Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé PC
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
lukas1421992
- 2. Stupeň Varování
- Příspěvky: 67
- Registrován: 17 lis 2007 17:13
- Bydliště: Jihlava
- Kontaktovat uživatele:
Re: Pomalé PC
Pořád je to stejný, ale teď se k tomu přidal i proces explorer.exe... počítač je na 100% a ten explorer.exe je někdy na 100% někdy na 90%
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Pomalé PC
Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe- Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
- Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
- Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
- Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
- Během skenování může být počítač restartován.
-
lukas1421992
- 2. Stupeň Varování
- Příspěvky: 67
- Registrován: 17 lis 2007 17:13
- Bydliště: Jihlava
- Kontaktovat uživatele:
Re: Pomalé PC
no už to trochu kleslo.. je to na 60% a explorer.exe je na 55%
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
lukas1421992
- 2. Stupeň Varování
- Příspěvky: 67
- Registrován: 17 lis 2007 17:13
- Bydliště: Jihlava
- Kontaktovat uživatele:
Re: Pomalé PC
ComboFix 10-04-14.01 - Luke 14.04.2010 19:28:25.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3001.2037 [GMT 2:00]
Spuštěný z: c:\users\Luke\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Luke\AppData\Local\Temp\sfamcc00001.dll
c:\users\Luke\AppData\Local\Temp\sfareca00001.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-14 do 2010-04-14 )))))))))))))))))))))))))))))))
.
2010-04-14 17:40 . 2010-04-14 17:44 -------- d-----w- c:\users\Luke\AppData\Local\temp
2010-04-14 17:40 . 2010-04-14 17:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-14 17:40 . 2010-04-14 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-14 16:40 . 2010-04-14 16:40 -------- d-----w- C:\_OTL
2010-04-14 12:19 . 2010-04-14 12:44 -------- dc----w- c:\program files\trend micro
2010-04-14 12:19 . 2010-04-14 12:44 -------- d-----w- C:\rsit
2010-04-14 11:54 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 11:54 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 11:54 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 11:53 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 11:53 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 11:53 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 11:53 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 11:53 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-07 17:47 . 2010-04-07 17:51 -------- d-----w- c:\users\Luke\AppData\Roaming\Nokia
2010-04-07 17:46 . 2010-04-07 17:51 -------- d-----w- c:\users\Luke\AppData\Roaming\PC Suite
2010-04-07 17:46 . 2010-04-07 17:51 -------- d-----w- c:\programdata\PC Suite
2010-04-07 17:41 . 2010-04-07 17:41 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-07 17:41 . 2010-04-07 17:41 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-07 17:40 . 2010-04-07 17:41 -------- dc----w- c:\program files\DIFX
2010-04-07 17:40 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-07 17:40 . 2010-04-07 17:40 -------- dc----w- c:\program files\PC Connectivity Solution
2010-04-07 17:39 . 2010-04-07 17:41 -------- dc----w- c:\program files\Nokia
2010-04-07 17:37 . 2010-04-07 17:36 34701344 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze_web.exe
2010-04-07 17:36 . 2010-04-07 17:36 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-04-07 17:36 . 2010-04-07 17:36 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-07 17:36 . 2010-04-07 17:36 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-07 17:36 . 2010-04-07 17:36 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-07 17:36 . 2010-04-07 17:36 -------- d-----w- c:\programdata\Installations
2010-04-06 13:10 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-04-06 13:04 . 2010-04-06 13:04 -------- d-----w- C:\MAGIX
2010-04-06 13:04 . 2002-09-20 22:33 1089536 ----a-w- c:\windows\system32\ROBOEX32.DLL
2010-04-06 13:04 . 1999-01-28 12:44 49152 ----a-w- c:\windows\system32\INETWH32.dll
2010-04-06 13:04 . 1998-10-15 15:28 85504 ----a-w- c:\windows\system32\HtmlWH.dll
2010-04-06 13:04 . 2010-04-06 13:07 -------- d-----w- c:\windows\system32\MAGIX
2010-04-06 13:04 . 2006-07-05 09:21 638976 ----a-w- c:\windows\system32\mgxoschk.dll
2010-04-06 11:03 . 2010-04-06 11:03 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 10:58 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-05 13:54 . 2010-04-05 13:55 -------- dc----w- c:\program files\QuickTime
2010-03-30 18:12 . 2010-03-30 18:13 -------- dc----w- c:\program files\ICQ7.1
2010-03-30 13:04 . 2010-04-01 19:32 -------- d-----w- c:\users\Luke\AppData\Local\NFS Underground 2
2010-03-30 11:50 . 2010-03-30 11:50 -------- d-----w- c:\program files\Common Files\Skype
2010-03-30 11:43 . 2010-03-30 11:43 3304 ------w- C:\bootsqm.dat
2010-03-29 18:14 . 2010-03-29 18:14 -------- d-----w- c:\windows\system32\AGEIA
2010-03-29 18:14 . 2010-03-29 18:14 -------- dc----w- c:\program files\AGEIA Technologies
2010-03-29 16:18 . 2010-03-29 16:18 -------- d-----w- c:\programdata\Motive
2010-03-21 12:53 . 2010-03-21 12:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-18 20:21 . 2010-03-18 20:21 198064 ----a-w- c:\users\Luke\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-18 20:20 . 2010-04-12 13:08 -------- d-----w- c:\users\Luke\AppData\Roaming\DMCache
2010-03-18 20:20 . 2010-03-18 20:52 -------- d-----w- c:\users\Luke\AppData\Roaming\IDM
2010-03-18 20:20 . 2010-03-18 20:20 -------- dc----w- c:\program files\Internet Download Manager
2010-03-17 19:27 . 2010-03-17 19:28 -------- dc----w- c:\program files\Banner Maker Pro 7
2010-03-17 14:34 . 2010-03-17 14:34 -------- d-----w- c:\users\Luke\AppData\Roaming\IsolatedStorage
2010-03-17 13:08 . 2010-03-17 14:32 -------- d-----w- c:\programdata\TrackMania
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 17:44 . 2009-03-26 19:30 -------- d-----w- c:\users\Luke\AppData\Roaming\ICQ
2010-04-14 17:43 . 2009-03-26 19:25 -------- d-----w- c:\users\Luke\AppData\Roaming\Skype
2010-04-14 17:43 . 2009-04-27 12:20 -------- d-----w- c:\program files\NetSoftware
2010-04-14 17:42 . 2009-12-18 14:56 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-14 17:18 . 2009-07-14 08:44 674298 ----a-w- c:\windows\system32\perfh005.dat
2010-04-14 17:18 . 2009-07-14 08:44 138238 ----a-w- c:\windows\system32\perfc005.dat
2010-04-14 16:48 . 2009-03-26 19:26 -------- d-----w- c:\users\Luke\AppData\Roaming\skypePM
2010-04-14 16:42 . 2009-03-26 17:32 -------- d-----w- c:\program files\Google
2010-04-14 13:14 . 2009-02-02 00:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 13:06 . 2009-05-06 16:12 -------- d-----w- c:\programdata\Lavasoft
2010-04-14 13:06 . 2009-05-06 16:12 -------- d-----w- c:\program files\Lavasoft
2010-04-14 12:07 . 2009-02-02 00:27 -------- d-----w- c:\programdata\Microsoft Help
2010-04-07 18:14 . 2010-04-07 18:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-07 17:51 . 2010-04-07 17:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-07 16:23 . 2009-10-13 19:17 -------- d-----w- c:\users\Luke\AppData\Roaming\MyPhoneExplorer
2010-04-06 17:42 . 2009-10-19 18:56 141952 ----a-w- c:\users\Luke\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-06 13:07 . 2010-04-06 13:07 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2010-04-06 11:00 . 2009-07-10 18:37 -------- d-----w- c:\program files\Java
2010-04-05 13:54 . 2009-11-23 15:13 -------- d-----w- c:\programdata\Apple Computer
2010-03-29 16:19 . 2009-04-03 13:15 -------- d-----w- c:\program files\Photo_Resizer_Pro4
2010-03-29 16:19 . 2009-06-19 13:55 -------- d-----w- c:\program files\Common Files\Motive
2010-03-29 16:15 . 2009-05-12 17:30 -------- d-----w- c:\program files\Free YouTube Downloader Converter
2010-03-29 16:15 . 2009-03-31 13:47 -------- d-----w- c:\program files\FlashGet
2010-03-15 19:11 . 2010-02-08 18:34 -------- d-----w- c:\program files\High Quality Photo Resizer
2010-03-14 11:43 . 2010-03-14 11:00 -------- d-----w- c:\users\Luke\AppData\Roaming\WakeOnLan
2010-03-14 10:30 . 2010-01-24 11:03 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-03-14 10:30 . 2010-01-24 11:03 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-03-09 20:34 . 2010-03-09 19:10 -------- d-----w- c:\programdata\Norton
2010-03-09 20:34 . 2009-06-05 11:35 -------- d-----w- c:\program files\Norton Security Scan
2010-03-09 19:10 . 2009-06-05 11:57 -------- d-----w- c:\programdata\Symantec
2010-03-09 19:10 . 2010-03-09 19:10 -------- d-----w- c:\programdata\NortonInstaller
2010-03-09 16:12 . 2010-03-09 16:12 -------- d-----w- c:\programdata\DobeSoftCZ
2010-03-09 02:28 . 2009-07-10 18:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 17:47 . 2010-03-08 17:47 -------- d-----w- c:\programdata\Prometheus
2010-03-08 17:47 . 2010-03-08 17:47 -------- d-----w- c:\program files\Prometheus
2010-02-26 13:22 . 2010-02-26 13:22 -------- d-----w- c:\program files\Common Files\Intel
2010-02-26 13:22 . 2008-05-07 06:37 -------- d-----w- c:\program files\Intel
2010-02-26 13:14 . 2010-02-26 13:14 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-25 17:01 . 2010-02-25 17:01 -------- d-----w- c:\programdata\Solidshield
2010-02-24 21:17 . 2009-12-29 19:08 -------- d-----w- c:\program files\SRDownloader
2010-02-24 14:42 . 2010-02-12 10:57 -------- d-----w- c:\users\Luke\AppData\Roaming\Vso
2010-02-24 14:34 . 2009-05-01 19:22 -------- d-----w- c:\programdata\InterVideo
2010-02-24 08:16 . 2009-10-03 18:39 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 20:18 . 2010-02-22 20:18 8290304 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\SDH-Výročka.tls.dll
2010-02-22 20:08 . 2010-02-22 20:08 6918144 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Borabora.tls.dll
2010-02-22 18:50 . 2010-02-22 18:50 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-22 18:50 . 2010-02-22 18:50 -------- d-----w- c:\users\Luke\AppData\Roaming\TuneUp Software
2010-02-22 18:50 . 2010-02-22 18:49 -------- d-----w- c:\programdata\TuneUp Software
2010-02-22 18:49 . 2010-02-22 18:49 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-12 10:57 . 2010-02-12 10:57 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-12 10:57 . 2010-02-12 10:57 47360 ----a-w- c:\users\Luke\AppData\Roaming\pcouffin.sys
2010-02-12 10:57 . 2010-02-12 10:57 47360 ----a-w- c:\users\Luke\AppData\Roaming\pcouffin.sys
2010-02-11 07:10 . 2010-03-08 15:08 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-08 20:40 . 2010-02-08 20:40 7052368 ----a-w- c:\users\Luke\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build06.exe
2010-02-02 11:24 . 2010-02-22 18:50 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-02 11:18 . 2010-02-22 18:50 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-02-02 11:18 . 2010-02-22 18:50 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-02 07:45 . 2010-02-24 13:04 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 23:29 . 2010-02-10 09:23 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 09:23 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 09:23 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 09:23 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 09:23 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 09:23 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 09:23 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 09:23 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-04-27 12:22 . 2009-04-27 12:22 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\MyPlayCity\tbMyPl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-03-30 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-03-12 139264]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
c:\users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Manager.LNK - c:\program files\Launch Manager\LManager.exe [2009-3-27 875016]
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileUploader]
2010-02-24 21:17 475136 ----a-w- c:\program files\SRDownloader\SRDownloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 08:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-05 691696]
R2 gupdate1ca15c411d94750;Služba Google Update (gupdate1ca15c411d94750);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-02-26 23456]
R3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-26 24064]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-06 64160]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-02 1043784]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 11:58]
2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 11:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0309&m=extensa_5630
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\rayou3uo.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\NetSoftware\gemgecko\components\gemgecko.dll
FF - component: c:\users\Luke\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npIEGetPlugin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3488779961-1581135155-2492401147-1003\Software\SecuROM\License information*]
"datasecu"=hex:8f,9d,d8,f4,5c,b7,5f,72,de,3a,18,3b,ce,f5,e8,8a,69,34,8c,c4,f6,
c5,bb,ab,1e,b5,d1,ab,9a,45,22,1c,3e,e6,0f,91,56,a7,7f,66,19,b0,72,38,9c,bd,\
"rkeysecu"=hex:e0,34,f0,c7,8f,ff,46,dd,44,3c,b8,4d,e1,d7,cf,8b
[HKEY_USERS\S-1-5-21-3488779961-1581135155-2492401147-1003_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):db,c6,30,92,4b,36,62,52,4a,d1,e3,6d,6e,26,c0,34,cc,61,56,65,40,
b4,d9,3f,03,9a,cc,c1,13,04,e2,f6,2c,a0,68,db,8f,7c,00,9a,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-3488779961-1581135155-2492401147-1003_Classes\CLSID\{b98d7639-5799-43aa-b3d0-c259261c88c4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000065
"Therad"=dword:0000001a
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(2724)
c:\windows\System32\SysHook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Total Video Converter\FLV.ax
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Sony Ericsson\Mobile2\File Manager\FM.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Common Files\Teleca Shared\tlib_log.dll
c:\program files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\users\Luke\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\ehome\ehmsas.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-04-14 19:52:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-14 17:52
ComboFix2.txt 2009-09-15 16:38
Před spuštěním: 4 785 111 040
Po spuštění: 4 846 907 392
- - End Of File - - AA1242B065FAA75C7C82904DF12F6E59
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3001.2037 [GMT 2:00]
Spuštěný z: c:\users\Luke\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Luke\AppData\Local\Temp\sfamcc00001.dll
c:\users\Luke\AppData\Local\Temp\sfareca00001.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-14 do 2010-04-14 )))))))))))))))))))))))))))))))
.
2010-04-14 17:40 . 2010-04-14 17:44 -------- d-----w- c:\users\Luke\AppData\Local\temp
2010-04-14 17:40 . 2010-04-14 17:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-14 17:40 . 2010-04-14 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-14 16:40 . 2010-04-14 16:40 -------- d-----w- C:\_OTL
2010-04-14 12:19 . 2010-04-14 12:44 -------- dc----w- c:\program files\trend micro
2010-04-14 12:19 . 2010-04-14 12:44 -------- d-----w- C:\rsit
2010-04-14 11:54 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 11:54 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 11:54 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 11:53 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 11:53 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 11:53 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 11:53 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 11:53 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-07 17:47 . 2010-04-07 17:51 -------- d-----w- c:\users\Luke\AppData\Roaming\Nokia
2010-04-07 17:46 . 2010-04-07 17:51 -------- d-----w- c:\users\Luke\AppData\Roaming\PC Suite
2010-04-07 17:46 . 2010-04-07 17:51 -------- d-----w- c:\programdata\PC Suite
2010-04-07 17:41 . 2010-04-07 17:41 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-07 17:41 . 2010-04-07 17:41 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-07 17:40 . 2010-04-07 17:41 -------- dc----w- c:\program files\DIFX
2010-04-07 17:40 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-07 17:40 . 2010-04-07 17:40 -------- dc----w- c:\program files\PC Connectivity Solution
2010-04-07 17:39 . 2010-04-07 17:41 -------- dc----w- c:\program files\Nokia
2010-04-07 17:37 . 2010-04-07 17:36 34701344 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze_web.exe
2010-04-07 17:36 . 2010-04-07 17:36 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-04-07 17:36 . 2010-04-07 17:36 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-07 17:36 . 2010-04-07 17:36 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-07 17:36 . 2010-04-07 17:36 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-07 17:36 . 2010-04-07 17:36 -------- d-----w- c:\programdata\Installations
2010-04-06 13:10 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-04-06 13:04 . 2010-04-06 13:04 -------- d-----w- C:\MAGIX
2010-04-06 13:04 . 2002-09-20 22:33 1089536 ----a-w- c:\windows\system32\ROBOEX32.DLL
2010-04-06 13:04 . 1999-01-28 12:44 49152 ----a-w- c:\windows\system32\INETWH32.dll
2010-04-06 13:04 . 1998-10-15 15:28 85504 ----a-w- c:\windows\system32\HtmlWH.dll
2010-04-06 13:04 . 2010-04-06 13:07 -------- d-----w- c:\windows\system32\MAGIX
2010-04-06 13:04 . 2006-07-05 09:21 638976 ----a-w- c:\windows\system32\mgxoschk.dll
2010-04-06 11:03 . 2010-04-06 11:03 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 10:58 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-05 13:54 . 2010-04-05 13:55 -------- dc----w- c:\program files\QuickTime
2010-03-30 18:12 . 2010-03-30 18:13 -------- dc----w- c:\program files\ICQ7.1
2010-03-30 13:04 . 2010-04-01 19:32 -------- d-----w- c:\users\Luke\AppData\Local\NFS Underground 2
2010-03-30 11:50 . 2010-03-30 11:50 -------- d-----w- c:\program files\Common Files\Skype
2010-03-30 11:43 . 2010-03-30 11:43 3304 ------w- C:\bootsqm.dat
2010-03-29 18:14 . 2010-03-29 18:14 -------- d-----w- c:\windows\system32\AGEIA
2010-03-29 18:14 . 2010-03-29 18:14 -------- dc----w- c:\program files\AGEIA Technologies
2010-03-29 16:18 . 2010-03-29 16:18 -------- d-----w- c:\programdata\Motive
2010-03-21 12:53 . 2010-03-21 12:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-18 20:21 . 2010-03-18 20:21 198064 ----a-w- c:\users\Luke\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-18 20:20 . 2010-04-12 13:08 -------- d-----w- c:\users\Luke\AppData\Roaming\DMCache
2010-03-18 20:20 . 2010-03-18 20:52 -------- d-----w- c:\users\Luke\AppData\Roaming\IDM
2010-03-18 20:20 . 2010-03-18 20:20 -------- dc----w- c:\program files\Internet Download Manager
2010-03-17 19:27 . 2010-03-17 19:28 -------- dc----w- c:\program files\Banner Maker Pro 7
2010-03-17 14:34 . 2010-03-17 14:34 -------- d-----w- c:\users\Luke\AppData\Roaming\IsolatedStorage
2010-03-17 13:08 . 2010-03-17 14:32 -------- d-----w- c:\programdata\TrackMania
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 17:44 . 2009-03-26 19:30 -------- d-----w- c:\users\Luke\AppData\Roaming\ICQ
2010-04-14 17:43 . 2009-03-26 19:25 -------- d-----w- c:\users\Luke\AppData\Roaming\Skype
2010-04-14 17:43 . 2009-04-27 12:20 -------- d-----w- c:\program files\NetSoftware
2010-04-14 17:42 . 2009-12-18 14:56 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-14 17:18 . 2009-07-14 08:44 674298 ----a-w- c:\windows\system32\perfh005.dat
2010-04-14 17:18 . 2009-07-14 08:44 138238 ----a-w- c:\windows\system32\perfc005.dat
2010-04-14 16:48 . 2009-03-26 19:26 -------- d-----w- c:\users\Luke\AppData\Roaming\skypePM
2010-04-14 16:42 . 2009-03-26 17:32 -------- d-----w- c:\program files\Google
2010-04-14 13:14 . 2009-02-02 00:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 13:06 . 2009-05-06 16:12 -------- d-----w- c:\programdata\Lavasoft
2010-04-14 13:06 . 2009-05-06 16:12 -------- d-----w- c:\program files\Lavasoft
2010-04-14 12:07 . 2009-02-02 00:27 -------- d-----w- c:\programdata\Microsoft Help
2010-04-07 18:14 . 2010-04-07 18:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-07 17:51 . 2010-04-07 17:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-07 16:23 . 2009-10-13 19:17 -------- d-----w- c:\users\Luke\AppData\Roaming\MyPhoneExplorer
2010-04-06 17:42 . 2009-10-19 18:56 141952 ----a-w- c:\users\Luke\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-06 13:07 . 2010-04-06 13:07 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2010-04-06 11:00 . 2009-07-10 18:37 -------- d-----w- c:\program files\Java
2010-04-05 13:54 . 2009-11-23 15:13 -------- d-----w- c:\programdata\Apple Computer
2010-03-29 16:19 . 2009-04-03 13:15 -------- d-----w- c:\program files\Photo_Resizer_Pro4
2010-03-29 16:19 . 2009-06-19 13:55 -------- d-----w- c:\program files\Common Files\Motive
2010-03-29 16:15 . 2009-05-12 17:30 -------- d-----w- c:\program files\Free YouTube Downloader Converter
2010-03-29 16:15 . 2009-03-31 13:47 -------- d-----w- c:\program files\FlashGet
2010-03-15 19:11 . 2010-02-08 18:34 -------- d-----w- c:\program files\High Quality Photo Resizer
2010-03-14 11:43 . 2010-03-14 11:00 -------- d-----w- c:\users\Luke\AppData\Roaming\WakeOnLan
2010-03-14 10:30 . 2010-01-24 11:03 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-03-14 10:30 . 2010-01-24 11:03 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-03-09 20:34 . 2010-03-09 19:10 -------- d-----w- c:\programdata\Norton
2010-03-09 20:34 . 2009-06-05 11:35 -------- d-----w- c:\program files\Norton Security Scan
2010-03-09 19:10 . 2009-06-05 11:57 -------- d-----w- c:\programdata\Symantec
2010-03-09 19:10 . 2010-03-09 19:10 -------- d-----w- c:\programdata\NortonInstaller
2010-03-09 16:12 . 2010-03-09 16:12 -------- d-----w- c:\programdata\DobeSoftCZ
2010-03-09 02:28 . 2009-07-10 18:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 17:47 . 2010-03-08 17:47 -------- d-----w- c:\programdata\Prometheus
2010-03-08 17:47 . 2010-03-08 17:47 -------- d-----w- c:\program files\Prometheus
2010-02-26 13:22 . 2010-02-26 13:22 -------- d-----w- c:\program files\Common Files\Intel
2010-02-26 13:22 . 2008-05-07 06:37 -------- d-----w- c:\program files\Intel
2010-02-26 13:14 . 2010-02-26 13:14 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-25 17:01 . 2010-02-25 17:01 -------- d-----w- c:\programdata\Solidshield
2010-02-24 21:17 . 2009-12-29 19:08 -------- d-----w- c:\program files\SRDownloader
2010-02-24 14:42 . 2010-02-12 10:57 -------- d-----w- c:\users\Luke\AppData\Roaming\Vso
2010-02-24 14:34 . 2009-05-01 19:22 -------- d-----w- c:\programdata\InterVideo
2010-02-24 08:16 . 2009-10-03 18:39 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 20:18 . 2010-02-22 20:18 8290304 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\SDH-Výročka.tls.dll
2010-02-22 20:08 . 2010-02-22 20:08 6918144 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Borabora.tls.dll
2010-02-22 18:50 . 2010-02-22 18:50 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-22 18:50 . 2010-02-22 18:50 -------- d-----w- c:\users\Luke\AppData\Roaming\TuneUp Software
2010-02-22 18:50 . 2010-02-22 18:49 -------- d-----w- c:\programdata\TuneUp Software
2010-02-22 18:49 . 2010-02-22 18:49 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-12 10:57 . 2010-02-12 10:57 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-12 10:57 . 2010-02-12 10:57 47360 ----a-w- c:\users\Luke\AppData\Roaming\pcouffin.sys
2010-02-12 10:57 . 2010-02-12 10:57 47360 ----a-w- c:\users\Luke\AppData\Roaming\pcouffin.sys
2010-02-11 07:10 . 2010-03-08 15:08 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-08 20:40 . 2010-02-08 20:40 7052368 ----a-w- c:\users\Luke\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build06.exe
2010-02-02 11:24 . 2010-02-22 18:50 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-02 11:18 . 2010-02-22 18:50 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-02-02 11:18 . 2010-02-22 18:50 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-02 07:45 . 2010-02-24 13:04 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 23:29 . 2010-02-10 09:23 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 09:23 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 09:23 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 09:23 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 09:23 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 09:23 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 09:23 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 09:23 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-04-27 12:22 . 2009-04-27 12:22 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\MyPlayCity\tbMyPl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-03-30 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-03-12 139264]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
c:\users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Manager.LNK - c:\program files\Launch Manager\LManager.exe [2009-3-27 875016]
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileUploader]
2010-02-24 21:17 475136 ----a-w- c:\program files\SRDownloader\SRDownloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 08:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-05 691696]
R2 gupdate1ca15c411d94750;Služba Google Update (gupdate1ca15c411d94750);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-02-26 23456]
R3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-26 24064]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-06 64160]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-02 1043784]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 11:58]
2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 11:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0309&m=extensa_5630
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\rayou3uo.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\NetSoftware\gemgecko\components\gemgecko.dll
FF - component: c:\users\Luke\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npIEGetPlugin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3488779961-1581135155-2492401147-1003\Software\SecuROM\License information*]
"datasecu"=hex:8f,9d,d8,f4,5c,b7,5f,72,de,3a,18,3b,ce,f5,e8,8a,69,34,8c,c4,f6,
c5,bb,ab,1e,b5,d1,ab,9a,45,22,1c,3e,e6,0f,91,56,a7,7f,66,19,b0,72,38,9c,bd,\
"rkeysecu"=hex:e0,34,f0,c7,8f,ff,46,dd,44,3c,b8,4d,e1,d7,cf,8b
[HKEY_USERS\S-1-5-21-3488779961-1581135155-2492401147-1003_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):db,c6,30,92,4b,36,62,52,4a,d1,e3,6d,6e,26,c0,34,cc,61,56,65,40,
b4,d9,3f,03,9a,cc,c1,13,04,e2,f6,2c,a0,68,db,8f,7c,00,9a,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-3488779961-1581135155-2492401147-1003_Classes\CLSID\{b98d7639-5799-43aa-b3d0-c259261c88c4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000065
"Therad"=dword:0000001a
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(2724)
c:\windows\System32\SysHook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Total Video Converter\FLV.ax
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Sony Ericsson\Mobile2\File Manager\FM.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Common Files\Teleca Shared\tlib_log.dll
c:\program files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\users\Luke\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\ehome\ehmsas.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-04-14 19:52:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-14 17:52
ComboFix2.txt 2009-09-15 16:38
Před spuštěním: 4 785 111 040
Po spuštění: 4 846 907 392
- - End Of File - - AA1242B065FAA75C7C82904DF12F6E59
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Pomalé PC
Odinstalujte všechny emulátory virtuálních mechanik. Stáhněte SPTD http://www.duplexsecure.com/en/downloads
- Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
- zvolte možnost Uninstall a restartujte PC.
Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe
- Klikněte na "Disable" a restartujte PC.
Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe Start > Spustit (Win + R)- Vyskočí okénko, zkopírujte do něj:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Klikněte na OK
- Vytvoří se log s názvem mbr.log, vložte ho sem.
Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878-
lukas1421992
- 2. Stupeň Varování
- Příspěvky: 67
- Registrován: 17 lis 2007 17:13
- Bydliště: Jihlava
- Kontaktovat uživatele:
Re: Pomalé PC
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
kernel: error reading MBR
device: opened successfully
user: error reading MBR
kernel: error reading MBR
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Pomalé PC
Klikněte pravým tl. myši na soubor "MBR", zvolte "Vlastnosti" - "Kompatibilita" a zaškrtněte položku "Spustit tento program jako správce" - OK. Poté proveďte následující: Start > Spustit (Win + R)- Vyskočí okénko, zkopírujte do něj:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Klikněte na OK
- Vytvoří se log s názvem mbr.log, vložte ho sem.
-
lukas1421992
- 2. Stupeň Varování
- Příspěvky: 67
- Registrován: 17 lis 2007 17:13
- Bydliště: Jihlava
- Kontaktovat uživatele:
Re: Pomalé PC
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
kernel: MBR read successfully
user & kernel MBR OK
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
lukas1421992
- 2. Stupeň Varování
- Příspěvky: 67
- Registrován: 17 lis 2007 17:13
- Bydliště: Jihlava
- Kontaktovat uživatele:
Re: Pomalé PC
rychlý sken... ten druhý bude za chvilku:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-14 20:33:20
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Luke\AppData\Local\Temp\ugrdapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-14 20:33:20
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Luke\AppData\Local\Temp\ugrdapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
-
lukas1421992
- 2. Stupeň Varování
- Příspěvky: 67
- Registrován: 17 lis 2007 17:13
- Bydliště: Jihlava
- Kontaktovat uživatele:
Re: Pomalé PC
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 20:49:35
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Luke\AppData\Local\Temp\ugrdapow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83647AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83647104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836473F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836302D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8362F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836471DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83647958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836476F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83647F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836481A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83260599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83284F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys AD23BC9D 28 Bytes [5E, 2E, E6, C5, CA, 81, A7, ...]
.text peauth.sys AD23BCC1 28 Bytes [5E, 2E, E6, C5, CA, 81, A7, ...]
PAGE peauth.sys AD241B9B 72 Bytes [27, C7, E5, 67, 92, E7, 3F, ...]
PAGE peauth.sys AD241BEC 111 Bytes [10, F4, 67, 97, D8, 97, DC, ...]
PAGE peauth.sys AD241E20 101 Bytes [66, 87, 41, A1, 4F, 79, 76, ...]
PAGE ...
? C:\Users\Luke\AppData\Local\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1680] kernel32.dll!SetUnhandledExceptionFilter 75793162 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3020] ntdll.dll!LdrLoadDll 7724F585 5 Bytes JMP 010F13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 00730F60
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 00730FC0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 007311B0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00731250
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0072FBC0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0072FB80
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0072AA00
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 0072A6D0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 00730CF0
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DF2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DD5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DD56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DF250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DE8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DE4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DE50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DE51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73DE66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DE82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DE8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DE907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DEE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DE4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\000000b1 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR5B91 \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@0024ef817d8e 0x1C 0x13 0xCB 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@0025cf817fc9 0x76 0x6E 0x14 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@00196353c0fc 0xEA 0xC6 0x02 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@001fe2ff4a6e 0x51 0xB7 0xF1 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@001c9a258b41 0xB8 0xA6 0x39 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@002669f813b3 0xFE 0x96 0x3E 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@002668260e7b 0x2C 0x17 0x05 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@3cf72ac82282 0xE1 0xB7 0x11 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????????.NT?????????????????????????????????????????????????????%SystemRoot%\system32\svchost.exe -k netsvcs??????????????????(?????????p?????????????????????????????????????????$??????????????&???????Z?????D??????b????????????n????11??????????????????????????????????????????????????????????bitsperf.dll?????????????????6??????????????????????????????????????????????????????????????????????????????????????????Local???????????Obecn? svazek???cdrom.inf_x86_neutral_db87d184bc84f910??????FSFilter Infrastructure??????????????????????????????????B??s115mgmt.sys????????????tunnel??? ??????e???????????????????????????????????????text?n????????????:???????????h??????????????B??????????????????????6-21-2006???Microsoft???*6to4mp?????????e???6-21-2006????????????????????????????? ??6???????????B??system32\drivers\fileinfo.sys???255.0.0.0?5.0???????????????????????????????*6to4mp?????????????4-24-2007???battery.inf_x86_neutral_5752155055c5e2d7????????????????????????????????????????????????????????????17??????????t??
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????ta??????????????????????????????????????????????????????????????????????????????????????????TCPIP6TUNNEL?Tcpip6??2????`??????F???B??\Device\{4233059D-D1C9-4C58-A7BB-776D980C054F}??4A???????????e?????s_T??????????????????????? ???{???-?????06???????????????????????????????*6to4mp??????????????r???????????????????????????????????????????????????????????????????????????????????????I??EN????N??????-?????D0D????$??????2???????e??Root\*6TO4MP\0004????????????C??????2-???? ??7??????????? ???????????????? ???????"?????????"??????????????????F5F??? ???????v?????etB??? ?????????????????????1????????????&????????????????????o???????????????5??????0-??? ???????????????????????????????????????f??????????? ???????2?????-0C??BTHENUM\{00001103-0000-1000-8000-00805f9b34fb}_VID&00000000_PID&c089?BTHENUM\{00001103-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f??Dev??? `??????c??????s5??BTHENUM\{00001103-0000-1000-8000-00805f9b34fb}??Tc????N??????3?????DF-??????????????????????????\\?\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????Ke????N???????????D?????? 0?????????????????6-21-2006???? ??????????????????6-21-2006???STORAGE\VolumeSnapshot???3??{533c5b84-ec70-11d2-9505-00c04f79deaf}\0060??&??????????????t????????????? ??|?????????e????BTHMODEM????WudfPf??????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0065???????N?`???????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????? 0??????4?????6b-??6-21-2006???BTHMODEM??????:????????g????????????????????????????????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????{00000000-0000-0000-0000-000000000000}??????????????????????????????? ???????9??Keyboard Port???????????{533c5b84-ec70-11d2-9505-00c04f79deaf}???????????????9?????s????????????{00000000-0000-0000-0000-000000000000}??????????????????????????????????????????????????????????????????????????????t???????????????????????????????????????????????STORAGE\VolumeSnapshot??oa?????????????????s{4??ServiceMain?????STORAGE\VolumeSnapshot??8}??????????????????????????????system32\DRIVERS\msisadrv.sys??????????????g???????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????)???????????? l??????7?????evi??????????????t????#???????t??????????????????????????????? l??????B?????DAD??????????PEAUTH??????????????????????????????????Typ?????{0c0bc393-648f-5b7b-b8ed-818d4056867e}??????????????????????????*6to4mp?????{36fc9e60-c465-11cf-8056-444553540000}\0011?????{6bdd1fc6-810f-11d0-bec7-08002be2092f}?6.1??????? ???????????????? ?P?????"???&??????????????????????????????????8???????????????????????????????3??????@usbport.inf,%generic.mfg%;(Standardn? hostitelsk? ?adi? USB)???)????????????????????c?????s{C???6????????????????????????????????????????????8???????????h?????????????? ???????-??????sF??{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp??6D????^????????????e???????????????g??????\????????????e????Event Log???????????????????????????????????????????????????text?p??????????????????????????????{36fc9e60-c465-11cf-8056-444553540000}??? ??Extended Base???????????????Microsoft?????:??????5?g4D???????????S???e????J????????????n????????????????????????????????tunnel??????@usbport.in
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????????????|?????????? #??STORAGE\Volume??? ??Microsoft????????????????????????????6??sc???????????????????????????????????????????????????6???8??ms_pptpminiport?????????????????????????????????????????????? ???????C??????n}??LegacyDriver?????????????????F??s???{7a892918-8ddf-5781-8ecd-4092700cc05a}??????? ?????????????????????1??L????????? ??????_x8??? ?????????????????????1????????????&???????????????????????COM5????? ?????????????????????1????????????????????????????????????????????? ?????????????????????1????????????&????????????????????e??? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????? ?????????????????????1????????????&???????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????&???????????????????????????????????????????????????????????????????????????????????????????? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????%SystemRoot%\System32\rasmans.dll???PnP Filter??????????????????????????????????????????t????????e???????????????????????t????????????????<???????????h???????b????????????n????tunnel????????????????????????????????R????????????n?????????????B????b????????????n????System32\drivers\rdyboost.sys???t???????????????????????????????????????????Microsoft???????????????????????????G???????????system32\DRIVERS\rdpbus.sys?\rdpbus.sys???????^????????????n????????????????t???????????????????R???????????System32\drivers\pcw.sys??????<???????????h??????????????? ??{???????????e???e??????????text??????????????X????????????e????????????????????????????????????Typ? A??????????????????????????t?????8???????????h?????11???????????????????????????????B??????????????????????????????@%SystemRoot%\system32\drivers\partmgr.sys,-101??????????????????????????????????h???????h???????X???????????????????????????????????????????????????????????????????B????????????????????????4???????????h????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR5B91 \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@0024ef817d8e 0x1C 0x13 0xCB 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@0025cf817fc9 0x76 0x6E 0x14 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@00196353c0fc 0xEA 0xC6 0x02 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@001fe2ff4a6e 0x51 0xB7 0xF1 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@001c9a258b41 0xB8 0xA6 0x39 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@002669f813b3 0xFE 0x96 0x3E 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@002668260e7b 0x2C 0x17 0x05 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@3cf72ac82282 0xE1 0xB7 0x11 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ????????????????????????????????????? ??Port_#0002.Hub_#0005?????????????{?}????????????????????????????????os?????????????????????????????????????????????s?????????????C??????13??????????????????????????? l?????????????????????????????s???????????????????????????????????????LegacyDriver?????????~???????????h???????e???????????????5??pcouffin????????????? ???????9??????????????????????????????????????????????Dr??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ?????????????????rastapi?????BTHUSB???????????????5?????s-4??DiskDrive???????????volsnap??????????????????:????????????????????????????N?????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}????????N??????-????D000??? L??????????????????????????????????p??????????????????????????????usbscan?LL??????????? ???????????????5??????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????LegacyDriver?????????????2?????s????LegacyDriver? ???????????G??so??LegacyDriver?????????????3 ?????????os????????&?????????????? ???????????????????????????o??????nl???????????2??sD?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ?????????? ??|?????????e????BTHMODEM????WudfPf??????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0065???????N?`???????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????? 0??????4?????6b-??6-21-2006???BTHMODEM??????:????????g????????????????????????????????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????{00000000-0000-0000-0000-000000000000}??????????????????????????????? ???????9??Keyboard Port???????????{533c5b84-ec70-11d2-9505-00c04f79deaf}???????????????9?????s????????????{00000000-0000-0000-0000-000000000000}??????????????????????????????????????????????????????????????????????????????t???????????????????????????????????????????????STORAGE\VolumeSnapshot??oa?????????????????s{4??ServiceMain?????STORAGE\VolumeSnapshot??8}??????????????????????????????system32\DRIVERS\msisadrv.sys??????????????g????????????????????????????????????????????????????s???????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????VolumeSnapshot??????????????????Microsoft???? ??????????????????????????????s??????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ????p???????????? V??????????????/??{4d36e972-e325-11ce-bfc1-08002be10318}\0010?no??@netrasa.inf,%msft%;Microsoft???????????????????????????@netrasa.inf,%mp-asyncmac-dispname%;RAS Async Adapter????????z?????????e????Microsoft???????00??USB\ROOT_HUB&VID8086&PID2937&REV0003?USB\ROOT_HUB&VID8086&PID2937?USB\ROOT_HUB??????{36fc9e60-c465-11cf-8056-444553540000}\0010???????????????????????*??????-?????????nA7??? r??????A?????M 3?? 3??????????????????????????????????????? ?gA ??Boot File System????????????????????????????????D}???????????B???????????????????????????????6???????????7???0??????????????hd??????????????????6.1.7600.16385??????????.1????????????????????$?????????????RAS Async Adapter???????????????????????????????????netrasa.inf??????????????????????? ?????????????Ndi-Mp-AsyncMac???????????????????????T?????????????sw\{eeab7790-c514-11d1-b42b-00805fc1270e}????????????????(??????os??????????????????????????????00??????????USB\ROOT_HUB20&VID8086&PID293A&REV0003?USB\ROOT_HUB20&VID8086&PID293A?USB\ROOT_HUB2
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???|????????????????volsnap?? ???|???????|???????|??{00000000-0000-0000-ffff-ffffffffffff}?cro????:?????????????tunnel???8??????A}????:??????7?g?5??????1???@oem96.inf,%athr.devicedesc.e006105b%;Atheros AR5B91 Wireless Network Adapter?t?????@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,31,0)?m??*6to4mp?????FileInfo?6????N??~?????????D??????????????d???????????????N??~????????D?????????????????????????mshome.net??????????????????????PCI\VEN_168C&DEV_002A&SUBSYS_E006105B&REV_01?PCI\VEN_168C&DEV_002A&SUBSYS_E006105B?PCI\VEN_168C&DEV_002A&CC_028000?PCI\VEN_168C&DEV_002A&CC_0280????PCI\VEN_8086&DEV_2448&SUBSYS_013C1025&REV_93?PCI\VEN_8086&DEV_2448&SUBSYS_013C1025?PCI\VEN_8086&DEV_2448&CC_060401?PCI\VEN_8086&DEV_2448&CC_0604?????????W???&???&????N?????????????????RDPENCDD?:??????????? ?????????????|?????????? ?????????B??????????????????????????????????3a5??Keyboard?0???????? ??5????????r???????N??~??????????????tunnel?????????|el???????8??????s?????:??????o?goz???????|???????e??NDIS????? ?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ??????????????????????????????????????????????????????X??????n???h????????????N????????????D??????X????????????????????????????s????????????????????????????????WUDFRd????????N????????????D????int?????{4d36e97d-e325-11ce-bfc1-08002be10318}\0000?????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}????????X???????????????N??????v?????v?v??????????????????????????????????????????????? ????????????????????X??????1???5????X???????????????N????????????Dem???????????B??????????????????????WUDFRd?InS???????????????????????????????????????B????????????????????N???????????D??????????????????????????????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????????????????????US???????????B???????4??????????????????????????????? 0?????????????????BTHMODEM????????????????pD??????????????????? 0?????? ???????7???????D???????h??Typ?????? ??????at????????????N?????????????????USBSTOR???????X?????????????????????????????????????????????????t??
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??????????P????????????n????text??????\????????????e????????????????em??????_m??5&142fc231&0?7??{00000000-0000-0000-0000-000000000000}???7??????????? ??????????????????STORAGE\VolumeSnapshot????????|????????g????STORAGE\VolumeSnapshot??????? 0??????????????8???????p??????s???Net??????????????????????????????????L??ES??????????????????????????????t???*6to4mp?ed??????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0070?????????????????????????????????????????????????????????????????????????????????????{00000000-0000-0000-0000-000000000000}????????N??????8??????????STORAGE\VolumeSnapshot????????N????????????D?8???????u???S???e??????????????????????????????????????s?????????????????????N???????????D???????????????????????????X??????&???&????$?????????p???.NT?? ??????????????????????????s???????????????????????{00000000-0000-0000-0000-000000000000}??????????????????????? ??????????? 0??????5??????????????????????????????{36fc9e60-c465-11cf-8056-444553540000}???~?????????????
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu DirectX.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu DirectX.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu OpenGL.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu OpenGL.lnk 1
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-04-14 20:49:35
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Luke\AppData\Local\Temp\ugrdapow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83647AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83647104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836473F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836302D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8362F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836471DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83647958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836476F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83647F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 836481A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83260599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83284F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys AD23BC9D 28 Bytes [5E, 2E, E6, C5, CA, 81, A7, ...]
.text peauth.sys AD23BCC1 28 Bytes [5E, 2E, E6, C5, CA, 81, A7, ...]
PAGE peauth.sys AD241B9B 72 Bytes [27, C7, E5, 67, 92, E7, 3F, ...]
PAGE peauth.sys AD241BEC 111 Bytes [10, F4, 67, 97, D8, 97, DC, ...]
PAGE peauth.sys AD241E20 101 Bytes [66, 87, 41, A1, 4F, 79, 76, ...]
PAGE ...
? C:\Users\Luke\AppData\Local\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1680] kernel32.dll!SetUnhandledExceptionFilter 75793162 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3020] ntdll.dll!LdrLoadDll 7724F585 5 Bytes JMP 010F13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 00730F60
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 00730FC0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 007311B0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00731250
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0072FBC0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0072FB80
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0072AA00
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 0072A6D0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[1864] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 00730CF0
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DF2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DD5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DD56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DF250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DE8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DE4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DE50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DE51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73DE66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DE82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DE8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DE907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DEE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DE4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\000000b1 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR5B91 \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@0024ef817d8e 0x1C 0x13 0xCB 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@0025cf817fc9 0x76 0x6E 0x14 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@00196353c0fc 0xEA 0xC6 0x02 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@001fe2ff4a6e 0x51 0xB7 0xF1 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@001c9a258b41 0xB8 0xA6 0x39 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@002669f813b3 0xFE 0x96 0x3E 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@002668260e7b 0x2C 0x17 0x05 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234ef068be@3cf72ac82282 0xE1 0xB7 0x11 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????????.NT?????????????????????????????????????????????????????%SystemRoot%\system32\svchost.exe -k netsvcs??????????????????(?????????p?????????????????????????????????????????$??????????????&???????Z?????D??????b????????????n????11??????????????????????????????????????????????????????????bitsperf.dll?????????????????6??????????????????????????????????????????????????????????????????????????????????????????Local???????????Obecn? svazek???cdrom.inf_x86_neutral_db87d184bc84f910??????FSFilter Infrastructure??????????????????????????????????B??s115mgmt.sys????????????tunnel??? ??????e???????????????????????????????????????text?n????????????:???????????h??????????????B??????????????????????6-21-2006???Microsoft???*6to4mp?????????e???6-21-2006????????????????????????????? ??6???????????B??system32\drivers\fileinfo.sys???255.0.0.0?5.0???????????????????????????????*6to4mp?????????????4-24-2007???battery.inf_x86_neutral_5752155055c5e2d7????????????????????????????????????????????????????????????17??????????t??
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????ta??????????????????????????????????????????????????????????????????????????????????????????TCPIP6TUNNEL?Tcpip6??2????`??????F???B??\Device\{4233059D-D1C9-4C58-A7BB-776D980C054F}??4A???????????e?????s_T??????????????????????? ???{???-?????06???????????????????????????????*6to4mp??????????????r???????????????????????????????????????????????????????????????????????????????????????I??EN????N??????-?????D0D????$??????2???????e??Root\*6TO4MP\0004????????????C??????2-???? ??7??????????? ???????????????? ???????"?????????"??????????????????F5F??? ???????v?????etB??? ?????????????????????1????????????&????????????????????o???????????????5??????0-??? ???????????????????????????????????????f??????????? ???????2?????-0C??BTHENUM\{00001103-0000-1000-8000-00805f9b34fb}_VID&00000000_PID&c089?BTHENUM\{00001103-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f??Dev??? `??????c??????s5??BTHENUM\{00001103-0000-1000-8000-00805f9b34fb}??Tc????N??????3?????DF-??????????????????????????\\?\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????Ke????N???????????D?????? 0?????????????????6-21-2006???? ??????????????????6-21-2006???STORAGE\VolumeSnapshot???3??{533c5b84-ec70-11d2-9505-00c04f79deaf}\0060??&??????????????t????????????? ??|?????????e????BTHMODEM????WudfPf??????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0065???????N?`???????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????? 0??????4?????6b-??6-21-2006???BTHMODEM??????:????????g????????????????????????????????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????{00000000-0000-0000-0000-000000000000}??????????????????????????????? ???????9??Keyboard Port???????????{533c5b84-ec70-11d2-9505-00c04f79deaf}???????????????9?????s????????????{00000000-0000-0000-0000-000000000000}??????????????????????????????????????????????????????????????????????????????t???????????????????????????????????????????????STORAGE\VolumeSnapshot??oa?????????????????s{4??ServiceMain?????STORAGE\VolumeSnapshot??8}??????????????????????????????system32\DRIVERS\msisadrv.sys??????????????g???????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????)???????????? l??????7?????evi??????????????t????#???????t??????????????????????????????? l??????B?????DAD??????????PEAUTH??????????????????????????????????Typ?????{0c0bc393-648f-5b7b-b8ed-818d4056867e}??????????????????????????*6to4mp?????{36fc9e60-c465-11cf-8056-444553540000}\0011?????{6bdd1fc6-810f-11d0-bec7-08002be2092f}?6.1??????? ???????????????? ?P?????"???&??????????????????????????????????8???????????????????????????????3??????@usbport.inf,%generic.mfg%;(Standardn? hostitelsk? ?adi? USB)???)????????????????????c?????s{C???6????????????????????????????????????????????8???????????h?????????????? ???????-??????sF??{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp??6D????^????????????e???????????????g??????\????????????e????Event Log???????????????????????????????????????????????????text?p??????????????????????????????{36fc9e60-c465-11cf-8056-444553540000}??? ??Extended Base???????????????Microsoft?????:??????5?g4D???????????S???e????J????????????n????????????????????????????????tunnel??????@usbport.in
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????????????|?????????? #??STORAGE\Volume??? ??Microsoft????????????????????????????6??sc???????????????????????????????????????????????????6???8??ms_pptpminiport?????????????????????????????????????????????? ???????C??????n}??LegacyDriver?????????????????F??s???{7a892918-8ddf-5781-8ecd-4092700cc05a}??????? ?????????????????????1??L????????? ??????_x8??? ?????????????????????1????????????&???????????????????????COM5????? ?????????????????????1????????????????????????????????????????????? ?????????????????????1????????????&????????????????????e??? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????? ?????????????????????1????????????&???????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????&???????????????????????????????????????????????????????????????????????????????????????????? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????%SystemRoot%\System32\rasmans.dll???PnP Filter??????????????????????????????????????????t????????e???????????????????????t????????????????<???????????h???????b????????????n????tunnel????????????????????????????????R????????????n?????????????B????b????????????n????System32\drivers\rdyboost.sys???t???????????????????????????????????????????Microsoft???????????????????????????G???????????system32\DRIVERS\rdpbus.sys?\rdpbus.sys???????^????????????n????????????????t???????????????????R???????????System32\drivers\pcw.sys??????<???????????h??????????????? ??{???????????e???e??????????text??????????????X????????????e????????????????????????????????????Typ? A??????????????????????????t?????8???????????h?????11???????????????????????????????B??????????????????????????????@%SystemRoot%\system32\drivers\partmgr.sys,-101??????????????????????????????????h???????h???????X???????????????????????????????????????????????????????????????????B????????????????????????4???????????h????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Atheros AR5B91 \x2013 adaptér bezdrátové sítě 1?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@0024ef817d8e 0x1C 0x13 0xCB 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@0025cf817fc9 0x76 0x6E 0x14 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@00196353c0fc 0xEA 0xC6 0x02 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@001fe2ff4a6e 0x51 0xB7 0xF1 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@001c9a258b41 0xB8 0xA6 0x39 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@002669f813b3 0xFE 0x96 0x3E 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@002668260e7b 0x2C 0x17 0x05 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234ef068be@3cf72ac82282 0xE1 0xB7 0x11 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ????????????????????????????????????? ??Port_#0002.Hub_#0005?????????????{?}????????????????????????????????os?????????????????????????????????????????????s?????????????C??????13??????????????????????????? l?????????????????????????????s???????????????????????????????????????LegacyDriver?????????~???????????h???????e???????????????5??pcouffin????????????? ???????9??????????????????????????????????????????????Dr??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ?????????????????rastapi?????BTHUSB???????????????5?????s-4??DiskDrive???????????volsnap??????????????????:????????????????????????????N?????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}????????N??????-????D000??? L??????????????????????????????????p??????????????????????????????usbscan?LL??????????? ???????????????5??????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????LegacyDriver?????????????2?????s????LegacyDriver? ???????????G??so??LegacyDriver?????????????3 ?????????os????????&?????????????? ???????????????????????????o??????nl???????????2??sD?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ?????????? ??|?????????e????BTHMODEM????WudfPf??????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0065???????N?`???????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????? 0??????4?????6b-??6-21-2006???BTHMODEM??????:????????g????????????????????????????????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????{00000000-0000-0000-0000-000000000000}??????????????????????????????? ???????9??Keyboard Port???????????{533c5b84-ec70-11d2-9505-00c04f79deaf}???????????????9?????s????????????{00000000-0000-0000-0000-000000000000}??????????????????????????????????????????????????????????????????????????????t???????????????????????????????????????????????STORAGE\VolumeSnapshot??oa?????????????????s{4??ServiceMain?????STORAGE\VolumeSnapshot??8}??????????????????????????????system32\DRIVERS\msisadrv.sys??????????????g????????????????????????????????????????????????????s???????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????VolumeSnapshot??????????????????Microsoft???? ??????????????????????????????s??????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ????p???????????? V??????????????/??{4d36e972-e325-11ce-bfc1-08002be10318}\0010?no??@netrasa.inf,%msft%;Microsoft???????????????????????????@netrasa.inf,%mp-asyncmac-dispname%;RAS Async Adapter????????z?????????e????Microsoft???????00??USB\ROOT_HUB&VID8086&PID2937&REV0003?USB\ROOT_HUB&VID8086&PID2937?USB\ROOT_HUB??????{36fc9e60-c465-11cf-8056-444553540000}\0010???????????????????????*??????-?????????nA7??? r??????A?????M 3?? 3??????????????????????????????????????? ?gA ??Boot File System????????????????????????????????D}???????????B???????????????????????????????6???????????7???0??????????????hd??????????????????6.1.7600.16385??????????.1????????????????????$?????????????RAS Async Adapter???????????????????????????????????netrasa.inf??????????????????????? ?????????????Ndi-Mp-AsyncMac???????????????????????T?????????????sw\{eeab7790-c514-11d1-b42b-00805fc1270e}????????????????(??????os??????????????????????????????00??????????USB\ROOT_HUB20&VID8086&PID293A&REV0003?USB\ROOT_HUB20&VID8086&PID293A?USB\ROOT_HUB2
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???|????????????????volsnap?? ???|???????|???????|??{00000000-0000-0000-ffff-ffffffffffff}?cro????:?????????????tunnel???8??????A}????:??????7?g?5??????1???@oem96.inf,%athr.devicedesc.e006105b%;Atheros AR5B91 Wireless Network Adapter?t?????@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,31,0)?m??*6to4mp?????FileInfo?6????N??~?????????D??????????????d???????????????N??~????????D?????????????????????????mshome.net??????????????????????PCI\VEN_168C&DEV_002A&SUBSYS_E006105B&REV_01?PCI\VEN_168C&DEV_002A&SUBSYS_E006105B?PCI\VEN_168C&DEV_002A&CC_028000?PCI\VEN_168C&DEV_002A&CC_0280????PCI\VEN_8086&DEV_2448&SUBSYS_013C1025&REV_93?PCI\VEN_8086&DEV_2448&SUBSYS_013C1025?PCI\VEN_8086&DEV_2448&CC_060401?PCI\VEN_8086&DEV_2448&CC_0604?????????W???&???&????N?????????????????RDPENCDD?:??????????? ?????????????|?????????? ?????????B??????????????????????????????????3a5??Keyboard?0???????? ??5????????r???????N??~??????????????tunnel?????????|el???????8??????s?????:??????o?goz???????|???????e??NDIS????? ?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ??????????????????????????????????????????????????????X??????n???h????????????N????????????D??????X????????????????????????????s????????????????????????????????WUDFRd????????N????????????D????int?????{4d36e97d-e325-11ce-bfc1-08002be10318}\0000?????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}????????X???????????????N??????v?????v?v??????????????????????????????????????????????? ????????????????????X??????1???5????X???????????????N????????????Dem???????????B??????????????????????WUDFRd?InS???????????????????????????????????????B????????????????????N???????????D??????????????????????????????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????????????????????US???????????B???????4??????????????????????????????? 0?????????????????BTHMODEM????????????????pD??????????????????? 0?????? ???????7???????D???????h??Typ?????? ??????at????????????N?????????????????USBSTOR???????X?????????????????????????????????????????????????t??
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??????????P????????????n????text??????\????????????e????????????????em??????_m??5&142fc231&0?7??{00000000-0000-0000-0000-000000000000}???7??????????? ??????????????????STORAGE\VolumeSnapshot????????|????????g????STORAGE\VolumeSnapshot??????? 0??????????????8???????p??????s???Net??????????????????????????????????L??ES??????????????????????????????t???*6to4mp?ed??????????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0070?????????????????????????????????????????????????????????????????????????????????????{00000000-0000-0000-0000-000000000000}????????N??????8??????????STORAGE\VolumeSnapshot????????N????????????D?8???????u???S???e??????????????????????????????????????s?????????????????????N???????????D???????????????????????????X??????&???&????$?????????p???.NT?? ??????????????????????????s???????????????????????{00000000-0000-0000-0000-000000000000}??????????????????????? ??????????? 0??????5??????????????????????????????{36fc9e60-c465-11cf-8056-444553540000}???~?????????????
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu DirectX.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu DirectX.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu OpenGL.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Spustit aplikaci Google Earth v\xa0režimu OpenGL.lnk 1
---- EOF - GMER 1.0.15 ----
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Pomalé PC
Tohle otestujte na http://www.virustotal.com/cs/ c:\windows\system32\ntkrnlpa.exe
(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)
-
lukas1421992
- 2. Stupeň Varování
- Příspěvky: 67
- Registrován: 17 lis 2007 17:13
- Bydliště: Jihlava
- Kontaktovat uživatele:
Přispějete na provoz fóra?