07 11:37 0 ----a-w- c:\windows\nsreg.dat
2010-03-07 11:37 . 2010-03-07 11:37 -------- d-----w- c:\users\Skegster\AppData\Local\Thunderbird
2010-03-07 11:37 . 2010-03-07 11:37 -------- d-----w- c:\users\Skegster\AppData\Roaming\Thunderbird
2010-03-07 11:03 . 2010-03-23 00:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-06 16:48 . 2010-03-06 16:48 -------- d-----w- c:\program files\Common Files\Skype
2010-02-24 20:09 . 2010-02-24 20:12 -------- d-----w- c:\program files\sges-v3
2010-02-24 20:00 . 2010-03-09 00:36 -------- d-----w- c:\program files\NetBeans 6.8
2010-02-23 23:56 . 2009-11-15 12:37 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-02-23 23:56 . 2009-11-15 12:37 200704 ----a-w- c:\windows\system32\libssl32.dll
2010-02-23 23:56 . 2009-11-15 12:37 1017344 ----a-w- c:\windows\system32\libeay32.dll
2010-02-23 23:56 . 2010-02-23 23:56 -------- d-----w- C:\OpenSSL
2010-02-23 23:36 . 2010-03-17 20:31 -------- d-sha-w- c:\users\Public\DRM
2010-02-23 23:36 . 2010-02-23 23:36 -------- d-----w- c:\program files\HHD Software
2010-02-23 22:10 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-23 22:10 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-23 22:10 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-23 22:10 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 13:29 . 2010-02-22 13:29 -------- d-----w- c:\users\Skegster\AppData\Local\realtech_VR
2010-02-22 13:28 . 2010-02-22 13:28 -------- d-----w- c:\programdata\realtech VR
2010-02-22 13:28 . 2010-03-23 01:06 -------- d-----w- c:\program files\realtech VR
2010-02-22 10:44 . 2001-11-08 01:27 237568 ----a-w- c:\windows\system32\glut32.dll
2010-02-22 10:44 . 2001-08-29 16:14 1386496 ----a-w- c:\windows\system32\glaux.dll
2010-02-21 20:17 . 2010-02-21 20:17 -------- d-----w- c:\program files\SIW

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 00:00 . 2009-10-01 15:31 -------- d-----w- c:\programdata\NVIDIA
2010-03-22 23:02 . 2009-09-30 19:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-22 22:57 . 2009-09-29 10:05 -------- d-----w- c:\program files\ASUS
2010-03-22 15:36 . 2009-10-10 17:04 -------- d-----w- c:\users\Skegster\AppData\Roaming\AIMP
2010-03-18 00:00 . 2009-12-21 04:56 -------- d-----w- c:\program files\Miranda IM
2010-03-17 21:52 . 2010-01-11 02:37 -------- d-----w- c:\users\Skegster\AppData\Roaming\Skype
2010-03-17 15:21 . 2010-01-11 02:39 -------- d-----w- c:\users\Skegster\AppData\Roaming\skypePM
2010-03-16 22:00 . 2010-02-16 17:32 1 ----a-w- c:\users\Skegster\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-15 19:07 . 2010-03-15 19:07 149000 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-15 19:07 . 2010-03-15 19:07 10309448 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-13 12:32 . 2009-11-05 22:24 -------- d-----w- c:\program files\WinSCP
2010-03-12 13:56 . 2009-09-23 17:56 -------- d-----w- c:\users\Skegster\AppData\Roaming\uTorrent
2010-03-07 14:13 . 2009-09-23 17:17 -------- d-----w- c:\program files\CCleaner
2010-03-05 09:55 . 2009-09-23 17:55 -------- d-----w- c:\program files\uTorrent
2010-03-03 22:45 . 2010-03-03 22:45 32 ----a-w- c:\programdata\ezsid.dat
2010-02-24 09:16 . 2009-10-03 02:55 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 20:17 . 2009-07-14 08:44 672622 ----a-w- c:\windows\system32\perfh005.dat
2010-02-21 20:17 . 2009-07-14 08:44 137642 ----a-w- c:\windows\system32\perfc005.dat
2010-02-21 12:46 . 2009-09-30 13:38 -------- d-----w- c:\program files\Java
2010-02-19 23:03 . 2010-02-18 23:06 -------- d-----w- c:\users\Skegster\AppData\Roaming\dvdcss
2010-02-17 21:10 . 2009-09-24 05:48 138328 ----a-w- c:\users\Skegster\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 17:39 . 2009-10-06 11:11 -------- d-----w- c:\programdata\Microsoft Help
2010-02-16 17:37 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-02-16 17:33 . 2009-10-12 10:41 -------- d-----w- c:\program files\Microsoft
2010-02-16 17:31 . 2010-02-16 17:31 -------- d-----w- c:\users\Skegster\AppData\Roaming\OpenOffice.org
2010-02-16 17:30 . 2010-02-16 17:30 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-15 15:13 . 2010-02-15 14:54 -------- d-----w- c:\users\Skegster\AppData\Roaming\Mathematica
2010-02-15 14:54 . 2010-02-15 14:54 -------- d-----w- c:\programdata\Mathematica
2010-02-15 14:54 . 2010-02-15 14:49 -------- d-----w- c:\program files\Wolfram Research
2010-02-15 10:36 . 2009-12-15 20:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 10:32 . 2010-02-14 16:00 -------- d-----w- c:\program files\Trillian
2010-02-10 13:54 . 2010-01-03 20:07 -------- d-----w- c:\program files\Easy Icon Maker
2010-02-03 21:38 . 2010-02-03 21:38 -------- d-----w- c:\programdata\Blizzard
2010-01-28 02:24 . 2010-01-28 02:23 -------- d-----w- c:\program files\Common Files\Real
2010-01-28 02:24 . 2010-01-28 02:24 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-28 02:23 . 2009-10-29 11:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-28 02:23 . 2009-10-22 11:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-28 02:23 . 2010-01-28 02:23 -------- d-----w- c:\program files\Real
2010-01-22 06:44 . 2009-10-11 16:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 04:39 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 04:39 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 04:39 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 04:39 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 04:39 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 04:39 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 04:39 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 04:38 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-12 05:37 . 2010-01-12 05:37 257568 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-01-11 02:39 . 2010-01-11 02:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-08 03:18 . 2010-02-10 04:39 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 04:39 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-05 15:39 . 2009-12-03 08:27 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-11-11 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-28 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Skegster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Skegster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2008-08-24 31744]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
R3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-03-17 38976]
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-03-17 53312]
R3 XLBLYADVT;XLBLYADVT;c:\users\Skegster\AppData\Local\Temp\XLBLYADVT.exe [x]
R3 YVHPDFAG;YVHPDFAG;c:\users\Skegster\AppData\Local\Temp\YVHPDFAG.exe [x]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 95896]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-21 625152]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - RKREVEAL150
*Deregistered* - RKREVEAL150

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\extensions\gwt-dev-plugin@google.com\lib\WINNT_x86-msvc\ff36\xpGwtDevPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.txt=Noutped.Document
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-03-23 03:03:22
ComboFix-quarantined-files.txt 2010-03-23 02:03

Před spuštěním: Volných bajtů: 23 388 524 544
Po spuštění: Volných bajtů: 26 413 826 048

- - End Of File - - 840048F3054536C8F00A4456130123DA

#4 Příspěvek od **motji** » 23 bře 2010 03:23

vy jste spouštěl Rootkitreveal?

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Collect::
c:\users\Skegster\AppData\Local\Temp\XLBLYADVT.exe 
c:\users\Skegster\AppData\Local\Temp\YVHPDFAG.exe

Driver::
XLBLYADVT
YVHPDFAG

DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

Firefox::
FF - ProfilePath - c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Otestujte na www.virustotal.com

c:\windows\system32\Drivers\pssdk42.sys
c:\windows\system32\Drivers\pssdklbf.sys

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Jak to vypadá s počítačem?

skegster · #5 Příspěvek od **skegster** » 23 bře 2010 04:05

Vse uz funguje jak ma, diky moc

jj Rootkitreveal jsem pred tim spoustel

a logy jsou uz asi nepodstatne

jeste jednou dekuji

#6 Příspěvek od **motji** » 23 bře 2010 04:11

Nene, logy jsou stále podstatné

. Musíme zkontrolovat, zda tam něco nezůstalo

.

Log z Rootkitrevealu by jste našel?

skegster · #7 Příspěvek od **skegster** » 23 bře 2010 04:14

bohuzel rootkitreleave sem nenechal dojet do konce:(

links:
http://www.virustotal.com/cs/analisis/e ... 1269311576
http://www.virustotal.com/cs/analisis/f ... 1269311821

log:
ComboFix 10-03-22.02 - Skegster 23.03.2010 3:43.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3071.1846 [GMT 1:00]
Spuštěný z: c:\users\Skegster\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Skegster\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_XLBLYADVT
-------\Service_YVHPDFAG

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-23 do 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 02:48 . 2010-03-23 02:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-23 02:48 . 2010-03-23 02:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-23 02:03 . 2010-03-23 02:50 -------- d-----w- c:\users\Skegster\AppData\Local\temp
2010-03-23 01:21 . 2010-03-23 01:23 -------- d-----w- C:\rsit
2010-03-22 23:58 . 2009-11-12 04:14 66664 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-03-22 23:58 . 2009-11-12 01:09 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2010-03-22 23:58 . 2009-11-12 01:08 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-03-22 23:58 . 2009-11-10 23:15 182888 ----a-w- c:\windows\system32\nvcohda.dll
2010-03-22 23:56 . 2010-03-22 23:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-22 23:56 . 2010-03-22 23:56 -------- d-----w- c:\windows\system32\AGEIA
2010-03-22 23:02 . 2010-03-22 23:02 -------- d-----w- c:\program files\ATKGFNEX
2010-03-22 23:02 . 2010-03-22 23:02 -------- d-----w- c:\users\Skegster\AppData\Roaming\InstallShield
2010-03-22 15:32 . 2010-03-22 15:35 -------- d-----w- c:\users\Skegster\AppData\Local\Instantbird
2010-03-22 15:32 . 2010-03-22 15:32 -------- d-----w- c:\users\Skegster\AppData\Roaming\Instantbird
2010-03-22 15:32 . 2010-03-22 23:35 -------- d-----w- c:\program files\Instantbird 0.2 Beta 2
2010-03-19 15:10 . 2010-03-19 15:10 -------- d-----w- c:\users\Skegster\AppData\Roaming\Stereoscopic Player
2010-03-17 21:16 . 2010-03-17 21:25 -------- d-----w- c:\program files\WinHex
2010-03-17 16:14 . 2010-03-17 16:14 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2010-03-17 16:14 . 2010-03-17 16:14 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-03-17 15:51 . 1997-11-19 14:49 303616 ----a-w- c:\windows\IsUninst.exe
2010-03-16 21:04 . 2010-03-16 21:04 -------- d-----w- c:\users\Skegster\AppData\Roaming\avidemux
2010-03-16 21:03 . 2010-03-22 22:07 -------- d-----w- c:\program files\Avidemux 2.5
2010-03-16 20:50 . 2010-03-18 03:10 -------- d-----w- C:\Movies
2010-03-15 23:12 . 2010-03-15 23:12 -------- d-----w- c:\program files\Trust
2010-03-13 10:41 . 2010-03-13 10:42 -------- d-----w- c:\program files\QuickTime
2010-03-13 10:41 . 2010-03-13 10:41 -------- d-----w- c:\programdata\Apple Computer
2010-03-13 10:41 . 2010-03-13 10:41 -------- d-----w- c:\program files\Common Files\Apple
2010-03-13 10:40 . 2010-03-13 10:40 -------- d-----w- c:\users\Skegster\AppData\Local\Apple
2010-03-13 10:40 . 2010-03-13 10:40 -------- d-----w- c:\program files\Apple Software Update
2010-03-13 10:40 . 2010-03-13 10:40 -------- d-----w- c:\programdata\Apple
2010-03-10 19:07 . 2010-03-17 23:53 -------- d-----w- c:\users\Skegster\AppData\Roaming\vlc
2010-03-09 19:01 . 2010-03-09 19:01 -------- d-----w- c:\users\Skegster\AppData\Roaming\VitySoft
2010-03-09 18:55 . 2010-03-17 15:00 -------- d-----w- C:\DOWNLOAD
2010-03-08 11:36 . 2010-03-08 11:36 -------- d-----w- c:\users\Skegster\AppData\Local\Opera
2010-03-08 11:36 . 2010-03-22 12:58 -------- d-----w- c:\program files\Opera
2010-03-07 17:39 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-07 14:15 . 2010-03-07 14:15 -------- d-----w- c:\program files\Defraggler
2010-03-07 11:37 . 2010-03-07 11:37 0 ----a-w- c:\windows\nsreg.dat
2010-03-07 11:37 . 2010-03-07 11:37 -------- d-----w- c:\users\Skegster\AppData\Local\Thunderbird
2010-03-07 11:37 . 2010-03-07 11:37 -------- d-----w- c:\users\Skegster\AppData\Roaming\Thunderbird
2010-03-07 11:03 . 2010-03-23 00:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-06 16:48 . 2010-03-06 16:48 -------- d-----w- c:\program files\Common Files\Skype
2010-02-24 20:09 . 2010-02-24 20:12 -------- d-----w- c:\program files\sges-v3
2010-02-24 20:00 . 2010-03-09 00:36 -------- d-----w- c:\program files\NetBeans 6.8
2010-02-23 23:56 . 2009-11-15 12:37 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-02-23 23:56 . 2009-11-15 12:37 200704 ----a-w- c:\windows\system32\libssl32.dll
2010-02-23 23:56 . 2009-11-15 12:37 1017344 ----a-w- c:\windows\system32\libeay32.dll
2010-02-23 23:56 . 2010-02-23 23:56 -------- d-----w- C:\OpenSSL
2010-02-23 23:36 . 2010-03-17 20:31 -------- d-sha-w- c:\users\Public\DRM
2010-02-23 23:36 . 2010-02-23 23:36 -------- d-----w- c:\program files\HHD Software
2010-02-23 22:10 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-23 22:10 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-23 22:10 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-23 22:10 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 13:29 . 2010-02-22 13:29 -------- d-----w- c:\users\Skegster\AppData\Local\realtech_VR
2010-02-22 13:28 . 2010-02-22 13:28 -------- d-----w- c:\programdata\realtech VR
2010-02-22 13:28 . 2010-03-23 01:06 -------- d-----w- c:\program files\realtech VR
2010-02-22 10:44 . 2001-11-08 01:27 237568 ----a-w- c:\windows\system32\glut32.dll
2010-02-22 10:44 . 2001-08-29 16:14 1386496 ----a-w- c:\windows\system32\glaux.dll
2010-02-21 20:17 . 2010-02-21 20:17 -------- d-----w- c:\program files\SIW

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 00:00 . 2009-10-01 15:31 -------- d-----w- c:\programdata\NVIDIA
2010-03-22 23:02 . 2009-09-30 19:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-22 22:57 . 2009-09-29 10:05 -------- d-----w- c:\program files\ASUS
2010-03-22 15:36 . 2009-10-10 17:04 -------- d-----w- c:\users\Skegster\AppData\Roaming\AIMP
2010-03-18 00:00 . 2009-12-21 04:56 -------- d-----w- c:\program files\Miranda IM
2010-03-17 21:52 . 2010-01-11 02:37 -------- d-----w- c:\users\Skegster\AppData\Roaming\Skype
2010-03-17 15:21 . 2010-01-11 02:39 -------- d-----w- c:\users\Skegster\AppData\Roaming\skypePM
2010-03-16 23:56 . 2010-03-07 23:56 439816 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-16 22:00 . 2010-02-16 17:32 1 ----a-w- c:\users\Skegster\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-15 19:08 . 2010-03-15 19:07 20833776 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-15 19:07 . 2010-03-15 19:07 8405312 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-15 19:07 . 2010-03-15 19:07 149000 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-15 19:07 . 2010-03-15 19:07 10309448 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-15 19:07 . 2010-03-15 19:07 79368 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-15 19:07 . 2010-03-15 19:07 64000 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-15 19:07 . 2010-03-15 19:07 52288 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-15 19:07 . 2010-03-15 19:07 50688 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-15 19:07 . 2010-03-15 19:07 49152 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-15 19:07 . 2010-03-15 19:07 118784 ----a-w- c:\users\Skegster\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-13 12:32 . 2009-11-05 22:24 -------- d-----w- c:\program files\WinSCP
2010-03-12 13:56 . 2009-09-23 17:56 -------- d-----w- c:\users\Skegster\AppData\Roaming\uTorrent
2010-03-07 14:13 . 2009-09-23 17:17 -------- d-----w- c:\program files\CCleaner
2010-03-05 09:55 . 2009-09-23 17:55 -------- d-----w- c:\program files\uTorrent
2010-03-03 22:45 . 2010-03-03 22:45 32 ----a-w- c:\programdata\ezsid.dat
2010-02-24 09:16 . 2009-10-03 02:55 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 20:17 . 2009-07-14 08:44 672622 ----a-w- c:\windows\system32\perfh005.dat
2010-02-21 20:17 . 2009-07-14 08:44 137642 ----a-w- c:\windows\system32\perfc005.dat
2010-02-21 12:46 . 2009-09-30 13:38 -------- d-----w- c:\program files\Java
2010-02-19 23:03 . 2010-02-18 23:06 -------- d-----w- c:\users\Skegster\AppData\Roaming\dvdcss
2010-02-17 21:10 . 2009-09-24 05:48 138328 ----a-w- c:\users\Skegster\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-16 17:39 . 2009-10-06 11:11 -------- d-----w- c:\programdata\Microsoft Help
2010-02-16 17:37 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-02-16 17:33 . 2009-10-12 10:41 -------- d-----w- c:\program files\Microsoft
2010-02-16 17:31 . 2010-02-16 17:31 -------- d-----w- c:\users\Skegster\AppData\Roaming\OpenOffice.org
2010-02-16 17:30 . 2010-02-16 17:30 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-15 15:13 . 2010-02-15 14:54 -------- d-----w- c:\users\Skegster\AppData\Roaming\Mathematica
2010-02-15 14:54 . 2010-02-15 14:54 -------- d-----w- c:\programdata\Mathematica
2010-02-15 14:54 . 2010-02-15 14:49 -------- d-----w- c:\program files\Wolfram Research
2010-02-15 10:36 . 2009-12-15 20:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 10:32 . 2010-02-14 16:00 -------- d-----w- c:\program files\Trillian
2010-02-10 13:54 . 2010-01-03 20:07 -------- d-----w- c:\program files\Easy Icon Maker
2010-02-03 21:38 . 2010-02-03 21:38 -------- d-----w- c:\programdata\Blizzard
2010-01-29 17:54 . 2010-03-10 17:56 188416 ----a-w- c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\extensions\gwt-dev-plugin@google.com\lib\WINNT_x86-msvc\ff36\xpGwtDevPlugin.dll
2010-01-28 02:24 . 2010-01-28 02:23 -------- d-----w- c:\program files\Common Files\Real
2010-01-28 02:24 . 2010-01-28 02:24 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-28 02:23 . 2009-10-29 11:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-28 02:23 . 2009-10-22 11:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-28 02:23 . 2010-01-28 02:23 -------- d-----w- c:\program files\Real
2010-01-22 12:58 . 2010-03-10 17:56 188416 ----a-w- c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\extensions\gwt-dev-plugin@google.com\lib\WINNT_x86-msvc\ff35\xpGwtDevPlugin.dll
2010-01-22 12:58 . 2010-03-10 17:56 188416 ----a-w- c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\extensions\gwt-dev-plugin@google.com\lib\WINNT_x86-msvc\ff3\xpGwtDevPlugin.dll
2010-01-22 06:44 . 2009-10-11 16:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 04:39 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 04:39 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 04:39 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 04:39 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 04:39 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 04:39 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 04:39 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 04:38 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-12 05:37 . 2010-01-12 05:37 257568 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-01-11 02:39 . 2010-01-11 02:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-08 03:18 . 2010-02-10 04:39 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 04:39 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-05 15:39 . 2009-12-03 08:27 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-12-25 17:24 . 2010-03-22 17:31 81920 ----a-w- c:\users\Skegster\AppData\Roaming\Instantbird\Profiles\ucp9127j.default\extensions\mintrayr@tn123.ath.cx\components\platform\WINNT_x86-msvc\trayToolkit.dll
2009-12-25 17:24 . 2010-03-22 17:31 80384 ----a-w- c:\users\Skegster\AppData\Roaming\Instantbird\Profiles\ucp9127j.default\extensions\mintrayr@tn123.ath.cx\components\platform\WINNT_x86_64-msvc\trayToolkit.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-11-11 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-28 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Skegster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Skegster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2008-08-24 31744]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
R3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-03-17 38976]
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-03-17 53312]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 95896]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-21 625152]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\users\Skegster\AppData\Roaming\Mozilla\Firefox\Profiles\yiontrnh.default\extensions\gwt-dev-plugin@google.com\lib\WINNT_x86-msvc\ff36\xpGwtDevPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2756)
c:\advanced wheel mouse\wh_hook.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\conhost.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\advanced wheel mouse\wh_exec.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-23 03:56:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-23 02:56
ComboFix2.txt 2010-03-23 02:03

Před spuštěním: Volných bajtů: 26 460 262 400
Po spuštění: Volných bajtů: 25 858 801 664

- - End Of File - - F3F365225DAD8B5CBBFF7C24F9BB97D7

#8 Příspěvek od **motji** » 23 bře 2010 04:18

tuto složku znáte?
c:\cygwin

když už Rootkitreveal v pc máte, udělejte sken, at vyloučíme rootkity

Já už ted končím, budu tu někdy během dne nebo večer

skegster · #9 Příspěvek od **skegster** » 23 bře 2010 18:09

c:/cygwin … tento adresar znam, v nem sem mel linuxove knihovny ktere sem vyuzival ve win … ale cely adresar je uz tak pul smazany

mam problem s rootkitreleave … scan mi probehne ale kdyz chci ulozit log tak se mi to kousne

#10 Příspěvek od **motji** » 23 bře 2010 22:23

Nevadí, jestli nejste proti, použijeme jiný antirootkit

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

skegster · #11 Příspěvek od **skegster** » 23 bře 2010 23:11

uz sem rozchodil ten rootkitreveale pres cmd ale ten log ma okolo 37 Mb

#12 Příspěvek od **motji** » 23 bře 2010 23:13

Nějaký vycuc by z toho asi nebyl

skegster · #13 Příspěvek od **skegster** » 23 bře 2010 23:16

bohuzel nevim kterou cast z toho mam vycucnout

#14 Příspěvek od **motji** » 23 bře 2010 23:21

Můžete mi udělat sken Gmerem, návod je výš? Ten log bych studovala asi opravdu do rána

skegster · #15 Příspěvek od **skegster** » 24 bře 2010 00:45

u me ten scan netrva 5 - 10 minut ale tak hodinu

log1:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-23 23:25:10
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Skegster\AppData\Local\Temp\kgrirkod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:216] 86429930

---- EOF - GMER 1.0.15 ----

log2:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-24 00:23:42
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Skegster\AppData\Local\Temp\kgrirkod.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830363F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301F2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830361DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830366F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830371A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C4F5C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C74052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys A0205C9E 27 Bytes [A3, 83, 0F, 15, 28, BE, 41, ...]
.text peauth.sys A0205CC2 27 Bytes [A3, 83, 0F, 15, 28, BE, 41, ...]
? C:\Windows\system32\Drivers\RKREVEAL150.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1644] ntdll.dll!LdrLoadDll 76E1F585 5 Bytes JMP 010C13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1860] kernel32.dll!SetUnhandledExceptionFilter 76C33162 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A72494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A55624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A7250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A68573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A64D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73A666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A68819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A6907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A6E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73A64C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000065 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:216] 86429930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243a43e57
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243a43e57 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

VIRY.CZ

pri startu se nespusti explorer.exe

pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe

Re: pri startu se nespusti explorer.exe