odesílaní dat

Zpráva

pepinojablo · #1 Příspěvek od **pepinojablo** » 11 led 2010 23:34

Dobrý večer prosím o kontrolu logu, pc mi pořád něco odesíla, icq, ff, je vypnuté. Tady je log. Děkuji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:43, on 11.1.2010
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\WinMatrix\Matrix Skin Pack\UberIcon\UberIcon Manager.exe
C:\Program Files\WinMatrix\Matrix Skin Pack\YzShadow\YzShadow.exe
C:\Program Files\DAEMON Tools Lite\DTLiteShellHlp.exe
C:\Windows.old\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Downloads\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_1.dll
R3 - URLSearchHook: AstroburnBar Toolbar - {E802027B-1F2B-40BD-B307-0BD96D036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Global Startup: UberIcon Manager.lnk = ?
O4 - Global Startup: YzShadow.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1ca65dd45f55420) (gupdate1ca65dd45f55420) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 8319 bytes

#2 Příspěvek od **motji** » 12 led 2010 02:07

Dobré ranko

Předpokládám že máte 32 b windows 7?

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

pepinojablo · #3 Příspěvek od **pepinojablo** » 12 led 2010 18:03

ComboFix 10-01-11.04 - pepa 12.01.2010 17:50:45.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1250.420.1033.18.768.101 [GMT 1:00]
Spuštěný z: c:\users\pepa\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2942910762-2898075542-3732425671-1001

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-12 do 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 16:59 . 2010-01-12 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-12 16:49 . 2010-01-12 16:49 -------- d-----w- C:\32788R22FWJFW
2010-01-12 12:39 . 2010-01-12 16:48 -------- d-----w- c:\users\pepa\AppData\Roaming\Tor
2010-01-12 12:39 . 2010-01-12 16:48 -------- d-----w- c:\users\pepa\AppData\Roaming\Vidalia
2010-01-12 12:39 . 2010-01-12 12:40 -------- d-----w- c:\program files\Vidalia Bundle
2010-01-12 12:18 . 2010-01-12 12:18 -------- d-----w- c:\program files\WinPcap
2010-01-10 19:41 . 2010-01-10 19:41 -------- d-----w- c:\users\pepa\DoctorWeb
2010-01-10 18:41 . 2010-01-10 18:57 -------- d-----w- c:\programdata\SysMon
2010-01-10 17:21 . 2010-01-10 17:34 -------- d-----w- c:\program files\AntiFirewall
2010-01-10 17:13 . 2010-01-11 19:44 -------- d-----w- c:\program files\Active Data Recovery Software
2010-01-10 16:59 . 2010-01-10 16:59 -------- d-----w- c:\users\pepa\AppData\Local\Stardock
2010-01-10 12:24 . 2010-01-10 12:26 -------- d-----w- c:\program files\Yahoo!
2010-01-09 17:37 . 2010-01-09 17:37 -------- d-----w- c:\program files\CCleaner
2010-01-04 12:58 . 2010-01-04 12:58 -------- d-----w- c:\windows\system32\RTCOM
2010-01-02 18:18 . 2010-01-02 18:18 -------- d-----w- c:\program files\Sierra
2010-01-02 12:12 . 2010-01-02 12:12 290816 ----a-w- c:\users\pepa\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-01-02 12:12 . 2010-01-02 12:12 290816 ----a-w- c:\users\pepa\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-01-02 12:12 . 2010-01-02 12:12 290816 ----a-w- c:\users\pepa\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-01-02 12:12 . 2010-01-02 12:12 290816 ----a-w- c:\users\pepa\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-01-01 18:49 . 2010-01-02 12:13 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-01 18:49 . 2010-01-02 12:13 -------- d-----w- c:\users\pepa\AppData\Roaming\SystemRequirementsLab
2010-01-01 18:49 . 2010-01-01 18:49 138240 ----a-w- c:\users\pepa\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-01-01 18:49 . 2010-01-01 18:49 138240 ----a-w- c:\users\pepa\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-01-01 18:49 . 2010-01-01 18:49 138240 ----a-w- c:\users\pepa\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-01-01 18:49 . 2010-01-01 18:49 138240 ----a-w- c:\users\pepa\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-28 17:13 . 2009-12-28 17:13 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-12-28 17:13 . 2009-12-28 17:13 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-12-28 17:13 . 2009-12-28 17:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-28 17:13 . 2010-01-11 19:37 -------- d-----w- c:\users\pepa\AppData\Roaming\Spyware Terminator
2009-12-28 17:13 . 2010-01-12 11:14 -------- d-----w- c:\programdata\Spyware Terminator
2009-12-28 17:13 . 2010-01-11 19:43 -------- d-----w- c:\program files\Spyware Terminator
2009-12-26 22:28 . 2009-12-26 22:28 -------- d-----w- c:\program files\Ask.com
2009-12-26 22:26 . 2009-12-26 22:26 -------- d-----w- c:\program files\The KMPlayer
2009-12-26 12:06 . 2009-12-26 12:06 -------- d-----w- c:\program files\Softnik Technologies
2009-12-26 12:04 . 2009-12-26 12:04 -------- d-----w- c:\users\pepa\AppData\Local\Shawn_Rakowski
2009-12-26 12:03 . 2009-12-26 12:03 -------- d-----w- c:\program files\KeyTracker
2009-12-24 19:55 . 2009-12-24 19:55 -------- d-----w- c:\program files\RivaTuner v2.24
2009-12-24 18:57 . 2009-12-24 18:57 -------- d-----w- c:\program files\GameTop.com
2009-12-24 18:29 . 2009-12-24 18:29 2238 ----a-r- c:\users\pepa\AppData\Roaming\Microsoft\Installer\{B797E40F-E96C-4929-AA1B-D6759C10DEC8}\_1e7476e8.exe
2009-12-24 18:29 . 2009-12-24 18:29 2238 ----a-r- c:\users\pepa\AppData\Roaming\Microsoft\Installer\{B797E40F-E96C-4929-AA1B-D6759C10DEC8}\_1615c26.exe
2009-12-24 18:29 . 2009-12-24 18:29 -------- d-----w- c:\program files\ICQ FORCE
2009-12-24 14:55 . 2009-12-24 14:55 467120 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{EB5874A0-979C-45F2-7460-67400CE1587A}-AstroburnLite.exe
2009-12-24 14:44 . 2009-12-24 14:44 -------- d-----w- c:\program files\AstroburnBar
2009-12-24 14:44 . 2009-12-24 14:45 -------- d-----w- c:\program files\Astroburn Lite
2009-12-24 14:44 . 2009-12-24 14:44 -------- d-----w- c:\users\pepa\AppData\Roaming\Astroburn Lite
2009-12-24 14:44 . 2009-12-24 15:32 -------- d-----w- c:\programdata\Astroburn Lite
2009-12-24 13:18 . 2009-12-24 15:35 -------- d-----w- c:\program files\Seznam.cz
2009-12-23 10:42 . 2009-12-23 10:42 -------- d-----w- c:\users\pepa\AppData\Roaming\Nero
2009-12-23 10:34 . 2009-12-23 10:34 -------- d-----w- c:\program files\Nero
2009-12-23 10:34 . 2009-12-23 10:34 -------- d-----w- c:\programdata\Nero
2009-12-23 10:34 . 2009-12-23 10:35 -------- d-----w- c:\program files\Common Files\Nero
2009-12-22 17:36 . 2009-12-22 17:36 -------- d-----w- c:\program files\Kodek CZ
2009-12-22 13:49 . 2009-12-22 13:49 -------- d-----w- c:\program files\Mystik Media

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 16:57 . 2009-11-30 21:02 -------- d-----w- c:\users\pepa\AppData\Roaming\Free Download Manager
2010-01-12 16:48 . 2009-11-30 21:02 -------- d-----w- c:\users\pepa\AppData\Roaming\Software Informer
2010-01-12 16:48 . 2009-09-30 08:15 -------- d-----w- c:\programdata\NVIDIA
2010-01-12 14:56 . 2009-09-23 12:00 -------- d-----w- c:\users\pepa\AppData\Roaming\ICQ
2010-01-11 22:04 . 2009-09-14 15:50 622022 ----a-w- c:\windows\system32\perfh005.dat
2010-01-11 22:04 . 2009-09-14 15:50 118356 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 19:46 . 2009-11-08 11:34 -------- d-----w- c:\program files\Rockstar Games
2010-01-10 12:28 . 2009-11-26 20:52 -------- d-----w- c:\program files\BS_Player
2010-01-08 17:19 . 2009-11-15 12:04 -------- d-----w- c:\program files\Lavalys
2010-01-07 12:39 . 2009-09-30 08:21 -------- d-----w- c:\program files\Alien IP
2010-01-04 12:59 . 2010-01-04 12:57 -------- d--h--w- c:\program files\Temp
2009-12-02 17:36 . 2009-09-15 09:35 109216 ----a-w- c:\users\pepa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-01 04:30 . 2009-11-27 07:17 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-12-01 04:30 . 2009-11-26 07:46 -------- d-----w- c:\program files\NOS
2009-12-01 04:30 . 2009-11-27 07:17 -------- d-----w- c:\programdata\Ulead Systems
2009-12-01 04:30 . 2009-11-27 16:40 -------- d-----w- c:\users\pepa\AppData\Roaming\Ulead Systems
2009-11-30 21:02 . 2009-11-30 21:02 -------- d-----w- c:\program files\Free Download Manager
2009-11-30 21:02 . 2009-11-30 21:02 -------- d-----w- c:\program files\Software Informer
2009-11-30 21:02 . 2009-11-30 21:02 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2009-11-30 20:54 . 2009-11-30 20:54 -------- d-----w- c:\program files\usd
2009-11-30 19:31 . 2009-11-26 07:46 -------- d-----w- c:\programdata\NOS
2009-11-27 07:19 . 2009-11-27 07:19 -------- d-----w- c:\programdata\InterVideo
2009-11-27 07:14 . 2009-11-27 07:14 -------- d-----w- c:\program files\Corel
2009-11-26 21:36 . 2009-11-26 20:52 -------- d-----w- c:\users\pepa\AppData\Roaming\BSplayer
2009-11-26 20:52 . 2009-11-26 20:52 -------- d-----w- c:\users\pepa\AppData\Roaming\BSplayer Pro
2009-11-26 20:45 . 2009-11-26 20:41 -------- d-----w- c:\program files\AVI ReComp
2009-11-26 20:45 . 2009-11-26 20:45 -------- d-----w- c:\program files\Gabest
2009-11-26 20:45 . 2009-11-26 20:45 -------- d-----w- c:\program files\Xvid
2009-11-26 20:44 . 2009-11-26 20:44 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-26 20:36 . 2009-11-26 20:36 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-11-26 20:35 . 2009-11-26 20:36 737280 ----a-w- c:\windows\iun6002.exe
2009-11-24 16:40 . 2010-01-04 12:57 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-24 08:55 . 2010-01-04 12:57 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2009-11-24 08:55 . 2010-01-04 12:57 185584 ----a-w- c:\windows\system32\SRSTSHD.dll
2009-11-24 08:55 . 2010-01-04 12:57 173296 ----a-w- c:\windows\system32\SRSHP360.dll
2009-11-24 08:55 . 2010-01-04 12:57 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2009-11-24 02:05 . 2009-11-22 12:39 -------- d-----w- c:\program files\Microsoft Works
2009-11-23 10:44 . 2009-09-21 15:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-23 10:42 . 2009-10-18 09:39 -------- d-----w- c:\users\pepa\AppData\Roaming\DivX
2009-11-23 10:38 . 2009-11-23 10:38 -------- d-----w- c:\users\pepa\AppData\Roaming\AVS4YOU
2009-11-23 10:38 . 2009-11-23 10:38 -------- d-----w- c:\programdata\AVS4YOU
2009-11-23 10:38 . 2009-11-23 10:36 -------- d-----w- c:\program files\AVS4YOU
2009-11-23 10:37 . 2009-11-23 10:37 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-23 10:23 . 2009-10-18 09:33 -------- d-----w- c:\program files\DivX
2009-11-23 09:21 . 2009-11-23 09:21 -------- d-----w- c:\program files\MP4 Converter
2009-11-22 12:38 . 2009-04-22 08:55 -------- d-----w- c:\program files\MSBuild
2009-11-22 12:36 . 2009-11-22 12:36 -------- d-----w- c:\program files\Microsoft.NET
2009-11-22 12:34 . 2009-11-22 12:34 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-19 21:31 . 2009-11-19 18:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-19 09:05 . 2009-11-08 08:17 -------- d-----w- c:\users\pepa\AppData\Roaming\TeamViewer
2009-11-19 08:47 . 2009-11-19 08:47 -------- d-----w- c:\program files\TeamViewer3
2009-11-18 17:42 . 2010-01-04 12:57 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2009-11-18 17:42 . 2010-01-04 12:57 311568 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2009-11-18 17:42 . 2010-01-04 12:57 1938704 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2009-11-18 07:34 . 2009-11-18 07:34 -------- d-----w- c:\program files\Team JPN
2009-11-17 17:13 . 2010-01-04 12:57 96160 ----a-w- c:\windows\system32\AERTARen.dll
2009-11-17 17:10 . 2010-01-04 12:57 146336 ----a-w- c:\windows\system32\AERTACap.dll
2009-11-17 13:12 . 2009-11-17 13:12 905216 ----a-w- c:\programdata\SysMon\ASK_KILL.exe
2009-11-17 05:20 . 2009-11-17 05:20 -------- d-----w- c:\programdata\McAfee
2009-11-16 22:01 . 2009-11-16 17:11 -------- d-----w- c:\users\pepa\AppData\Roaming\DAEMON Tools Lite
2009-11-16 17:22 . 2009-11-16 17:11 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-16 17:21 . 2009-09-16 11:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-16 17:11 . 2009-11-16 17:11 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-15 21:55 . 2009-11-15 21:55 -------- d--h--r- c:\users\pepa\AppData\Roaming\SecuROM
2009-11-15 13:13 . 2009-11-15 13:12 -------- d-----w- c:\program files\Dzuso
2009-11-15 05:19 . 2009-11-15 05:19 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-13 14:16 . 2010-01-04 12:57 73216 ----a-w- c:\windows\system32\RTEEL32A.dll
2009-11-13 14:16 . 2010-01-04 12:57 59392 ----a-w- c:\windows\system32\RTEEG32A.dll
2009-11-13 14:16 . 2010-01-04 12:57 348160 ----a-w- c:\windows\system32\RTEEP32A.dll
2009-11-13 14:16 . 2010-01-04 12:57 165376 ----a-w- c:\windows\system32\RTEED32A.dll
2009-11-11 15:18 . 2009-11-11 15:18 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2009-11-11 15:18 . 2009-11-11 15:18 515832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-11-07 09:56 . 2009-11-07 09:56 61440 ----a-w- c:\windows\system32\pwlshell.dll
2009-11-06 08:20 . 2009-11-26 07:46 34112 ----a-w- c:\users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\0oeq67pi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-06 08:20 . 2009-11-26 07:46 32448 ----a-w- c:\users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\0oeq67pi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-06 08:20 . 2009-11-26 07:46 22352 ----a-w- c:\users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\0oeq67pi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-11-03 20:22 . 2009-11-03 20:22 87552 ----a-w- c:\users\pepa\AppData\Local\bootinst.exe
2009-11-02 19:42 . 2009-11-10 20:15 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 11:10 . 2009-10-30 11:10 1183176 ----a-w- c:\users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\0oeq67pi.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-10-19 05:40 . 2009-10-19 05:40 6576 ------w- C:\bootsqm.dat
2009-10-16 08:51 . 2009-10-11 10:24 48 --sh--w- c:\windows\SE64C37CD.tmp
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-01-10 2166296]
"{E802027B-1F2B-40BD-B307-0BD96D036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e802027b-1f2b-40bd-b307-0bd96d036835}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\AstroburnBar\tbAstr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-03-10 09:47 2079256 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-01-10 12:28 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-01-10 2166296]
"{e802027b-1f2b-40bd-b307-0bd96d036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2009-11-09 2331672]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256]
"{E802027B-1F2B-40BD-B307-0BD96D036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2009-11-09 2331672]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-01-10 2166296]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-22 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-02 3399727]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-01-01 1654853]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-28 3037696]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2009-11-20 5262834]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-12-28 2166784]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-10 8120864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UberIcon Manager.lnk - c:\program files\WinMatrix\Matrix Skin Pack\UberIcon\UberIcon Manager.exe [2009-11-8 151552]
YzShadow.lnk - c:\program files\WinMatrix\Matrix Skin Pack\YzShadow\YzShadow.exe [2009-11-8 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"ares"="c:\program files\Ares\Ares.exe" -h
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" -s

R0 amdxata;amdxata;c:\windows\System32\drivers\amdxata.sys [22.4.2009 3:07 23120]
R0 CLFS;Systém souborů CLFS;c:\windows\System32\clfs.sys [22.4.2009 4:08 249424]
R0 CNG;CNG;c:\windows\System32\drivers\cng.sys [22.4.2009 4:31 369056]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [22.4.2009 4:19 58448]
R0 fvevol;Ovladač filtru nástroje Bitlocker Drive Encryption;c:\windows\System32\drivers\fvevol.sys [22.4.2009 4:10 194488]
R0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [22.4.2009 4:08 13904]
R0 KSecPkg;KSecPkg;c:\windows\System32\drivers\ksecpkg.sys [22.4.2009 4:32 133200]
R0 msisadrv;msisadrv;c:\windows\System32\drivers\msisadrv.sys [22.4.2009 4:08 13904]
R0 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [15.4.2009 3:30 142416]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [22.4.2009 4:08 42576]
R0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [22.4.2009 4:19 173648]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [22.4.2009 1:36 17488]
R0 storflt;Diskový ovladač filtru akcelerace sběrnice virtuálního počítače;c:\windows\System32\drivers\vmstorfl.sys [22.4.2009 11:23 40912]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\System32\drivers\vdrvroot.sys [22.4.2009 4:44 32848]
R0 volmgr;Volume Manager Driver;c:\windows\System32\drivers\volmgr.sys [22.4.2009 4:08 52304]
R0 volmgrx;Správce dynamických svazků;c:\windows\System32\drivers\volmgrx.sys [22.4.2009 4:09 297040]
R1 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [22.4.2009 4:20 35328]
R1 CSC;Ovladač souborů pro režim offline;c:\windows\System32\drivers\csc.sys [22.4.2009 4:12 387584]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [22.4.2009 4:11 78336]
R1 discache;System Attribute Cache;c:\windows\System32\drivers\discache.sys [22.4.2009 4:21 32768]
R1 nsiproxy;NSI proxy service driver.;c:\windows\System32\drivers\nsiproxy.sys [22.4.2009 4:09 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [22.4.2009 5:00 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\System32\drivers\RDPREFMP.sys [22.4.2009 5:00 7168]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [28.12.2009 18:13 142592]
R1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;c:\windows\System32\drivers\tdx.sys [22.4.2009 4:09 74240]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [16.9.2009 11:21 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [16.9.2009 11:21 41424]
R1 Wanarpv6;Ovladač pro vzdálený přístup IPv6 ARP;c:\windows\System32\drivers\wanarp.sys [22.4.2009 4:53 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\System32\drivers\wfplwf.sys [22.4.2009 4:52 9728]
R2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 BFE;Služba BFE (Base Filtering Engine);c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 CscService;Soubory offline;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 DPS;Služba DPS (Diagnostic Policy Service);c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 FDResPub;Publikování prostředků rozpoznávání funkcí;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
R2 gpsvc;Klient zásad skupiny;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.9.2009 14:30 222968]
R2 iphlpsvc;Pomocná služba protokolu IP;c:\windows\System32\svchost.exe -k NetSvcs [22.4.2009 4:16 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [22.4.2009 4:51 48128]
R2 luafv;Virtualizace souborů nástroje Řízení uživatelských účtů;c:\windows\System32\drivers\luafv.sys [22.4.2009 4:13 86528]
R2 MpsSvc;Brána Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
R2 NlaSvc;Sledování umístění v síti (NLA);c:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
R2 nsi;Služba rozhraní síťového úložiště;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [22.4.2009 4:33 586752]
R2 Power;Napájení;c:\windows\system32\svchost.exe -k DcomLaunch [22.4.2009 4:16 20992]
R2 ProfSvc;Služba Profil uživatele;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R2 RpcEptMapper;Mapovač koncových bodů protokolu RPC;c:\windows\system32\svchost.exe -k RPCSS [22.4.2009 4:16 20992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10.6.2009 5:33 232960]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [22.4.2009 4:52 34816]
R2 UxSms;Správce relací správce oken plochy;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [22.4.2009 4:16 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\System32\drivers\1394ohci.sys [22.4.2009 4:50 162816]
R3 Appinfo;Informace o aplikaci;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
R3 bowser;Ovladač podpory prohlížeče;c:\windows\System32\drivers\bowser.sys [22.4.2009 4:11 69632]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\System32\drivers\CompositeBus.sys [22.4.2009 4:43 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [22.4.2009 4:23 720384]
R3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 HomeGroupListener;Naslouchací proces domácí skupiny;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R3 HomeGroupProvider;Zprostředkovatel domácích skupin;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
R3 KeyIso;Izolace klíče CNG;c:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\drivers\monitor.sys [22.4.2009 4:23 23552]
R3 mpsdrv;Ovladač ověření brány Windows Firewall;c:\windows\System32\drivers\mpsdrv.sys [22.4.2009 4:51 60416]
R3 mrxsmb10;Mini-přesměrovač SMB 1.x;c:\windows\System32\drivers\mrxsmb10.sys [22.4.2009 4:11 220672]
R3 mrxsmb20;Mini-přesměrovač SMB 2.0;c:\windows\System32\drivers\mrxsmb20.sys [22.4.2009 4:11 94720]
R3 netprofm;Služba seznamu sítí;c:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [20.3.2009 16:22 1131264]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\drivers\agilevpn.sys [22.4.2009 4:53 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\drivers\rdpbus.sys [22.4.2009 5:01 18432]
R3 srv2;Ovladač pro server SMB 2.xxx;c:\windows\System32\drivers\srv2.sys [12.11.2009 3:00 306688]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [22.4.2009 4:12 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [22.4.2009 4:52 108032]
R3 umbus;UMBus Enumerator Driver;c:\windows\System32\drivers\umbus.sys [22.4.2009 4:50 39936]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [30.6.2009 12:46 91408]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [30.6.2009 12:46 99472]
R3 WdiServiceHost;Hostitel diagnostické služby;c:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
R3 WdiSystemHost;Hostitel diagnostického systému;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R3 WPDBusEnum;Služba Výčet přenosných zařízení;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28.9.2009 9:22 315392]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [16.9.2009 12:56 691696]
S2 gupdate1ca65dd45f55420;Služba Google Update (gupdate1ca65dd45f55420);c:\program files\Google\Update\GoogleUpdate.exe [15.11.2009 11:20 133104]
S2 MMCSS;Služba Plánovač multimédií;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S2 sppsvc;Ochrana před softwarem;c:\windows\System32\sppsvc.exe [22.4.2009 5:44 3179520]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\drivers\acpipmi.sys [22.4.2009 4:13 9728]
S3 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [20.3.2009 16:22 422992]
S3 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [22.4.2009 3:07 297552]
S3 amdsata;amdsata;c:\windows\System32\drivers\amdsata.sys [20.3.2009 16:23 77904]
S3 amdsbs;amdsbs;c:\windows\System32\drivers\amdsbs.sys [28.3.2009 5:45 159312]
S3 AppID;Ovladač AppID;c:\windows\System32\drivers\appid.sys [22.4.2009 4:35 50176]
S3 AppIDSvc;Identita aplikace;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [22.4.2009 3:07 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\drivers\bxvbdx.sys [20.3.2009 16:22 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [22.4.2009 3:01 229888]
S3 BDESVC;Služba BitLocker Drive Encryption;c:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [22.4.2009 5:55 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [22.4.2009 5:56 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [22.4.2009 5:53 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [22.4.2009 5:55 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [22.4.2009 5:55 12160]
S3 CertPropSvc;Šíření certifikátů;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [22.4.2009 4:49 37888]
S3 defragsvc;Defragmentace disku;c:\windows\system32\svchost.exe -k defragsvc [22.4.2009 4:16 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\drivers\evbdx.sys [20.3.2009 16:22 3100160]
S3 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [20.3.2009 16:23 453712]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [3.11.2009 12:44 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [3.11.2009 12:44 3072]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18.8.2005 7168]
S3 Filetrace;FileTrace;c:\windows\System32\drivers\filetrace.sys [22.4.2009 4:12 28160]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\drivers\fsdepends.sys [22.4.2009 4:12 45648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\System32\drivers\hcw85cir.sys [22.4.2009 3:52 26624]
S3 HpSAMD;HpSAMD;c:\windows\System32\drivers\HpSAMD.sys [22.4.2009 3:07 67152]
S3 iaStorV;iaStorV;c:\windows\System32\drivers\iaStorV.sys [15.4.2009 3:30 332368]
S3 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [22.4.2009 4:28 65536]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [22.4.2009 4:44 186960]
S3 KtmRm;Služba KTMRM pro koordinátor DTC;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;c:\windows\System32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [22.4.2009 3:07 95824]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [22.4.2009 3:07 89168]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\drivers\lsi_sas2.sys [22.4.2009 3:07 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [22.4.2009 3:07 96848]
S3 megasas;megasas;c:\windows\System32\drivers\megasas.sys [20.3.2009 16:23 30800]
S3 mpio;mpio;c:\windows\System32\drivers\mpio.sys [22.4.2009 4:44 130640]
S3 msahci;msahci;c:\windows\System32\drivers\msahci.sys [22.4.2009 4:44 27728]
S3 msdsm;msdsm;c:\windows\System32\drivers\msdsm.sys [22.4.2009 4:44 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [22.4.2009 4:49 4096]
S3 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [22.4.2009 4:09 162896]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\drivers\MTConfig.sys [22.4.2009 4:45 12288]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [22.4.2009 4:50 267264]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\System32\drivers\ndiscap.sys [22.4.2009 4:51 27136]
S3 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [22.4.2009 3:07 44624]
S3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe -k PeerDist [22.4.2009 4:16 20992]
S3 pla;Výstrahy a protokolování výkonu;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;c:\windows\System32\svchost.exe -k LocalServicePeerNet [22.4.2009 4:16 20992]
S3 ql2300;ql2300;c:\windows\System32\drivers\ql2300.sys [20.3.2009 16:23 1383504]
S3 ql40xx;ql40xx;c:\windows\System32\drivers\ql40xx.sys [22.4.2009 3:07 105552]
S3 s3cap;s3cap;c:\windows\System32\drivers\vms3cap.sys [22.4.2009 11:23 5632]
S3 scfilter;Ovladač filtru čipových karet třídy PnP;c:\windows\System32\drivers\scfilter.sys [22.4.2009 4:32 26624]
S3 SCPolicySvc;Zásady odebrání čipové karty;c:\windows\system32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 SDRSVC;Windows Zálohování;c:\windows\system32\svchost.exe -k SDRSVC [22.4.2009 4:16 20992]
S3 SensrSvc;Adaptivní jas;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [22.4.2009 4:44 12288]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [22.4.2009 3:07 77904]
S3 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);c:\windows\System32\drivers\smb.sys [22.4.2009 4:52 71168]
S3 sppuinotify;Služba Oznámení platformy SPP;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 stexstor;stexstor;c:\windows\System32\drivers\stexstor.sys [22.4.2009 3:07 21072]
S3 storvsc;storvsc;c:\windows\System32\drivers\storvsc.sys [22.4.2009 11:23 28240]
S3 TabletInputService;Služba Vstupní panel počítače Tablet PC;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 TBS;Služba TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 THREADORDER;Server pro řazení podprocesů;c:\windows\system32\svchost.exe -k LocalService [22.4.2009 4:16 20992]
S3 TrustedInstaller;Instalační služba modulů systému Windows;c:\windows\servicing\TrustedInstaller.exe [22.4.2009 4:20 204800]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [22.4.2009 5:00 30208]
S3 UI0Detect;Zjišťování interaktivních služeb;c:\windows\System32\UI0Detect.exe [22.4.2009 4:35 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [22.4.2009 4:23 57424]
S3 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [22.4.2009 4:49 86016]
S3 VaultSvc;Správce pověření;c:\windows\System32\lsass.exe [22.4.2009 4:09 22528]
S3 vhdmp;vhdmp;c:\windows\System32\drivers\vhdmp.sys [22.4.2009 4:44 158288]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [22.4.2009 4:08 52736]
S3 vmbus;vmbus;c:\windows\System32\drivers\vmbus.sys [22.4.2009 11:23 175824]
S3 VMBusHID;VMBusHID;c:\windows\System32\drivers\VMBusHID.sys [22.4.2009 11:23 17920]
S3 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [20.3.2009 16:23 141904]
S3 vwifibus;Ovladač sběrnice Virtual WiFi;c:\windows\System32\drivers\vwifibus.sys [22.4.2009 4:50 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [22.4.2009 4:45 21632]
S3 wbengine;Služba jádra pro zálohování dat na úrovni bloků;c:\windows\System32\wbengine.exe [22.4.2009 4:21 1203200]
S3 WbioSrvc;Biometrická služba systému Windows;c:\windows\system32\svchost.exe -k WbioSvcGroup [22.4.2009 4:16 20992]
S3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [22.4.2009 4:16 20992]
S3 Wd;Wd;c:\windows\System32\drivers\wd.sys [22.4.2009 4:08 19024]
S3 Wecsvc;Sběr událostí systému Windows;c:\windows\system32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 wercplsupport;Podpora ovládacího panelu Oznámení a řešení problémů;c:\windows\System32\svchost.exe -k netsvcs [22.4.2009 4:16 20992]
S3 WerSvc;Služba Zasílání zpráv o chybách systému Windows;c:\windows\System32\svchost.exe -k WerSvcGroup [22.4.2009 4:16 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [22.4.2009 4:15 19024]
S3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [22.4.2009 4:16 20992]
S3 Wlansvc;Automatická konfigurace sítě WLAN;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [22.4.2009 4:16 20992]
S3 WPCSvc;Rodičovská kontrola;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [22.4.2009 4:16 20992]
S3 WwanSvc;Automatická konfigurace sítě WWAN;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [22.4.2009 4:16 20992]
S4 Mcx2Svc;Služba zařízení Media Center Extender;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22.4.2009 4:16 20992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\1-Click Maintenance.job
- e:\tune up\OneClick.exe [2007-12-21 12:49]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 10:20]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 10:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath - c:\users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\0oeq67pi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\0oeq67pi.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\0oeq67pi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\windows.old\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\windows.old\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SysMon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:59
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1232422079-2090965275-3250108306-1001\Software\SecuROM\License information*]
"datasecu"=hex:78,07,5d,f9,b9,7e,ca,95,39,25,c1,ad,64,8c,d4,27,12,dd,84,e5,73,
4f,4d,04,8d,36,23,f2,d1,b7,15,9f,45,d1,66,e8,07,fb,95,6a,c5,51,41,2a,15,eb,\
"rkeysecu"=hex:85,32,f3,85,c0,ec,c3,57,c0,cc,c4,b6,c1,ae,af,81

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3224)
c:\program files\WinMatrix\Matrix Skin Pack\YzShadow\YzShadow.dll
.
Celkový čas: 2010-01-12 18:01:36
ComboFix-quarantined-files.txt 2010-01-12 17:01

Před spuštěním: Volných bajtů: 16 782 229 504
Po spuštění: Volných bajtů: 16 568 811 520

- - End Of File - - FBB5541FE867F27095F8E989BD9ADFA0

#4 Příspěvek od **motji** » 12 led 2010 21:28

Zkuste zda bude fungovat gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

pepinojablo · #5 Příspěvek od **pepinojablo** » 13 led 2010 13:04

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-13 12:43:14
Windows 6.1.7100
Running: gmer.exe; Driver: C:\Users\pepa\AppData\Local\Temp\kxldapow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8BD8E88E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8BD8E0EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8BD8DDCE]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8BD8F938]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8BD8DED8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8BD8DFC2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8BD8EBBC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8BD8E3F4]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8BD8E526]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8BD8DBFC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8BD8E70C]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83033AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83033104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830333F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301B634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830331DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83033958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830336F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83033F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830341A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82C42549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C626B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!ExQueueWorkItem + 240 82C6A9C4 4 Bytes CALL 59BC35A1
.text ntkrnlpa.exe!ExQueueWorkItem + 280 82C6AA04 4 Bytes [EC, E0, D8, 8B]
.text ntkrnlpa.exe!ExQueueWorkItem + 290 82C6AA14 4 Bytes [CE, DD, D8, 8B]
.text ntkrnlpa.exe!ExQueueWorkItem + 2C8 82C6AA4C 4 Bytes [38, F9, D8, 8B]
.text ntkrnlpa.exe!ExQueueWorkItem + 314 82C6AA98 4 Bytes [D8, DE, D8, 8B]
.text ...
.text peauth.sys 9AA2DC9D 28 Bytes [0F, 26, 2A, 4A, 9F, 2B, B8, ...]
.text peauth.sys 9AA2DCC1 28 Bytes [0F, 26, 2A, 4A, 9F, 2B, B8, ...]
? C:\Users\pepa\AppData\Local\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [7450245E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [744E55EF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [744E56AD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [745024D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [744F853B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [744F4CEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [744F5096] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [744F516B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744F6698] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [744F8292] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [744F87E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [744F9044] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [744FE1E7] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3224] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [744F4C21] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0xA1 0x7B 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x74 0x6C 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3A 0xFA 0xFA 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xF0 0xB1 0x58 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x57 0x5D 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAC 0x4C 0x7B 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x21 0x53 0xFF 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x33 0x08 0x3B 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0xA1 0x7B 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x74 0x6C 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3A 0xFA 0xFA 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xF0 0xB1 0x58 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x57 0x5D 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAC 0x4C 0x7B 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x21 0x53 0xFF 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x33 0x08 0x3B 0xA9 ...

---- EOF - GMER 1.0.15 ----

pepinojablo · #6 Příspěvek od **pepinojablo** » 13 led 2010 13:18

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-13 13:16:50
Windows 6.1.7100
Running: gmer.exe; Driver: C:\Users\pepa\AppData\Local\Temp\kxldapow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8C14C88E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8C14C0EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8C14BDCE]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8C14D938]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8C14BED8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8C14BFC2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8C14CBBC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8C14C3F4]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8C14C526]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8C14BBFC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8C14C70C]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83041AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83041104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830413F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83029634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83029898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830411DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83041958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830416F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83041F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830421A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82C50549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C706B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!ExQueueWorkItem + 240 82C789C4 4 Bytes [8E, C8, 14, 8C]
.text ntkrnlpa.exe!ExQueueWorkItem + 280 82C78A04 4 Bytes [EC, C0, 14, 8C]
.text ntkrnlpa.exe!ExQueueWorkItem + 290 82C78A14 4 Bytes [CE, BD, 14, 8C]
.text ntkrnlpa.exe!ExQueueWorkItem + 2C8 82C78A4C 4 Bytes [38, D9, 14, 8C] {CMP CL, BL; ADC AL, 0x8c}
.text ntkrnlpa.exe!ExQueueWorkItem + 314 82C78A98 4 Bytes [D8, BE, 14, 8C]
.text ...
? System32\Drivers\speu.sys Systém nemůže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 8CB13C85 5 Bytes JMP 8584E1D8
.text amrtfadc.SYS 8CB9A000 12 Bytes [44, C8, 02, 83, EE, C6, 02, ...]
.text amrtfadc.SYS 8CB9A00D 9 Bytes [A7, 02, 83, 48, CB, 02, 83, ...] {CMPSD ; ADD AL, [EBX-0x7cfd34b8]; ADD [EAX], AL}
.text amrtfadc.SYS 8CB9A017 157 Bytes [00, DE, 17, F1, 86, E6, 15, ...]
.text amrtfadc.SYS 8CB9A0B5 12 Bytes [48, C7, 82, D0, B4, C4, 82, ...]
.text amrtfadc.SYS 8CB9A0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text azpbpl8s.SYS 833C7000 12 Bytes [44, C8, 02, 83, EE, C6, 02, ...]
.text azpbpl8s.SYS 833C700D 9 Bytes [A7, 02, 83, 48, CB, 02, 83, ...] {CMPSD ; ADD AL, [EBX-0x7cfd34b8]; ADD [EAX], AL}
.text azpbpl8s.SYS 833C7017 157 Bytes [00, DE, 17, F1, 86, E6, 15, ...]
.text azpbpl8s.SYS 833C70B5 12 Bytes [48, C7, 82, D0, B4, C4, 82, ...]
.text azpbpl8s.SYS 833C70C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 97C0EC9D 28 Bytes [CF, 2E, 0E, 02, 0F, 1C, D6, ...]
.text peauth.sys 97C0ECC1 28 Bytes [CF, 2E, 0E, 02, 0F, 1C, D6, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A224A000 234 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 507B A224A0EB 432 Bytes [A2, 56, BE, 20, 55, 24, A2, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 522C A224A29C 74 Bytes [01, 00, 51, 51, 8B, CC, 6A, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5681 A224A6F1 71 Bytes [6A, 0C, 68, 58, 44, 24, A2, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 56C9 A224A739 74 Bytes [00, 33, C9, 84, C0, 0F, 94, ...]
PAGE ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [86E15042] \SystemRoot\System32\Drivers\speu.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [86E156D6] \SystemRoot\System32\Drivers\speu.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [86E15800] \SystemRoot\System32\Drivers\speu.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [86E1513E] \SystemRoot\System32\Drivers\speu.sys
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortNotification] 00008686
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortQuerySystemTime] 147D8000
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortReadPortUchar] 0C4D8B00
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortStallExecution] 8B484689
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortWritePortUchar] 41894046
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortWritePortUlong] 80107404
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000082BE
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 07740000
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortGetScatterGatherList] E31045C7
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortGetParentBusType] 8B000003
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortRequestCallback] 468B2456
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortWritePortBufferUshort] E8505220
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortGetUnCachedExtension] FFFFEBC4
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortCompleteRequest] 8508C483
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortCopyMemory] 6A0874FF
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortEtwTraceLog] D7FF5300
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 8B08C483
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] FF81107D
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 000003E5
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0128840F
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortInitialize] FF810000
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortGetDeviceBase] 000003E3
IAT \SystemRoot\System32\Drivers\amrtfadc.SYS[ataport.SYS!AtaPortDeviceStateChange] 0105840F
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\azpbpl8s.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7459245E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745755EF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745756AD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745924D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7458853B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74584CEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74585096] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7458516B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74586698] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74588292] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745887E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74589044] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7458E1E7] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74584C21] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8525A1F8
Device \Driver\volmgr \Device\VolMgrControl 845E81F8
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 8584D1F8
Device \Driver\usbehci \Device\USBPDO-1 858501F8
Device \Driver\volmgr \Device\HarddiskVolume1 845E81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 845E81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8579A500
Device \Driver\volmgr \Device\HarddiskVolume3 845E81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 8579A500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 852571F8
Device \Driver\atapi \Device\Ide\IdePort0 852571F8
Device \Driver\atapi \Device\Ide\IdePort1 852571F8
Device \Driver\cdrom \Device\CdRom2 8579A500
Device \Driver\USBSTOR \Device\00000080 8461D500
Device \Driver\volmgr \Device\HarddiskVolume4 845E81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 845E81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom3 8579A500
Device \Driver\volmgr \Device\HarddiskVolume6 845E81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom4 8579A500
Device \Driver\volmgr \Device\HarddiskVolume7 845E81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 857F9500
Device \Driver\volmgr \Device\HarddiskVolume8 845E81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume9 845E81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\PCI_PNP9392 \Device\0000005a speu.sys
Device \Driver\PCI_PNP9392 \Device\0000005b speu.sys
Device \Driver\nvstor \Device\RaidPort0 852581F8
Device \Driver\nvstor \Device\RaidPort1 852581F8
Device \Driver\nvstor \Device\0000006b 852581F8
Device \Driver\usbohci \Device\USBFDO-0 8584D1F8
Device \Driver\sptd \Device\123555392 speu.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{AE610389-52AA-4F41-B6A5-89A0074452DC} 857F9500
Device \Driver\usbehci \Device\USBFDO-1 858501F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8FB5034-F87E-4A86-AD47-8EAF60133A7F} 857F9500
Device \Driver\sptd \Device\123399392 speu.sys
Device \Driver\USBSTOR \Device\0000007c 8461D500
Device \Driver\USBSTOR \Device\0000007d 8461D500
Device \Driver\USBSTOR \Device\0000007e 8461D500
Device \Driver\USBSTOR \Device\0000007f 8461D500
Device \Driver\azpbpl8s \Device\Scsi\azpbpl8s1Port5Path0Target1Lun0 85A05500
Device \Driver\amrtfadc \Device\Scsi\amrtfadc1Port4Path0Target1Lun0 85A0F1F8
Device \Driver\amrtfadc \Device\Scsi\amrtfadc1 85A0F1F8
Device \Driver\azpbpl8s \Device\Scsi\azpbpl8s1Port5Path0Target0Lun0 85A05500
Device \Driver\amrtfadc \Device\Scsi\amrtfadc1Port4Path0Target0Lun0 85A0F1F8
Device \Driver\azpbpl8s \Device\Scsi\azpbpl8s1 85A05500

---- Threads - GMER 1.0.15 ----

Thread System [4:3240] A225830E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0xA1 0x7B 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x74 0x6C 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3A 0xFA 0xFA 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xF0 0xB1 0x58 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x04 0xF4 0x53 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAC 0x4C 0x7B 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x21 0x53 0xFF 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x33 0x08 0x3B 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x98 0xA1 0x7B 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x74 0x6C 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3A 0xFA 0xFA 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xF0 0xB1 0x58 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x04 0xF4 0x53 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAC 0x4C 0x7B 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x21 0x53 0xFF 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x33 0x08 0x3B 0xA9 ...

---- EOF - GMER 1.0.15 ----

#7 Příspěvek od **motji** » 13 led 2010 21:10

LOgy vypadají v pořádku, co počítač? Ještě něco odesílá?

pepinojablo · #8 Příspěvek od **pepinojablo** » 14 led 2010 08:36

Ano pořád odesílá. Nevím skusím ještě přeinstalovat winy. Ale děkuju za ochotu a Váš čas

#9 Příspěvek od **motji** » 14 led 2010 08:50

Můžeme ještě udělat pár testů, ale záleží na Vás.
Není zač.

pepinojablo · #10 Příspěvek od **pepinojablo** » 15 led 2010 23:23

Dobrý večer, můžeme se pokusit děkuji. A ještě mám jeden problém, nevím v čem je problém nainstaloval jsem norton internet security 2009 a od té doby je pc strašně pomalé, i když mi ukazuje zatížení procesoru minimální. U noda to tak nebylo

#11 Příspěvek od **motji** » 15 led 2010 23:26

Je možné, že pc příliš zatěžuje, norton není pro slabé stroje.

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku drivers, pak Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem

VIRY.CZ

odesílaní dat

odesílaní dat

Re: odesílaní dat

Re: odesílaní dat

Re: odesílaní dat

Re: odesílaní dat

Re: odesílaní dat

Re: odesílaní dat

Re: odesílaní dat

Re: odesílaní dat

Re: odesílaní dat

Re: odesílaní dat