Dobrý den,
jak napovídá nadpis mám problém se svchost.exe který mi vytěžuje CPU na 100%, běžim na Win XP
log z rsit
Logfile of random's system information tool 1.08 (written by random/random)
Run by mila at 2011-07-08 08:57:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (16%) free of 51 GB
Total RAM: 2039 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:38, on 8.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\dev\prog\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\dev\prog\Apache2\bin\Apache.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\dev\prog\mysql50\bin\mysqld-nt.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\cas\Čas 2.1\Cas 2.1.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\InterSystems\Cache\bin\csystray.exe
C:\dev\prog\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Documents and Settings\mila.ZABOJ-NB\Plocha\RSIT.exe
C:\Program Files\trend micro\mila.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\shareaza\razawebhook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Kerio VPN Client] "C:\Program Files\Kerio\VPN Client\kvpnclient.exe" /tryauto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Cas 2] C:\cas\Čas 2.1\Cas 2.1.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Display Stix - System tray] C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mila.ZABOJ-NB\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: CACHE.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\dev\prog\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - http://tbedits.smileycentral.com/one-to ... 2010103011
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with &Shareaza - res://c:\program files\shareaza\razawebhook32.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.wspk.cz
O16 - DPF: {43BD5CFC-1382-4282-8239-AEC0E7ECAA48} (CTBClient Control) - http://www.wspk.cz/internetbanking/inte ... roject.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8ABBEBD-0B80-4091-B3B0-2C5AAD97A11A} (ScreenShooter Control) - http://tapety.mojelogo.cz/ScreenShooter.ocx
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = icomtransport.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - (no file)
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\dev\prog\Apache2\bin\Apache.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Web Server for CACHE (CACHEhttpd) - Apache Software Foundation - C:\InterSystems\Cache\httpd\bin\httpd.exe
O23 - Service: Caché Controller for CACHE (Cache_c-_intersystems_cache) - InterSystems Corporation - c:\intersystems\cache\bin\cservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9f052b2e992ea) (gupdate1c9f052b2e992ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MySQL - Unknown owner - C:\dev\prog\mysql50\bin\mysqld-nt (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 17874 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ASC4_AutoCare.job
C:\WINDOWS\tasks\ASC4_AutoUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3856381951-346229265-3238917960-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3856381951-346229265-3238917960-1005UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{70C43FE2-E870-4E21-83B8-2A3F34065887}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
Shareaza Web Download Hook - c:\program files\shareaza\razawebhook32.dll [2010-02-06 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-03-12 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-06 842296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2010-10-06 1164568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}]
Kwyshell MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [2004-12-03 100864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - Kwyshell MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [2004-12-03 100864]
{EEE6C35B-6118-11DC-9C72-001320C79847} -
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-23 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"Kerio VPN Client"=C:\Program Files\Kerio\VPN Client\kvpnclient.exe [2006-05-02 2502656]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"StatusClient 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2003-10-01 61440]
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2003-06-10 155648]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2003-12-01 892928]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-09-10 218032]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"NetSoftware"=C:\Program Files\NetSoftware\Starter.exe [2011-01-03 156672]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Cas 2"=C:\cas\Čas 2.1\Cas 2.1.exe [2005-09-18 760320]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-14 68856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2006-11-26 984064]
"Display Stix - System tray"=C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe [2004-04-24 245760]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-10-06 488728]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"QIP Internet Guardian"=C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe [2011-03-22 191360]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-05-28 412560]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]
"Google Update"=C:\Documents and Settings\mila.ZABOJ-NB\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mila.ZABOJ-NB^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
[]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
CACHE.lnk - C:\InterSystems\Cache\bin\csystray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
Monitor Apache Servers.lnk - C:\dev\prog\Apache2\bin\ApacheMonitor.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\SYSTEM32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=64
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\mstsc.exe"="C:\WINDOWS\system32\mstsc.exe:*:Enabled:Remote Desktop Connection"
"E:\hra\empires2.exe"="E:\hra\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\hppapd.exe"="E:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"E:\setup\HPNTWKEXE.EXE"="E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
======File associations======
.js - edit -
.js - open -
.txt - open -
======List of files/folders created in the last 1 months======
2011-07-08 08:57:22 ----D---- C:\rsit
2011-07-08 08:57:22 ----D---- C:\Program Files\trend micro
2011-07-06 13:52:23 ----D---- C:\Program Files\Brain Workshop
2011-07-05 13:12:17 ----D---- C:\Program Files\Runtime Software
2011-07-04 21:58:01 ----D---- C:\archive_db
2011-07-04 21:57:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\launcher
2011-07-04 21:53:40 ----A---- C:\WINDOWS\system32\drivers\hotcore3.sys
2011-07-04 21:52:32 ----D---- C:\Program Files\Paragon Software
2011-06-30 07:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-28 20:11:40 ----D---- C:\Program Files\gs
2011-06-18 13:56:26 ----A---- C:\WINDOWS\system32\SmartDefragBootTime.exe
2011-06-18 13:56:24 ----A---- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys
2011-06-15 23:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-15 23:38:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-15 23:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-15 23:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-15 23:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-06-11 09:32:32 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-11 09:32:32 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-11 09:32:32 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 months======
2011-07-08 08:57:29 ----D---- C:\WINDOWS\Prefetch
2011-07-08 08:57:23 ----D---- C:\WINDOWS\Temp
2011-07-08 08:57:22 ----D---- C:\Program Files
2011-07-08 08:45:55 ----D---- C:\Program Files\NetSoftware
2011-07-08 08:44:37 ----D---- C:\WINDOWS\SMINST
2011-07-08 08:43:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\NetSoftware
2011-07-08 08:42:56 ----D---- C:\WINDOWS\system32
2011-07-08 08:42:46 ----SD---- C:\WINDOWS\Tasks
2011-07-08 08:42:01 ----D---- C:\WINDOWS
2011-07-08 08:40:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-07 20:02:14 ----D---- C:\Program Files\QIP Infium
2011-07-07 13:03:24 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-05 16:56:25 ----D---- C:\zastupci
2011-07-05 16:52:26 ----SHD---- C:\System Volume Information
2011-07-05 13:14:58 ----D---- C:\WINDOWS\repair
2011-07-05 13:11:27 ----A---- C:\WINDOWS\wincmd.ini
2011-07-05 12:02:44 ----D---- C:\Program Files\Mozilla Firefox
2011-07-05 11:23:45 ----HD---- C:\WINDOWS\inf
2011-07-05 11:23:33 ----D---- C:\WINDOWS\Registration
2011-07-04 21:53:44 ----HD---- C:\Config.Msi
2011-07-04 21:53:43 ----D---- C:\WINDOWS\system32\drivers
2011-07-04 21:53:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-04 21:53:39 ----SHD---- C:\WINDOWS\Installer
2011-07-04 09:23:16 ----D---- C:\Program Files\Microsoft Office
2011-07-02 12:27:45 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-07-01 17:10:47 ----SD---- C:\ostatni
2011-06-30 07:20:15 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-06-29 10:07:27 ----D---- C:\Program Files\Opera
2011-06-29 08:33:01 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-28 20:13:36 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\XnView
2011-06-24 15:41:06 ----D---- C:\Program Files\Bradbury
2011-06-24 15:16:50 ----RD---- C:\Program Files\Skype
2011-06-24 15:12:18 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\IObit
2011-06-24 11:33:06 ----D---- C:\Anička
2011-06-22 17:35:13 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-06-20 14:51:22 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\HpUpdate
2011-06-19 12:33:40 ----D---- C:\Program Files\RocketDock
2011-06-18 13:56:16 ----D---- C:\Program Files\IObit
2011-06-18 13:56:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-06-18 13:52:39 ----D---- C:\WINDOWS\Debug
2011-06-17 19:01:32 ----D---- C:\Program Files\Common Files\Adobe
2011-06-17 19:01:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-06-17 19:01:09 ----D---- C:\Program Files\Adobe
2011-06-16 09:36:29 ----RSD---- C:\WINDOWS\assembly
2011-06-16 09:32:53 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-16 09:08:51 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-16 09:08:48 ----D---- C:\WINDOWS\SxsCaPendDel
2011-06-15 23:48:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-15 23:47:55 ----D---- C:\WINDOWS\WinSxS
2011-06-15 23:40:42 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-15 23:38:31 ----A---- C:\WINDOWS\win.ini
2011-06-15 23:35:30 ----D---- C:\Program Files\Internet Explorer
2011-06-15 22:27:32 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-11 10:54:02 ----RASH---- C:\boot.ini
2011-06-11 09:32:49 ----D---- C:\Program Files\Common Files\Java
2011-06-11 09:32:30 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-08-30 88752]
R0 hotcore3;hc3ServiceName; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2011-01-21 57112]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\DRIVERS\iaStor.sys [2005-10-12 874240]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-20 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-05 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2011-01-21 381032]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2011-01-21 40824]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-18 401664]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-18 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-18 1342570]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-18 148168]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-19 57096]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2003-11-09 12953]
R3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2006-03-29 59392]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-11-07 25502]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S0 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys []
S0 fgdxbus;fgdxbus; C:\WINDOWS\system32\DRIVERS\fgdxbus.sys []
S0 FGXSCSI;FGXSCSI; C:\WINDOWS\system32\DRIVERS\fgxscsi.sys []
S0 FVXSCSI;FVXSCSI; C:\WINDOWS\system32\DRIVERS\fvxscsi.sys []
S1 MpKsl032787f3;MpKsl032787f3; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl032787f3.sys []
S1 MpKsl204821fd;MpKsl204821fd; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E07931A2-AA4E-48A0-8D6A-275373C7C690}\MpKsl204821fd.sys []
S1 MpKsl24681ba6;MpKsl24681ba6; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6940B8B5-EB06-44B3-9950-BC55268937B6}\MpKsl24681ba6.sys []
S1 MpKsl2733323f;MpKsl2733323f; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C426FC02-27D4-4A1C-9F54-1248A5C676AF}\MpKsl2733323f.sys []
S1 MpKsl313f50d0;MpKsl313f50d0; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E05B8FF8-E446-4879-9C06-55C461B5B33B}\MpKsl313f50d0.sys []
S1 MpKsl3420b497;MpKsl3420b497; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl3420b497.sys []
S1 MpKsl45888a70;MpKsl45888a70; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl45888a70.sys []
S1 MpKsl64d9961c;MpKsl64d9961c; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{35C73071-EE3C-43D4-8F51-FDEAC9D28A63}\MpKsl64d9961c.sys []
S1 MpKsl7330c26e;MpKsl7330c26e; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl7330c26e.sys []
S1 MpKsl7c1f8b7d;MpKsl7c1f8b7d; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{058C6446-39F8-4DFD-BAB7-FF3E2C642CB4}\MpKsl7c1f8b7d.sys []
S1 MpKsl7f57db7d;MpKsl7f57db7d; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{40BAFBAC-5F6C-4ABD-B13D-4DD88ED82E9D}\MpKsl7f57db7d.sys []
S1 MpKsl9a004da9;MpKsl9a004da9; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{84A283B8-5743-4D6B-82C4-610631649A68}\MpKsl9a004da9.sys []
S1 MpKslada24f2d;MpKslada24f2d; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0D83CA36-5DC1-4415-B2F3-0A5FFC91C8B7}\MpKslada24f2d.sys []
S1 MpKslbb66c658;MpKslbb66c658; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKslbb66c658.sys []
S1 MpKslc05ffed4;MpKslc05ffed4; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A273AF4A-EF04-4875-AEEA-A9E62BEB48DB}\MpKslc05ffed4.sys []
S1 MpKsleb45a602;MpKsleb45a602; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKsleb45a602.sys []
S1 MpKsled57a203;MpKsled57a203; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E8058111-D3F9-42F2-B038-AD44240B6BD4}\MpKsled57a203.sys []
S2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
S3 ayec1n76;ayec1n76; C:\WINDOWS\system32\drivers\ayec1n76.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 elSerial;elSerial Filter driver; C:\WINDOWS\system32\DRIVERS\elserial.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-05-18 25280]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 MA-620;Mobile Action MA-620 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\MA-620.sys [2003-03-25 27136]
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ubi_bus.sys [2005-09-05 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter; C:\WINDOWS\system32\DRIVERS\ubi_mdfl.sys [2005-09-05 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers; C:\WINDOWS\system32\DRIVERS\ubi_mdm.sys [2005-09-05 93872]
S3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-04-26 111280]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 VmbInfce;VmbInfce; C:\WINDOWS\system32\drivers\vmbinfce.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC0305;Look 316; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-08-02 1466624]
S4 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R2 Apache2;Apache2; C:\dev\prog\Apache2\bin\Apache.exe [2008-01-17 20541]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-18 258103]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-03-15 135168]
R2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
R2 MySQL;MySQL; C:\dev\prog\mysql50\bin\mysqld-nt --defaults-file=C:\dev\prog\mysql50\my.ini MySQL []
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 FileZilla Server;FileZilla Server FTP server; c:\xampp\filezillaftp\filezillaserver.exe []
S2 gupdate1c9f052b2e992ea;Služba Google Update (gupdate1c9f052b2e992ea); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-18 183280]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE --ntservice []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Cache_c-_intersystems_cache;Caché Controller for CACHE; c:\intersystems\cache\bin\cservice.exe [2008-10-17 73728]
S3 CACHEhttpd;Web Server for CACHE; C:\InterSystems\Cache\httpd\bin\httpd.exe [2008-10-17 20541]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-24 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Podpora programu Windows Media Connect (WMC); C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Nevíte co s tím?
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
svchost vytěžuje CPU na 100%
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: svchost vytěžuje CPU na 100%
Zdravím, tohle fixni v HJT :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\shareaza\razawebhook32.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mila.ZABOJ-NB\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\mila.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Služba Google Update (gupdate1c9f052b2e992ea)
Služba Google Update (gupdatem)
Google Software Updater (gusvc)
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj IObitu (Advanced SystemCare)
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\shareaza\razawebhook32.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\mila.ZABOJ-NB\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\mila.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Služba Google Update (gupdate1c9f052b2e992ea)
Služba Google Update (gupdatem)
Google Software Updater (gusvc)
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj IObitu (Advanced SystemCare)
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: svchost vytěžuje CPU na 100%
Udělal jsem všechno jak jsem měl, ale nejde mi vypnout rezidentni ochrana 
, vadilo by hodně kdyby jsem ho nechal puštěný? Nebo se mám pokoušet dál nějak to zakázat?
, vadilo by hodně kdyby jsem ho nechal puštěný? Nebo se mám pokoušet dál nějak to zakázat?Re: svchost vytěžuje CPU na 100%
Když klineš pravým myšítkem na ikonu NODu u hodin tak je tam volba Vypnout antivirovou ochranu.
Pokud to nepůjde ComboFix spusť, on bude maximálně řvát že je to zaplé a měl by se spustit.
Pokud to nepůjde ComboFix spusť, on bude maximálně řvát že je to zaplé a měl by se spustit.
Re: svchost vytěžuje CPU na 100%
Co to vím jenže z nějakého důvodu mi to nebere heslo, tak jsem to pustil s tim
ComboFix 11-07-07.06 - mila 08.07.2011 15:55:29.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1313 [GMT 2:00]
Spuštěný z: c:\documents and settings\mila.ZABOJ-NB\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-08 do 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-08 13:11 . 2011-07-08 13:12 -------- d-----w- c:\documents and settings\mila.ZABOJ-NB\Data aplikací\Passware
2011-07-08 08:12 . 2011-07-08 08:19 -------- d-----w- c:\program files\NOD32view
2011-07-08 07:45 . 2011-07-08 13:50 -------- d-----w- c:\program files\Passware
2011-07-08 06:57 . 2011-07-08 12:14 -------- d-----w- c:\program files\trend micro
2011-07-08 06:57 . 2011-07-08 06:57 -------- d-----w- C:\rsit
2011-07-06 11:52 . 2011-07-06 11:52 -------- d-----w- c:\program files\Brain Workshop
2011-07-05 11:12 . 2011-07-05 11:12 -------- d-----w- c:\program files\Runtime Software
2011-07-04 19:58 . 2011-07-04 19:58 -------- d-----w- C:\archive_db
2011-07-04 19:57 . 2011-07-04 19:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\launcher
2011-07-04 19:53 . 2011-01-21 12:52 57112 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-07-04 19:52 . 2011-07-04 19:52 -------- d-----w- c:\program files\Paragon Software
2011-06-28 18:11 . 2011-06-28 18:17 -------- d-----w- c:\program files\gs
2011-06-21 14:15 . 2011-06-21 14:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 14:15 . 2011-06-21 14:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-15 20:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 12:46 . 2011-05-15 10:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52 . 2010-05-02 11:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2008-09-05 06:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2004-08-18 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 08:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 13:10 . 2011-05-03 14:57 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-04-26 13:10 . 2011-04-26 13:10 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-04-26 13:10 . 2011-05-03 14:57 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-04-25 16:06 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 08:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 08:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-21 14:15 . 2011-03-22 19:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]
"Display Stix - System tray"="c:\program files\Fractalis Software\Display Stix 2.5\dstix.exe" [2004-04-24 245760]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-06 488728]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"QIP Internet Guardian"="c:\documents and settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe" [2011-03-22 191360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpnclient.exe" [2006-05-02 2502656]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-09-30 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2011-01-03 156672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Cas 2"="c:\cas\Čas 2.1\Cas 2.1.exe" [2005-09-18 760320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
CACHE.lnk - c:\intersystems\Cache\bin\csystray.exe [2009-6-12 843776]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-4-24 184320]
Monitor Apache Servers.lnk - c:\dev\prog\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^mila.ZABOJ-NB^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4.7.2011 21:53 57112]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 8:37 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.11.2007 15:06 35168]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 10:00 14336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [27.9.2010 22:08 20072]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
R3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [1.8.2008 11:24 12953]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [29.3.2006 22:06 59392]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2010 11:17 25088]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S1 MpKsl032787f3;MpKsl032787f3;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl032787f3.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl032787f3.sys [?]
S1 MpKsl204821fd;MpKsl204821fd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E07931A2-AA4E-48A0-8D6A-275373C7C690}\MpKsl204821fd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E07931A2-AA4E-48A0-8D6A-275373C7C690}\MpKsl204821fd.sys [?]
S1 MpKsl24681ba6;MpKsl24681ba6;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6940B8B5-EB06-44B3-9950-BC55268937B6}\MpKsl24681ba6.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6940B8B5-EB06-44B3-9950-BC55268937B6}\MpKsl24681ba6.sys [?]
S1 MpKsl2733323f;MpKsl2733323f;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C426FC02-27D4-4A1C-9F54-1248A5C676AF}\MpKsl2733323f.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C426FC02-27D4-4A1C-9F54-1248A5C676AF}\MpKsl2733323f.sys [?]
S1 MpKsl313f50d0;MpKsl313f50d0;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E05B8FF8-E446-4879-9C06-55C461B5B33B}\MpKsl313f50d0.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E05B8FF8-E446-4879-9C06-55C461B5B33B}\MpKsl313f50d0.sys [?]
S1 MpKsl3420b497;MpKsl3420b497;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl3420b497.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl3420b497.sys [?]
S1 MpKsl45888a70;MpKsl45888a70;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl45888a70.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl45888a70.sys [?]
S1 MpKsl64d9961c;MpKsl64d9961c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{35C73071-EE3C-43D4-8F51-FDEAC9D28A63}\MpKsl64d9961c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{35C73071-EE3C-43D4-8F51-FDEAC9D28A63}\MpKsl64d9961c.sys [?]
S1 MpKsl7330c26e;MpKsl7330c26e;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl7330c26e.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl7330c26e.sys [?]
S1 MpKsl7c1f8b7d;MpKsl7c1f8b7d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{058C6446-39F8-4DFD-BAB7-FF3E2C642CB4}\MpKsl7c1f8b7d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{058C6446-39F8-4DFD-BAB7-FF3E2C642CB4}\MpKsl7c1f8b7d.sys [?]
S1 MpKsl7f57db7d;MpKsl7f57db7d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{40BAFBAC-5F6C-4ABD-B13D-4DD88ED82E9D}\MpKsl7f57db7d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{40BAFBAC-5F6C-4ABD-B13D-4DD88ED82E9D}\MpKsl7f57db7d.sys [?]
S1 MpKsl9a004da9;MpKsl9a004da9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{84A283B8-5743-4D6B-82C4-610631649A68}\MpKsl9a004da9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{84A283B8-5743-4D6B-82C4-610631649A68}\MpKsl9a004da9.sys [?]
S1 MpKslada24f2d;MpKslada24f2d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0D83CA36-5DC1-4415-B2F3-0A5FFC91C8B7}\MpKslada24f2d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0D83CA36-5DC1-4415-B2F3-0A5FFC91C8B7}\MpKslada24f2d.sys [?]
S1 MpKslbb66c658;MpKslbb66c658;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKslbb66c658.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKslbb66c658.sys [?]
S1 MpKslc05ffed4;MpKslc05ffed4;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A273AF4A-EF04-4875-AEEA-A9E62BEB48DB}\MpKslc05ffed4.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A273AF4A-EF04-4875-AEEA-A9E62BEB48DB}\MpKslc05ffed4.sys [?]
S1 MpKsleb45a602;MpKsleb45a602;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKsleb45a602.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKsleb45a602.sys [?]
S1 MpKsled57a203;MpKsled57a203;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E8058111-D3F9-42F2-B038-AD44240B6BD4}\MpKsled57a203.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E8058111-D3F9-42F2-B038-AD44240B6BD4}\MpKsled57a203.sys [?]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [28.1.2011 21:04 21992]
S3 Cache_c-_intersystems_cache;Caché Controller for CACHE;c:\intersystems\Cache\Bin\cservice.exe [12.6.2009 10:13 73728]
S3 CACHEhttpd;Web Server for CACHE;c:\intersystems\Cache\httpd\bin\httpd.exe [12.6.2009 10:14 20541]
S3 elSerial;elSerial Filter driver;c:\windows\system32\DRIVERS\elserial.sys --> c:\windows\system32\DRIVERS\elserial.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [1.4.2011 22:35 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1.4.2011 22:35 100736]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 19:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 19:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 19:34 93872]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [26.4.2011 15:10 111280]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys --> c:\windows\system32\drivers\vmbinfce.sys [?]
S3 ZSMC0305;Look 316;c:\windows\system32\drivers\usbVM305.sys [8.3.2009 21:25 1466624]
S4 gupdate1c9f052b2e992ea;Služba Google Update (gupdate1c9f052b2e992ea);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2009 22:23 133104]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2009 22:23 133104]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - GUPDATEM
*Deregistered* - SmartDefragDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
.
2011-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-02 20:22]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 20:23]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 20:23]
.
2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{70C43FE2-E870-4E21-83B8-2A3F34065887}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\FlashGetBHO\GetAllUrl.htm
Trusted Zone: wspk.cz\www
DPF: {43BD5CFC-1382-4282-8239-AEC0E7ECAA48} - hxxp://www.wspk.cz/internetbanking/internetban ... roject.cab
DPF: {E8ABBEBD-0B80-4091-B3B0-2C5AAD97A11A} - hxxp://tapety.mojelogo.cz/ScreenShooter.ocx
FF - ProfilePath - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\Mozilla\Firefox\Profiles\orxgvx9o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://tv.sms.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: general.useragent.extra.zencast -
.
.
------- Asociace souborů -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-08 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????c??????n??|?????? ??4B??????????????hB? ????c?
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\mila.ZABOJ-NB\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\mila.ZABOJ-NB\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="93ED3FBA78EB14AE0826365DCDBF08D89BE5EA1025BD6F1244EA5BC758C099E9F110743BC22615BA056DBBE8C35325CF53C50BE0C90EC2E04642D96BF29D3458F57D19F5BC3FA86E695F9CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794BA7FD869164D67949EA37CFB51BD2F71F890B5E975509AE59EA6A3B07918C223B5164B0D4C4D5417A3A6782D9C48B5CF7964B9D2E93162E739DE1F05724E9C7D647B505769D0624259CD71B4FE42C10E088A57C7BAFB7191F0058A6B23A5B98B773C202D3456BB94FC7CD8602DB0EFF957881A3FA1220D2B0EDE2E21E8A233ABEC82DE365213E1A7E0DB526130974C882F29C416AD9AF2206C788BCB78CD8D64D539E9023CBECA3AEC5A3650E4805C4EE9794C8B3EE0D2807B9F527556B049DDD611CF013A1762AD19A81126FB799707784DD9410BF35180C069EA87605C5566AA7DD588EFDB8408753BA442FA9467925CB94C419DD4047754AC6E54426497EC9DB77152CFD2057323CC64E5B8E6AA722E983474538BFA626203AB1100DF698811BACEFB20C4293D595879B7638A35CE9809D62C5E2232E02B4CA654EF6A176F7AC74D067E7C2A5861A0BFC2FB1C4EF05BEBAE1A44A7A035022D949A3EA3618162638156D94C36599AAA4776D6BEAF49C868E8575E2F2CC8D00ADFC5E7B0FEBCE7D3B1377608F07B763FD5221D968A6AC969665EDA4E32281311A619C03797483A27DAD46B09EE1B7B6A637E4ACE7F0AD71BBC0FBB208281592EBD3DEF64C76C202CA940A52BB9BBC3809CA5B194A70583EFB62CD643E02AC79729BE6F662195F17705F0E34F51027D92611575988CD86F1FD15DD459859995C2A58D8DF1A9D41E6183BD3A5BA6B8EB7DC7B08F11AE2952233D2EB50C9B6A91EA9F7EEE3ED85FA3066E6690B51F4D645B963DCC397F3C7939E00EC803C4DE9990BAC908879D0E1B46480B224C155251104B664DCBE6FC4263555035ED15592374CC0CA58DD65DAAC4C3300011577B31BE96B9070D3FFAA0E7E72CF47F12E136A061456513DAEE91E946C18C7527A595D05C2AC141D8E81CD11BBD55EE3AA46EDCB65AB960F1869FE36E0B8075BBCCA6F3358E9AB1751E4EEEA383F6757C71FDBB3F946B40D90FBB9F0A3EE68BBD149C1A6EA0822D4D14E950EAE051523E3CA60E209D92834313DD541DF09FB8CB4146F6867E3D85896AAECC8F9E2EC9D49C426B360920FC534494785F9B5F82F6BC0784B52B658E4BE4F5FEE1E5AA208ECE3DAF0FC8D50523F800483B9C2DF04795D37FE08C662425E8AAC467C8B8A1ABB316F96CB6C977BF29D44451356411357D3769266D81221C034CBF5B399D9CDE4DE3ACC50FE8B22970DEB0F40A36F2AE4BD08756FB4B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1456)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
- - - - - - - > 'explorer.exe'(3096)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\BIN\ItMsg.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\ESTsoft\ALSong\asBand.dll
c:\program files\Stardock\Object Desktop\IconPackager\shellext.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-07-08 16:19:52
ComboFix-quarantined-files.txt 2011-07-08 14:19
ComboFix2.txt 2011-07-08 09:28
.
Před spuštěním: 8 594 735 104
Po spuštění: 8 598 937 600
.
- - End Of File - - 473D3B88525132DD0C1FA6DA7DE4358C
ComboFix 11-07-07.06 - mila 08.07.2011 15:55:29.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1313 [GMT 2:00]
Spuštěný z: c:\documents and settings\mila.ZABOJ-NB\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-08 do 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-08 13:11 . 2011-07-08 13:12 -------- d-----w- c:\documents and settings\mila.ZABOJ-NB\Data aplikací\Passware
2011-07-08 08:12 . 2011-07-08 08:19 -------- d-----w- c:\program files\NOD32view
2011-07-08 07:45 . 2011-07-08 13:50 -------- d-----w- c:\program files\Passware
2011-07-08 06:57 . 2011-07-08 12:14 -------- d-----w- c:\program files\trend micro
2011-07-08 06:57 . 2011-07-08 06:57 -------- d-----w- C:\rsit
2011-07-06 11:52 . 2011-07-06 11:52 -------- d-----w- c:\program files\Brain Workshop
2011-07-05 11:12 . 2011-07-05 11:12 -------- d-----w- c:\program files\Runtime Software
2011-07-04 19:58 . 2011-07-04 19:58 -------- d-----w- C:\archive_db
2011-07-04 19:57 . 2011-07-04 19:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\launcher
2011-07-04 19:53 . 2011-01-21 12:52 57112 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-07-04 19:52 . 2011-07-04 19:52 -------- d-----w- c:\program files\Paragon Software
2011-06-28 18:11 . 2011-06-28 18:17 -------- d-----w- c:\program files\gs
2011-06-21 14:15 . 2011-06-21 14:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 14:15 . 2011-06-21 14:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-15 20:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 12:46 . 2011-05-15 10:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52 . 2010-05-02 11:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2008-09-05 06:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2004-08-18 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 08:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 13:10 . 2011-05-03 14:57 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-04-26 13:10 . 2011-04-26 13:10 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-04-26 13:10 . 2011-05-03 14:57 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-04-25 16:06 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 08:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 08:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-21 14:15 . 2011-03-22 19:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]
"Display Stix - System tray"="c:\program files\Fractalis Software\Display Stix 2.5\dstix.exe" [2004-04-24 245760]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-06 488728]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"QIP Internet Guardian"="c:\documents and settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe" [2011-03-22 191360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpnclient.exe" [2006-05-02 2502656]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-09-30 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2011-01-03 156672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Cas 2"="c:\cas\Čas 2.1\Cas 2.1.exe" [2005-09-18 760320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
CACHE.lnk - c:\intersystems\Cache\bin\csystray.exe [2009-6-12 843776]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-4-24 184320]
Monitor Apache Servers.lnk - c:\dev\prog\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^mila.ZABOJ-NB^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4.7.2011 21:53 57112]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 8:37 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.11.2007 15:06 35168]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 10:00 14336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [27.9.2010 22:08 20072]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
R3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [1.8.2008 11:24 12953]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [29.3.2006 22:06 59392]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2010 11:17 25088]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S1 MpKsl032787f3;MpKsl032787f3;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl032787f3.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl032787f3.sys [?]
S1 MpKsl204821fd;MpKsl204821fd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E07931A2-AA4E-48A0-8D6A-275373C7C690}\MpKsl204821fd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E07931A2-AA4E-48A0-8D6A-275373C7C690}\MpKsl204821fd.sys [?]
S1 MpKsl24681ba6;MpKsl24681ba6;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6940B8B5-EB06-44B3-9950-BC55268937B6}\MpKsl24681ba6.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6940B8B5-EB06-44B3-9950-BC55268937B6}\MpKsl24681ba6.sys [?]
S1 MpKsl2733323f;MpKsl2733323f;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C426FC02-27D4-4A1C-9F54-1248A5C676AF}\MpKsl2733323f.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C426FC02-27D4-4A1C-9F54-1248A5C676AF}\MpKsl2733323f.sys [?]
S1 MpKsl313f50d0;MpKsl313f50d0;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E05B8FF8-E446-4879-9C06-55C461B5B33B}\MpKsl313f50d0.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E05B8FF8-E446-4879-9C06-55C461B5B33B}\MpKsl313f50d0.sys [?]
S1 MpKsl3420b497;MpKsl3420b497;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl3420b497.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl3420b497.sys [?]
S1 MpKsl45888a70;MpKsl45888a70;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl45888a70.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{31A207DC-3780-4195-8094-6501DFAF2251}\MpKsl45888a70.sys [?]
S1 MpKsl64d9961c;MpKsl64d9961c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{35C73071-EE3C-43D4-8F51-FDEAC9D28A63}\MpKsl64d9961c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{35C73071-EE3C-43D4-8F51-FDEAC9D28A63}\MpKsl64d9961c.sys [?]
S1 MpKsl7330c26e;MpKsl7330c26e;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl7330c26e.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D9DAA4DC-F35F-4705-B01A-3C60B0D06B0E}\MpKsl7330c26e.sys [?]
S1 MpKsl7c1f8b7d;MpKsl7c1f8b7d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{058C6446-39F8-4DFD-BAB7-FF3E2C642CB4}\MpKsl7c1f8b7d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{058C6446-39F8-4DFD-BAB7-FF3E2C642CB4}\MpKsl7c1f8b7d.sys [?]
S1 MpKsl7f57db7d;MpKsl7f57db7d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{40BAFBAC-5F6C-4ABD-B13D-4DD88ED82E9D}\MpKsl7f57db7d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{40BAFBAC-5F6C-4ABD-B13D-4DD88ED82E9D}\MpKsl7f57db7d.sys [?]
S1 MpKsl9a004da9;MpKsl9a004da9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{84A283B8-5743-4D6B-82C4-610631649A68}\MpKsl9a004da9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{84A283B8-5743-4D6B-82C4-610631649A68}\MpKsl9a004da9.sys [?]
S1 MpKslada24f2d;MpKslada24f2d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0D83CA36-5DC1-4415-B2F3-0A5FFC91C8B7}\MpKslada24f2d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{0D83CA36-5DC1-4415-B2F3-0A5FFC91C8B7}\MpKslada24f2d.sys [?]
S1 MpKslbb66c658;MpKslbb66c658;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKslbb66c658.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKslbb66c658.sys [?]
S1 MpKslc05ffed4;MpKslc05ffed4;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A273AF4A-EF04-4875-AEEA-A9E62BEB48DB}\MpKslc05ffed4.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A273AF4A-EF04-4875-AEEA-A9E62BEB48DB}\MpKslc05ffed4.sys [?]
S1 MpKsleb45a602;MpKsleb45a602;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKsleb45a602.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9A59BEDC-88DE-4232-B654-FE8B1C8AA79E}\MpKsleb45a602.sys [?]
S1 MpKsled57a203;MpKsled57a203;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E8058111-D3F9-42F2-B038-AD44240B6BD4}\MpKsled57a203.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E8058111-D3F9-42F2-B038-AD44240B6BD4}\MpKsled57a203.sys [?]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [28.1.2011 21:04 21992]
S3 Cache_c-_intersystems_cache;Caché Controller for CACHE;c:\intersystems\Cache\Bin\cservice.exe [12.6.2009 10:13 73728]
S3 CACHEhttpd;Web Server for CACHE;c:\intersystems\Cache\httpd\bin\httpd.exe [12.6.2009 10:14 20541]
S3 elSerial;elSerial Filter driver;c:\windows\system32\DRIVERS\elserial.sys --> c:\windows\system32\DRIVERS\elserial.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [1.4.2011 22:35 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1.4.2011 22:35 100736]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 19:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 19:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 19:34 93872]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [26.4.2011 15:10 111280]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys --> c:\windows\system32\drivers\vmbinfce.sys [?]
S3 ZSMC0305;Look 316;c:\windows\system32\drivers\usbVM305.sys [8.3.2009 21:25 1466624]
S4 gupdate1c9f052b2e992ea;Služba Google Update (gupdate1c9f052b2e992ea);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2009 22:23 133104]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2009 22:23 133104]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - GUPDATEM
*Deregistered* - SmartDefragDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
.
2011-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-02 20:22]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 20:23]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 20:23]
.
2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{70C43FE2-E870-4E21-83B8-2A3F34065887}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\FlashGetBHO\GetAllUrl.htm
Trusted Zone: wspk.cz\www
DPF: {43BD5CFC-1382-4282-8239-AEC0E7ECAA48} - hxxp://www.wspk.cz/internetbanking/internetban ... roject.cab
DPF: {E8ABBEBD-0B80-4091-B3B0-2C5AAD97A11A} - hxxp://tapety.mojelogo.cz/ScreenShooter.ocx
FF - ProfilePath - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\Mozilla\Firefox\Profiles\orxgvx9o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://tv.sms.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: general.useragent.extra.zencast -
.
.
------- Asociace souborů -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-08 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????c??????n??|?????? ??4B??????????????hB? ????c?
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\mila.ZABOJ-NB\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\mila.ZABOJ-NB\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="93ED3FBA78EB14AE0826365DCDBF08D89BE5EA1025BD6F1244EA5BC758C099E9F110743BC22615BA056DBBE8C35325CF53C50BE0C90EC2E04642D96BF29D3458F57D19F5BC3FA86E695F9CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794BA7FD869164D67949EA37CFB51BD2F71F890B5E975509AE59EA6A3B07918C223B5164B0D4C4D5417A3A6782D9C48B5CF7964B9D2E93162E739DE1F05724E9C7D647B505769D0624259CD71B4FE42C10E088A57C7BAFB7191F0058A6B23A5B98B773C202D3456BB94FC7CD8602DB0EFF957881A3FA1220D2B0EDE2E21E8A233ABEC82DE365213E1A7E0DB526130974C882F29C416AD9AF2206C788BCB78CD8D64D539E9023CBECA3AEC5A3650E4805C4EE9794C8B3EE0D2807B9F527556B049DDD611CF013A1762AD19A81126FB799707784DD9410BF35180C069EA87605C5566AA7DD588EFDB8408753BA442FA9467925CB94C419DD4047754AC6E54426497EC9DB77152CFD2057323CC64E5B8E6AA722E983474538BFA626203AB1100DF698811BACEFB20C4293D595879B7638A35CE9809D62C5E2232E02B4CA654EF6A176F7AC74D067E7C2A5861A0BFC2FB1C4EF05BEBAE1A44A7A035022D949A3EA3618162638156D94C36599AAA4776D6BEAF49C868E8575E2F2CC8D00ADFC5E7B0FEBCE7D3B1377608F07B763FD5221D968A6AC969665EDA4E32281311A619C03797483A27DAD46B09EE1B7B6A637E4ACE7F0AD71BBC0FBB208281592EBD3DEF64C76C202CA940A52BB9BBC3809CA5B194A70583EFB62CD643E02AC79729BE6F662195F17705F0E34F51027D92611575988CD86F1FD15DD459859995C2A58D8DF1A9D41E6183BD3A5BA6B8EB7DC7B08F11AE2952233D2EB50C9B6A91EA9F7EEE3ED85FA3066E6690B51F4D645B963DCC397F3C7939E00EC803C4DE9990BAC908879D0E1B46480B224C155251104B664DCBE6FC4263555035ED15592374CC0CA58DD65DAAC4C3300011577B31BE96B9070D3FFAA0E7E72CF47F12E136A061456513DAEE91E946C18C7527A595D05C2AC141D8E81CD11BBD55EE3AA46EDCB65AB960F1869FE36E0B8075BBCCA6F3358E9AB1751E4EEEA383F6757C71FDBB3F946B40D90FBB9F0A3EE68BBD149C1A6EA0822D4D14E950EAE051523E3CA60E209D92834313DD541DF09FB8CB4146F6867E3D85896AAECC8F9E2EC9D49C426B360920FC534494785F9B5F82F6BC0784B52B658E4BE4F5FEE1E5AA208ECE3DAF0FC8D50523F800483B9C2DF04795D37FE08C662425E8AAC467C8B8A1ABB316F96CB6C977BF29D44451356411357D3769266D81221C034CBF5B399D9CDE4DE3ACC50FE8B22970DEB0F40A36F2AE4BD08756FB4B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1456)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
- - - - - - - > 'explorer.exe'(3096)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\BIN\ItMsg.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\ESTsoft\ALSong\asBand.dll
c:\program files\Stardock\Object Desktop\IconPackager\shellext.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-07-08 16:19:52
ComboFix-quarantined-files.txt 2011-07-08 14:19
ComboFix2.txt 2011-07-08 09:28
.
Před spuštěním: 8 594 735 104
Po spuštění: 8 598 937 600
.
- - End Of File - - 473D3B88525132DD0C1FA6DA7DE4358C
Re: svchost vytěžuje CPU na 100%
Než budeme pokračovat tak se zeptám, tohle :
c:\program files\NOD32view
je co za antivir ?
A tím pádem jaké potřebuješ heslo na stopnutí NODu ?
Dále tohle :
c:\windows\Creator\Remind_XP.exe
otestuj na VIRUSTOTAL
(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor
trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)
Pokud ti to napíše že soubor již byl testován nech otestovat znovu.
c:\program files\NOD32view
je co za antivir ?
A tím pádem jaké potřebuješ heslo na stopnutí NODu ?
Dále tohle :
c:\windows\Creator\Remind_XP.exe
otestuj na VIRUSTOTAL
(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor
trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)
Pokud ti to napíše že soubor již byl testován nech otestovat znovu.
Re: svchost vytěžuje CPU na 100%
Mám sto chutí ti NODa smáznout, protože mi přijde trošku zvláštní mít ho legálně, zaheslovaného a ještě starou verzi.
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
Folder::
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware
Driver::
MpKsl032787f3
MpKsl204821fd
MpKsl24681ba6
MpKsl2733323f
MpKsl313f50d0
MpKsl3420b497
MpKsl45888a70
MpKsl64d9961c
MpKsl7330c26e
MpKsl7c1f8b7d
MpKsl7f57db7d
MpKsl9a004da9
MpKslada24f2d
MpKslbb66c658
MpKslc05ffed4
MpKsleb45a602
MpKsled57a203
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: svchost vytěžuje CPU na 100%
ComboFix 11-07-07.06 - mila 09.07.2011 0:06.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1342 [GMT 2:00]
Spuštěný z: c:\documents and settings\mila.ZABOJ-NB\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mila.ZABOJ-NB\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL032787F3
-------\Legacy_MPKSL204821FD
-------\Legacy_MPKSL24681BA6
-------\Legacy_MPKSL2733323F
-------\Legacy_MPKSL313F50D0
-------\Legacy_MPKSL3420B497
-------\Legacy_MPKSL45888A70
-------\Legacy_MPKSL64D9961C
-------\Legacy_MPKSL7330C26E
-------\Legacy_MPKSL7C1F8B7D
-------\Legacy_MPKSL7F57DB7D
-------\Legacy_MPKSL9A004DA9
-------\Legacy_MPKSLADA24F2D
-------\Legacy_MPKSLBB66C658
-------\Legacy_MPKSLC05FFED4
-------\Legacy_MPKSLED57A203
-------\Service_MpKsl032787f3
-------\Service_MpKsl204821fd
-------\Service_MpKsl24681ba6
-------\Service_MpKsl2733323f
-------\Service_MpKsl313f50d0
-------\Service_MpKsl3420b497
-------\Service_MpKsl45888a70
-------\Service_MpKsl64d9961c
-------\Service_MpKsl7330c26e
-------\Service_MpKsl7c1f8b7d
-------\Service_MpKsl7f57db7d
-------\Service_MpKsl9a004da9
-------\Service_MpKslada24f2d
-------\Service_MpKslbb66c658
-------\Service_MpKslc05ffed4
-------\Service_MpKsleb45a602
-------\Service_MpKsled57a203
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-08 do 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-08 13:11 . 2011-07-08 13:12 -------- d-----w- c:\documents and settings\mila.ZABOJ-NB\Data aplikací\Passware
2011-07-08 08:12 . 2011-07-08 08:19 -------- d-----w- c:\program files\NOD32view
2011-07-08 07:45 . 2011-07-08 13:50 -------- d-----w- c:\program files\Passware
2011-07-08 06:57 . 2011-07-08 12:14 -------- d-----w- c:\program files\trend micro
2011-07-08 06:57 . 2011-07-08 06:57 -------- d-----w- C:\rsit
2011-07-06 11:52 . 2011-07-06 11:52 -------- d-----w- c:\program files\Brain Workshop
2011-07-05 11:12 . 2011-07-05 11:12 -------- d-----w- c:\program files\Runtime Software
2011-07-04 19:58 . 2011-07-04 19:58 -------- d-----w- C:\archive_db
2011-07-04 19:57 . 2011-07-04 19:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\launcher
2011-07-04 19:53 . 2011-01-21 12:52 57112 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-07-04 19:52 . 2011-07-04 19:52 -------- d-----w- c:\program files\Paragon Software
2011-06-28 18:11 . 2011-06-28 18:17 -------- d-----w- c:\program files\gs
2011-06-21 14:15 . 2011-06-21 14:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 14:15 . 2011-06-21 14:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-15 20:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 12:46 . 2011-05-15 10:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52 . 2010-05-02 11:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2008-09-05 06:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2004-08-18 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 08:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 13:10 . 2011-05-03 14:57 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-04-26 13:10 . 2011-04-26 13:10 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-04-26 13:10 . 2011-05-03 14:57 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-04-25 16:06 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 08:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 08:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-21 14:15 . 2011-03-22 19:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-08_09.15.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-08 22:25 . 2011-07-08 22:25 16384 c:\windows\Temp\Perflib_Perfdata_c4c.dat
+ 2011-07-08 22:24 . 2011-07-08 22:24 16384 c:\windows\Temp\Perflib_Perfdata_a78.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]
"Display Stix - System tray"="c:\program files\Fractalis Software\Display Stix 2.5\dstix.exe" [2004-04-24 245760]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-06 488728]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"QIP Internet Guardian"="c:\documents and settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe" [2011-03-22 191360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpnclient.exe" [2006-05-02 2502656]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-09-30 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2011-01-03 156672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Cas 2"="c:\cas\Čas 2.1\Cas 2.1.exe" [2005-09-18 760320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
CACHE.lnk - c:\intersystems\Cache\bin\csystray.exe [2009-6-12 843776]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-4-24 184320]
Monitor Apache Servers.lnk - c:\dev\prog\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^mila.ZABOJ-NB^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4.7.2011 21:53 57112]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 8:37 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.11.2007 15:06 35168]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 10:00 14336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [27.9.2010 22:08 20072]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [28.1.2011 21:04 21992]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
R3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [1.8.2008 11:24 12953]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [29.3.2006 22:06 59392]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2010 11:17 25088]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
S3 Cache_c-_intersystems_cache;Caché Controller for CACHE;c:\intersystems\Cache\Bin\cservice.exe [12.6.2009 10:13 73728]
S3 CACHEhttpd;Web Server for CACHE;c:\intersystems\Cache\httpd\bin\httpd.exe [12.6.2009 10:14 20541]
S3 elSerial;elSerial Filter driver;c:\windows\system32\DRIVERS\elserial.sys --> c:\windows\system32\DRIVERS\elserial.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [1.4.2011 22:35 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1.4.2011 22:35 100736]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 19:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 19:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 19:34 93872]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [26.4.2011 15:10 111280]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys --> c:\windows\system32\drivers\vmbinfce.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 10:00 14336]
S3 ZSMC0305;Look 316;c:\windows\system32\drivers\usbVM305.sys [8.3.2009 21:25 1466624]
S4 gupdate1c9f052b2e992ea;Služba Google Update (gupdate1c9f052b2e992ea);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2009 22:23 133104]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2009 22:23 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
.
2011-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-02 20:22]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 20:23]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 20:23]
.
2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{70C43FE2-E870-4E21-83B8-2A3F34065887}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\FlashGetBHO\GetAllUrl.htm
Trusted Zone: wspk.cz\www
DPF: {43BD5CFC-1382-4282-8239-AEC0E7ECAA48} - hxxp://www.wspk.cz/internetbanking/internetban ... roject.cab
DPF: {E8ABBEBD-0B80-4091-B3B0-2C5AAD97A11A} - hxxp://tapety.mojelogo.cz/ScreenShooter.ocx
FF - ProfilePath - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\Mozilla\Firefox\Profiles\orxgvx9o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://tv.sms.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: general.useragent.extra.zencast -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-09 00:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????c??????n??|?????? ??4B??????????????hB? ????c?
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\mila.ZABOJ-NB\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\mila.ZABOJ-NB\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="93ED3FBA78EB14AE0826365DCDBF08D89BE5EA1025BD6F1244EA5BC758C099E9F110743BC22615BA056DBBE8C35325CF53C50BE0C90EC2E04642D96BF29D3458F57D19F5BC3FA86E695F9CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794BA7FD869164D67949EA37CFB51BD2F71F890B5E975509AE59EA6A3B07918C223B5164B0D4C4D5417A3A6782D9C48B5CF7964B9D2E93162E739DE1F05724E9C7D647B505769D0624259CD71B4FE42C10E088A57C7BAFB7191F0058A6B23A5B98B773C202D3456BB94FC7CD8602DB0EFF957881A3FA1220D2B0EDE2E21E8A233ABEC82DE365213E1A7E0DB526130974C882F29C416AD9AF2206C788BCB78CD8D64D539E9023CBECA3AEC5A3650E4805C4EE9794C8B3EE0D2807B9F527556B049DDD611CF013A1762AD19A81126FB799707784DD9410BF35180C069EA87605C5566AA7DD588EFDB8408753BA442FA9467925CB94C419DD4047754AC6E54426497EC9DB77152CFD2057323CC64E5B8E6AA722E983474538BFA626203AB1100DF698811BACEFB20C4293D595879B7638A35CE9809D62C5E2232E02B4CA654EF6A176F7AC74D067E7C2A5861A0BFC2FB1C4EF05BEBAE1A44A7A035022D949A3EA3618162638156D94C36599AAA4776D6BEAF49C868E8575E2F2CC8D00ADFC5E7B0FEBCE7D3B1377608F07B763FD5221D968A6AC969665EDA4E32281311A619C03797483A27DAD46B09EE1B7B6A637E4ACE7F0AD71BBC0FBB208281592EBD3DEF64C76C202CA940A52BB9BBC3809CA5B194A70583EFB62CD643E02AC79729BE6F662195F17705F0E34F51027D92611575988CD86F1FD15DD459859995C2A58D8DF1A9D41E6183BD3A5BA6B8EB7DC7B08F11AE2952233D2EB50C9B6A91EA9F7EEE3ED85FA3066E6690B51F4D645B963DCC397F3C7939E00EC803C4DE9990BAC908879D0E1B46480B224C155251104B664DCBE6FC4263555035ED15592374CC0CA58DD65DAAC4C3300011577B31BE96B9070D3FFAA0E7E72CF47F12E136A061456513DAEE91E946C18C7527A595D05C2AC141D8E81CD11BBD55EE3AA46EDCB65AB960F1869FE36E0B8075BBCCA6F3358E9AB1751E4EEEA383F6757C71FDBB3F946B40D90FBB9F0A3EE68BBD149C1A6EA0822D4D14E950EAE051523E3CA60E209D92834313DD541DF09FB8CB4146F6867E3D85896AAECC8F9E2EC9D49C426B360920FC534494785F9B5F82F6BC0784B52B658E4BE4F5FEE1E5AA208ECE3DAF0FC8D50523F800483B9C2DF04795D37FE08C662425E8AAC467C8B8A1ABB316F96CB6C977BF29D44451356411357D3769266D81221C034CBF5B399D9CDE4DE3ACC50FE8B22970DEB0F40A36F2AE4BD08756FB4B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1444)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
- - - - - - - > 'explorer.exe'(4208)
c:\program files\RocketDock\RocketDock.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\BIN\ItMsg.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\program files\ESTsoft\ALSong\asBand.dll
c:\program files\Stardock\Object Desktop\IconPackager\shellext.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\msdtc.exe
c:\dev\prog\Apache2\bin\Apache.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\dev\prog\Apache2\bin\Apache.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\dev\prog\mysql50\bin\mysqld-nt.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\rundll32.exe
c:\cas\c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-07-09 00:32:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-08 22:32
ComboFix2.txt 2011-07-08 14:19
ComboFix3.txt 2011-07-08 09:28
.
Před spuštěním: 8 588 275 712
Po spuštění: 8 566 165 504
.
- - End Of File - - FCAA0B36361288B200CBA12167B48C86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1342 [GMT 2:00]
Spuštěný z: c:\documents and settings\mila.ZABOJ-NB\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mila.ZABOJ-NB\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL032787F3
-------\Legacy_MPKSL204821FD
-------\Legacy_MPKSL24681BA6
-------\Legacy_MPKSL2733323F
-------\Legacy_MPKSL313F50D0
-------\Legacy_MPKSL3420B497
-------\Legacy_MPKSL45888A70
-------\Legacy_MPKSL64D9961C
-------\Legacy_MPKSL7330C26E
-------\Legacy_MPKSL7C1F8B7D
-------\Legacy_MPKSL7F57DB7D
-------\Legacy_MPKSL9A004DA9
-------\Legacy_MPKSLADA24F2D
-------\Legacy_MPKSLBB66C658
-------\Legacy_MPKSLC05FFED4
-------\Legacy_MPKSLED57A203
-------\Service_MpKsl032787f3
-------\Service_MpKsl204821fd
-------\Service_MpKsl24681ba6
-------\Service_MpKsl2733323f
-------\Service_MpKsl313f50d0
-------\Service_MpKsl3420b497
-------\Service_MpKsl45888a70
-------\Service_MpKsl64d9961c
-------\Service_MpKsl7330c26e
-------\Service_MpKsl7c1f8b7d
-------\Service_MpKsl7f57db7d
-------\Service_MpKsl9a004da9
-------\Service_MpKslada24f2d
-------\Service_MpKslbb66c658
-------\Service_MpKslc05ffed4
-------\Service_MpKsleb45a602
-------\Service_MpKsled57a203
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-08 do 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-08 13:11 . 2011-07-08 13:12 -------- d-----w- c:\documents and settings\mila.ZABOJ-NB\Data aplikací\Passware
2011-07-08 08:12 . 2011-07-08 08:19 -------- d-----w- c:\program files\NOD32view
2011-07-08 07:45 . 2011-07-08 13:50 -------- d-----w- c:\program files\Passware
2011-07-08 06:57 . 2011-07-08 12:14 -------- d-----w- c:\program files\trend micro
2011-07-08 06:57 . 2011-07-08 06:57 -------- d-----w- C:\rsit
2011-07-06 11:52 . 2011-07-06 11:52 -------- d-----w- c:\program files\Brain Workshop
2011-07-05 11:12 . 2011-07-05 11:12 -------- d-----w- c:\program files\Runtime Software
2011-07-04 19:58 . 2011-07-04 19:58 -------- d-----w- C:\archive_db
2011-07-04 19:57 . 2011-07-04 19:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\launcher
2011-07-04 19:53 . 2011-01-21 12:52 57112 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-07-04 19:52 . 2011-07-04 19:52 -------- d-----w- c:\program files\Paragon Software
2011-06-28 18:11 . 2011-06-28 18:17 -------- d-----w- c:\program files\gs
2011-06-21 14:15 . 2011-06-21 14:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 14:15 . 2011-06-21 14:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-15 20:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 12:46 . 2011-05-15 10:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52 . 2010-05-02 11:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2008-09-05 06:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2004-08-18 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 08:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 13:10 . 2011-05-03 14:57 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-04-26 13:10 . 2011-04-26 13:10 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-04-26 13:10 . 2011-05-03 14:57 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-04-25 16:06 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 08:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 08:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-21 14:15 . 2011-03-22 19:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-08_09.15.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-08 22:25 . 2011-07-08 22:25 16384 c:\windows\Temp\Perflib_Perfdata_c4c.dat
+ 2011-07-08 22:24 . 2011-07-08 22:24 16384 c:\windows\Temp\Perflib_Perfdata_a78.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]
"Display Stix - System tray"="c:\program files\Fractalis Software\Display Stix 2.5\dstix.exe" [2004-04-24 245760]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-06 488728]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"QIP Internet Guardian"="c:\documents and settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe" [2011-03-22 191360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpnclient.exe" [2006-05-02 2502656]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-09-30 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2011-01-03 156672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Cas 2"="c:\cas\Čas 2.1\Cas 2.1.exe" [2005-09-18 760320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
CACHE.lnk - c:\intersystems\Cache\bin\csystray.exe [2009-6-12 843776]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-4-24 184320]
Monitor Apache Servers.lnk - c:\dev\prog\Apache2\bin\ApacheMonitor.exe [2008-1-17 41042]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^mila.ZABOJ-NB^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TO2SSM_McciTrayApp"=c:\program files\TO2SSM\McciTrayApp.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4.7.2011 21:53 57112]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.5.2008 8:37 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.11.2007 15:06 35168]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 10:00 14336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [27.9.2010 22:08 20072]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [28.1.2011 21:04 21992]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
R3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [1.8.2008 11:24 12953]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [29.3.2006 22:06 59392]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2010 11:17 25088]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
S3 Cache_c-_intersystems_cache;Caché Controller for CACHE;c:\intersystems\Cache\Bin\cservice.exe [12.6.2009 10:13 73728]
S3 CACHEhttpd;Web Server for CACHE;c:\intersystems\Cache\httpd\bin\httpd.exe [12.6.2009 10:14 20541]
S3 elSerial;elSerial Filter driver;c:\windows\system32\DRIVERS\elserial.sys --> c:\windows\system32\DRIVERS\elserial.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [1.4.2011 22:35 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1.4.2011 22:35 100736]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 19:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 19:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 19:34 93872]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [26.4.2011 15:10 111280]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys --> c:\windows\system32\drivers\vmbinfce.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 10:00 14336]
S3 ZSMC0305;Look 316;c:\windows\system32\drivers\usbVM305.sys [8.3.2009 21:25 1466624]
S4 gupdate1c9f052b2e992ea;Služba Google Update (gupdate1c9f052b2e992ea);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2009 22:23 133104]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2009 22:23 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
.
2011-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-02 20:22]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 20:23]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 20:23]
.
2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{70C43FE2-E870-4E21-83B8-2A3F34065887}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\FlashGetBHO\GetAllUrl.htm
Trusted Zone: wspk.cz\www
DPF: {43BD5CFC-1382-4282-8239-AEC0E7ECAA48} - hxxp://www.wspk.cz/internetbanking/internetban ... roject.cab
DPF: {E8ABBEBD-0B80-4091-B3B0-2C5AAD97A11A} - hxxp://tapety.mojelogo.cz/ScreenShooter.ocx
FF - ProfilePath - c:\documents and settings\mila.ZABOJ-NB\Data aplikací\Mozilla\Firefox\Profiles\orxgvx9o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://tv.sms.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: general.useragent.extra.zencast -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-09 00:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????c??????n??|?????? ??4B??????????????hB? ????c?
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\mila.ZABOJ-NB\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\mila.ZABOJ-NB\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-3856381951-346229265-3238917960-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="93ED3FBA78EB14AE0826365DCDBF08D89BE5EA1025BD6F1244EA5BC758C099E9F110743BC22615BA056DBBE8C35325CF53C50BE0C90EC2E04642D96BF29D3458F57D19F5BC3FA86E695F9CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794BA7FD869164D67949EA37CFB51BD2F71F890B5E975509AE59EA6A3B07918C223B5164B0D4C4D5417A3A6782D9C48B5CF7964B9D2E93162E739DE1F05724E9C7D647B505769D0624259CD71B4FE42C10E088A57C7BAFB7191F0058A6B23A5B98B773C202D3456BB94FC7CD8602DB0EFF957881A3FA1220D2B0EDE2E21E8A233ABEC82DE365213E1A7E0DB526130974C882F29C416AD9AF2206C788BCB78CD8D64D539E9023CBECA3AEC5A3650E4805C4EE9794C8B3EE0D2807B9F527556B049DDD611CF013A1762AD19A81126FB799707784DD9410BF35180C069EA87605C5566AA7DD588EFDB8408753BA442FA9467925CB94C419DD4047754AC6E54426497EC9DB77152CFD2057323CC64E5B8E6AA722E983474538BFA626203AB1100DF698811BACEFB20C4293D595879B7638A35CE9809D62C5E2232E02B4CA654EF6A176F7AC74D067E7C2A5861A0BFC2FB1C4EF05BEBAE1A44A7A035022D949A3EA3618162638156D94C36599AAA4776D6BEAF49C868E8575E2F2CC8D00ADFC5E7B0FEBCE7D3B1377608F07B763FD5221D968A6AC969665EDA4E32281311A619C03797483A27DAD46B09EE1B7B6A637E4ACE7F0AD71BBC0FBB208281592EBD3DEF64C76C202CA940A52BB9BBC3809CA5B194A70583EFB62CD643E02AC79729BE6F662195F17705F0E34F51027D92611575988CD86F1FD15DD459859995C2A58D8DF1A9D41E6183BD3A5BA6B8EB7DC7B08F11AE2952233D2EB50C9B6A91EA9F7EEE3ED85FA3066E6690B51F4D645B963DCC397F3C7939E00EC803C4DE9990BAC908879D0E1B46480B224C155251104B664DCBE6FC4263555035ED15592374CC0CA58DD65DAAC4C3300011577B31BE96B9070D3FFAA0E7E72CF47F12E136A061456513DAEE91E946C18C7527A595D05C2AC141D8E81CD11BBD55EE3AA46EDCB65AB960F1869FE36E0B8075BBCCA6F3358E9AB1751E4EEEA383F6757C71FDBB3F946B40D90FBB9F0A3EE68BBD149C1A6EA0822D4D14E950EAE051523E3CA60E209D92834313DD541DF09FB8CB4146F6867E3D85896AAECC8F9E2EC9D49C426B360920FC534494785F9B5F82F6BC0784B52B658E4BE4F5FEE1E5AA208ECE3DAF0FC8D50523F800483B9C2DF04795D37FE08C662425E8AAC467C8B8A1ABB316F96CB6C977BF29D44451356411357D3769266D81221C034CBF5B399D9CDE4DE3ACC50FE8B22970DEB0F40A36F2AE4BD08756FB4B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1444)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
- - - - - - - > 'explorer.exe'(4208)
c:\program files\RocketDock\RocketDock.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\BIN\ItMsg.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\program files\ESTsoft\ALSong\asBand.dll
c:\program files\Stardock\Object Desktop\IconPackager\shellext.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\msdtc.exe
c:\dev\prog\Apache2\bin\Apache.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\dev\prog\Apache2\bin\Apache.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\dev\prog\mysql50\bin\mysqld-nt.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\rundll32.exe
c:\cas\c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-07-09 00:32:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-08 22:32
ComboFix2.txt 2011-07-08 14:19
ComboFix3.txt 2011-07-08 09:28
.
Před spuštěním: 8 588 275 712
Po spuštění: 8 566 165 504
.
- - End Of File - - FCAA0B36361288B200CBA12167B48C86
Re: svchost vytěžuje CPU na 100%
asi ho vyhodim, stejně licence končí za měsíc ale jen doufám že při odinstalaci nebude chtít heslo, to bych musel asi odinstalovat v nouzovym režimu že?
Re: svchost vytěžuje CPU na 100%
Tak dost, jaká licence když je cracknutý.
Odinstaluj ho přes CCleaner a nahraď Avastem který je free.
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Pak mi sem dej aktuální log.txt z Rsit.
Odinstaluj ho přes CCleaner a nahraď Avastem který je free.
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Pak mi sem dej aktuální log.txt z Rsit.
Re: svchost vytěžuje CPU na 100%
Logfile of random's system information tool 1.08 (written by random/random)
Run by mila at 2011-07-09 21:24:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (22%) free of 51 GB
Total RAM: 2039 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:24:45, on 9.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\cas\Čas 2.1\Cas 2.1.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\InterSystems\Cache\bin\csystray.exe
C:\dev\prog\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\dev\prog\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\dev\prog\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\dev\prog\mysql50\bin\mysqld-nt.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\O2\O2CZ\EMMSN.exe
C:\Program Files\O2\Nori\Nori.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mila.ZABOJ-NB\Plocha\RSIT.exe
C:\Program Files\trend micro\mila.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Kerio VPN Client] "C:\Program Files\Kerio\VPN Client\kvpnclient.exe" /tryauto
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Cas 2] C:\cas\Čas 2.1\Cas 2.1.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Display Stix - System tray] C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: CACHE.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\dev\prog\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with &Shareaza - res://c:\program files\shareaza\razawebhook32.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.wspk.cz
O16 - DPF: {43BD5CFC-1382-4282-8239-AEC0E7ECAA48} (CTBClient Control) - http://www.wspk.cz/internetbanking/inte ... roject.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8ABBEBD-0B80-4091-B3B0-2C5AAD97A11A} (ScreenShooter Control) - http://tapety.mojelogo.cz/ScreenShooter.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{120DABDE-84F1-489F-B06B-FD0D3749B015}: NameServer = 160.218.167.5 160.218.161.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{120DABDE-84F1-489F-B06B-FD0D3749B015}: NameServer = 160.218.167.5 160.218.161.60
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = icomtransport.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\dev\prog\Apache2\bin\Apache.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Web Server for CACHE (CACHEhttpd) - Apache Software Foundation - C:\InterSystems\Cache\httpd\bin\httpd.exe
O23 - Service: Caché Controller for CACHE (Cache_c-_intersystems_cache) - InterSystems Corporation - c:\intersystems\cache\bin\cservice.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MySQL - Unknown owner - C:\dev\prog\mysql50\bin\mysqld-nt (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 13110 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{70C43FE2-E870-4E21-83B8-2A3F34065887}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-06 842296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2010-10-06 1164568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-23 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"Kerio VPN Client"=C:\Program Files\Kerio\VPN Client\kvpnclient.exe [2006-05-02 2502656]
"StatusClient 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2003-10-01 61440]
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2003-06-10 155648]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2003-12-01 892928]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]
"NetSoftware"=C:\Program Files\NetSoftware\Starter.exe [2011-01-03 156672]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Cas 2"=C:\cas\Čas 2.1\Cas 2.1.exe [2005-09-18 760320]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2006-11-26 984064]
"Display Stix - System tray"=C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe [2004-04-24 245760]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-10-06 488728]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"QIP Internet Guardian"=C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe [2011-03-22 191360]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-14 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mila.ZABOJ-NB^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
[]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
CACHE.lnk - C:\InterSystems\Cache\bin\csystray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
Monitor Apache Servers.lnk - C:\dev\prog\Apache2\bin\ApacheMonitor.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoResolveSearch"=1
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\mstsc.exe"="C:\WINDOWS\system32\mstsc.exe:*:Enabled:Remote Desktop Connection"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\hppapd.exe"="E:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"E:\setup\HPNTWKEXE.EXE"="E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
======File associations======
.txt - open -
======List of files/folders created in the last 1 months======
2011-07-09 21:10:15 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2011-07-09 00:32:52 ----A---- C:\ComboFix.txt
2011-07-09 00:27:09 ----SHD---- C:\RECYCLER
2011-07-08 15:11:38 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\Passware
2011-07-08 10:52:51 ----A---- C:\Boot.bak
2011-07-08 10:52:45 ----RASHD---- C:\cmdcons
2011-07-08 10:47:17 ----D---- C:\WINDOWS\ERDNT
2011-07-08 10:12:29 ----D---- C:\Program Files\NOD32view
2011-07-08 09:45:06 ----D---- C:\Program Files\Passware
2011-07-08 08:57:22 ----D---- C:\rsit
2011-07-08 08:57:22 ----D---- C:\Program Files\trend micro
2011-07-06 13:52:23 ----D---- C:\Program Files\Brain Workshop
2011-07-05 13:12:17 ----D---- C:\Program Files\Runtime Software
2011-07-04 21:58:01 ----D---- C:\archive_db
2011-07-04 21:57:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\launcher
2011-07-04 21:53:40 ----A---- C:\WINDOWS\system32\drivers\hotcore3.sys
2011-07-04 21:52:32 ----D---- C:\Program Files\Paragon Software
2011-06-30 07:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-28 20:11:40 ----D---- C:\Program Files\gs
2011-06-15 23:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-15 23:38:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-15 23:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-15 23:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-15 23:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-06-11 09:32:32 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-11 09:32:32 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-11 09:32:32 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 months======
2011-07-09 21:23:48 ----D---- C:\Program Files\NetSoftware
2011-07-09 21:22:06 ----D---- C:\WINDOWS
2011-07-09 21:21:43 ----D---- C:\WINDOWS\system32\drivers
2011-07-09 21:18:16 ----D---- C:\WINDOWS\Temp
2011-07-09 21:18:08 ----D---- C:\WINDOWS\system32
2011-07-09 21:17:56 ----SD---- C:\WINDOWS\Tasks
2011-07-09 21:17:38 ----D---- C:\WINDOWS\SMINST
2011-07-09 21:16:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-09 21:15:27 ----D---- C:\Config.Msi
2011-07-09 21:13:14 ----SHD---- C:\WINDOWS\Installer
2011-07-09 00:30:49 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-09 00:26:23 ----A---- C:\WINDOWS\system.ini
2011-07-09 00:25:30 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-09 00:23:02 ----D---- C:\WINDOWS\system32\config
2011-07-09 00:17:26 ----D---- C:\WINDOWS\AppPatch
2011-07-09 00:17:24 ----D---- C:\Program Files\Common Files
2011-07-08 18:28:35 ----D---- C:\Program Files\QIP Infium
2011-07-08 18:22:28 ----D---- C:\WINDOWS\Prefetch
2011-07-08 18:22:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\NetSoftware
2011-07-08 18:04:19 ----D---- C:\sdilene
2011-07-08 14:14:30 ----D---- C:\Program Files\Shareaza
2011-07-08 10:52:51 ----RASH---- C:\boot.ini
2011-07-08 10:23:24 ----D---- C:\Program Files
2011-07-05 16:56:25 ----D---- C:\zastupci
2011-07-05 16:52:26 ----SHD---- C:\System Volume Information
2011-07-05 13:14:58 ----D---- C:\WINDOWS\repair
2011-07-05 13:11:27 ----A---- C:\WINDOWS\wincmd.ini
2011-07-05 12:02:44 ----D---- C:\Program Files\Mozilla Firefox
2011-07-05 11:23:45 ----HD---- C:\WINDOWS\inf
2011-07-05 11:23:33 ----D---- C:\WINDOWS\Registration
2011-07-04 21:53:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-04 09:23:16 ----D---- C:\Program Files\Microsoft Office
2011-07-02 12:27:45 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-07-01 17:10:47 ----D---- C:\ostatni
2011-06-30 07:20:15 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-06-29 10:07:27 ----D---- C:\Program Files\Opera
2011-06-29 08:33:01 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-28 20:13:36 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\XnView
2011-06-24 15:41:06 ----D---- C:\Program Files\Bradbury
2011-06-24 15:16:50 ----RD---- C:\Program Files\Skype
2011-06-24 15:12:18 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\IObit
2011-06-24 11:33:06 ----D---- C:\Anička
2011-06-22 17:35:13 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-06-20 14:51:22 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\HpUpdate
2011-06-19 12:33:40 ----D---- C:\Program Files\RocketDock
2011-06-18 13:56:16 ----D---- C:\Program Files\IObit
2011-06-18 13:56:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-06-18 13:52:39 ----D---- C:\WINDOWS\Debug
2011-06-17 19:01:32 ----D---- C:\Program Files\Common Files\Adobe
2011-06-17 19:01:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-06-17 19:01:09 ----D---- C:\Program Files\Adobe
2011-06-16 09:36:29 ----RSD---- C:\WINDOWS\assembly
2011-06-16 09:32:53 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-16 09:08:51 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-16 09:08:48 ----D---- C:\WINDOWS\SxsCaPendDel
2011-06-15 23:48:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-15 23:47:55 ----D---- C:\WINDOWS\WinSxS
2011-06-15 23:40:42 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-15 23:38:31 ----A---- C:\WINDOWS\win.ini
2011-06-15 23:35:30 ----D---- C:\Program Files\Internet Explorer
2011-06-15 22:27:32 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-11 09:32:49 ----D---- C:\Program Files\Common Files\Java
2011-06-11 09:32:30 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-08-30 88752]
R0 hotcore3;hc3ServiceName; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2011-01-21 57112]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\DRIVERS\iaStor.sys [2005-10-12 874240]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-20 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-05 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2011-01-21 381032]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2011-01-21 40824]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys []
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-18 401664]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-18 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-18 1342570]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-18 148168]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-19 57096]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2003-11-09 12953]
R3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2006-03-29 59392]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S0 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys []
S0 fgdxbus;fgdxbus; C:\WINDOWS\system32\DRIVERS\fgdxbus.sys []
S0 FGXSCSI;FGXSCSI; C:\WINDOWS\system32\DRIVERS\fgxscsi.sys []
S0 FVXSCSI;FVXSCSI; C:\WINDOWS\system32\DRIVERS\fvxscsi.sys []
S3 atssop1v;atssop1v; C:\WINDOWS\system32\drivers\atssop1v.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 elSerial;elSerial Filter driver; C:\WINDOWS\system32\DRIVERS\elserial.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-05-18 25280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-11-07 25502]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
S3 MA-620;Mobile Action MA-620 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\MA-620.sys [2003-03-25 27136]
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ubi_bus.sys [2005-09-05 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter; C:\WINDOWS\system32\DRIVERS\ubi_mdfl.sys [2005-09-05 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers; C:\WINDOWS\system32\DRIVERS\ubi_mdm.sys [2005-09-05 93872]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-04-26 111280]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 VmbInfce;VmbInfce; C:\WINDOWS\system32\drivers\vmbinfce.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC0305;Look 316; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-08-02 1466624]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2;Apache2; C:\dev\prog\Apache2\bin\Apache.exe [2008-01-17 20541]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-18 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-03-15 135168]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
R2 MySQL;MySQL; C:\dev\prog\mysql50\bin\mysqld-nt --defaults-file=C:\dev\prog\mysql50\my.ini MySQL []
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 FileZilla Server;FileZilla Server FTP server; c:\xampp\filezillaftp\filezillaserver.exe []
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-18 183280]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE --ntservice []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Cache_c-_intersystems_cache;Caché Controller for CACHE; c:\intersystems\cache\bin\cservice.exe [2008-10-17 73728]
S3 CACHEhttpd;Web Server for CACHE; C:\InterSystems\Cache\httpd\bin\httpd.exe [2008-10-17 20541]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-24 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Podpora programu Windows Media Connect (WMC); C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 gupdate1c9f052b2e992ea;Služba Google Update (gupdate1c9f052b2e992ea); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18 133104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by mila at 2011-07-09 21:24:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (22%) free of 51 GB
Total RAM: 2039 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:24:45, on 9.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\cas\Čas 2.1\Cas 2.1.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\InterSystems\Cache\bin\csystray.exe
C:\dev\prog\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\dev\prog\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\dev\prog\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\dev\prog\mysql50\bin\mysqld-nt.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\O2\O2CZ\EMMSN.exe
C:\Program Files\O2\Nori\Nori.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mila.ZABOJ-NB\Plocha\RSIT.exe
C:\Program Files\trend micro\mila.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Kerio VPN Client] "C:\Program Files\Kerio\VPN Client\kvpnclient.exe" /tryauto
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Cas 2] C:\cas\Čas 2.1\Cas 2.1.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Display Stix - System tray] C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: CACHE.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\dev\prog\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with &Shareaza - res://c:\program files\shareaza\razawebhook32.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.wspk.cz
O16 - DPF: {43BD5CFC-1382-4282-8239-AEC0E7ECAA48} (CTBClient Control) - http://www.wspk.cz/internetbanking/inte ... roject.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8ABBEBD-0B80-4091-B3B0-2C5AAD97A11A} (ScreenShooter Control) - http://tapety.mojelogo.cz/ScreenShooter.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{120DABDE-84F1-489F-B06B-FD0D3749B015}: NameServer = 160.218.167.5 160.218.161.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{120DABDE-84F1-489F-B06B-FD0D3749B015}: NameServer = 160.218.167.5 160.218.161.60
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = icomtransport.cz
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\dev\prog\Apache2\bin\Apache.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Web Server for CACHE (CACHEhttpd) - Apache Software Foundation - C:\InterSystems\Cache\httpd\bin\httpd.exe
O23 - Service: Caché Controller for CACHE (Cache_c-_intersystems_cache) - InterSystems Corporation - c:\intersystems\cache\bin\cservice.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MySQL - Unknown owner - C:\dev\prog\mysql50\bin\mysqld-nt (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 13110 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{70C43FE2-E870-4E21-83B8-2A3F34065887}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-06 842296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2010-10-06 1164568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-23 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"Kerio VPN Client"=C:\Program Files\Kerio\VPN Client\kvpnclient.exe [2006-05-02 2502656]
"StatusClient 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2003-10-01 61440]
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2003-06-10 155648]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2003-12-01 892928]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]
"NetSoftware"=C:\Program Files\NetSoftware\Starter.exe [2011-01-03 156672]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Cas 2"=C:\cas\Čas 2.1\Cas 2.1.exe [2005-09-18 760320]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2006-11-26 984064]
"Display Stix - System tray"=C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe [2004-04-24 245760]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-10-06 488728]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"QIP Internet Guardian"=C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe [2011-03-22 191360]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-14 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mila.ZABOJ-NB^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
[]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
CACHE.lnk - C:\InterSystems\Cache\bin\csystray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
Monitor Apache Servers.lnk - C:\dev\prog\Apache2\bin\ApacheMonitor.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoResolveSearch"=1
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\mstsc.exe"="C:\WINDOWS\system32\mstsc.exe:*:Enabled:Remote Desktop Connection"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\hppapd.exe"="E:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"E:\setup\HPNTWKEXE.EXE"="E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
======File associations======
.txt - open -
======List of files/folders created in the last 1 months======
2011-07-09 21:10:15 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2011-07-09 00:32:52 ----A---- C:\ComboFix.txt
2011-07-09 00:27:09 ----SHD---- C:\RECYCLER
2011-07-08 15:11:38 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\Passware
2011-07-08 10:52:51 ----A---- C:\Boot.bak
2011-07-08 10:52:45 ----RASHD---- C:\cmdcons
2011-07-08 10:47:17 ----D---- C:\WINDOWS\ERDNT
2011-07-08 10:12:29 ----D---- C:\Program Files\NOD32view
2011-07-08 09:45:06 ----D---- C:\Program Files\Passware
2011-07-08 08:57:22 ----D---- C:\rsit
2011-07-08 08:57:22 ----D---- C:\Program Files\trend micro
2011-07-06 13:52:23 ----D---- C:\Program Files\Brain Workshop
2011-07-05 13:12:17 ----D---- C:\Program Files\Runtime Software
2011-07-04 21:58:01 ----D---- C:\archive_db
2011-07-04 21:57:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\launcher
2011-07-04 21:53:40 ----A---- C:\WINDOWS\system32\drivers\hotcore3.sys
2011-07-04 21:52:32 ----D---- C:\Program Files\Paragon Software
2011-06-30 07:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-28 20:11:40 ----D---- C:\Program Files\gs
2011-06-15 23:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-15 23:38:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-15 23:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-15 23:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-15 23:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-06-11 09:32:32 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-11 09:32:32 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-11 09:32:32 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 months======
2011-07-09 21:23:48 ----D---- C:\Program Files\NetSoftware
2011-07-09 21:22:06 ----D---- C:\WINDOWS
2011-07-09 21:21:43 ----D---- C:\WINDOWS\system32\drivers
2011-07-09 21:18:16 ----D---- C:\WINDOWS\Temp
2011-07-09 21:18:08 ----D---- C:\WINDOWS\system32
2011-07-09 21:17:56 ----SD---- C:\WINDOWS\Tasks
2011-07-09 21:17:38 ----D---- C:\WINDOWS\SMINST
2011-07-09 21:16:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-09 21:15:27 ----D---- C:\Config.Msi
2011-07-09 21:13:14 ----SHD---- C:\WINDOWS\Installer
2011-07-09 00:30:49 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-09 00:26:23 ----A---- C:\WINDOWS\system.ini
2011-07-09 00:25:30 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-09 00:23:02 ----D---- C:\WINDOWS\system32\config
2011-07-09 00:17:26 ----D---- C:\WINDOWS\AppPatch
2011-07-09 00:17:24 ----D---- C:\Program Files\Common Files
2011-07-08 18:28:35 ----D---- C:\Program Files\QIP Infium
2011-07-08 18:22:28 ----D---- C:\WINDOWS\Prefetch
2011-07-08 18:22:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\NetSoftware
2011-07-08 18:04:19 ----D---- C:\sdilene
2011-07-08 14:14:30 ----D---- C:\Program Files\Shareaza
2011-07-08 10:52:51 ----RASH---- C:\boot.ini
2011-07-08 10:23:24 ----D---- C:\Program Files
2011-07-05 16:56:25 ----D---- C:\zastupci
2011-07-05 16:52:26 ----SHD---- C:\System Volume Information
2011-07-05 13:14:58 ----D---- C:\WINDOWS\repair
2011-07-05 13:11:27 ----A---- C:\WINDOWS\wincmd.ini
2011-07-05 12:02:44 ----D---- C:\Program Files\Mozilla Firefox
2011-07-05 11:23:45 ----HD---- C:\WINDOWS\inf
2011-07-05 11:23:33 ----D---- C:\WINDOWS\Registration
2011-07-04 21:53:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-04 09:23:16 ----D---- C:\Program Files\Microsoft Office
2011-07-02 12:27:45 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-07-01 17:10:47 ----D---- C:\ostatni
2011-06-30 07:20:15 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-06-29 10:07:27 ----D---- C:\Program Files\Opera
2011-06-29 08:33:01 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-28 20:13:36 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\XnView
2011-06-24 15:41:06 ----D---- C:\Program Files\Bradbury
2011-06-24 15:16:50 ----RD---- C:\Program Files\Skype
2011-06-24 15:12:18 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\IObit
2011-06-24 11:33:06 ----D---- C:\Anička
2011-06-22 17:35:13 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-06-20 14:51:22 ----D---- C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\HpUpdate
2011-06-19 12:33:40 ----D---- C:\Program Files\RocketDock
2011-06-18 13:56:16 ----D---- C:\Program Files\IObit
2011-06-18 13:56:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-06-18 13:52:39 ----D---- C:\WINDOWS\Debug
2011-06-17 19:01:32 ----D---- C:\Program Files\Common Files\Adobe
2011-06-17 19:01:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-06-17 19:01:09 ----D---- C:\Program Files\Adobe
2011-06-16 09:36:29 ----RSD---- C:\WINDOWS\assembly
2011-06-16 09:32:53 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-16 09:08:51 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-16 09:08:48 ----D---- C:\WINDOWS\SxsCaPendDel
2011-06-15 23:48:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-15 23:47:55 ----D---- C:\WINDOWS\WinSxS
2011-06-15 23:40:42 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-15 23:38:31 ----A---- C:\WINDOWS\win.ini
2011-06-15 23:35:30 ----D---- C:\Program Files\Internet Explorer
2011-06-15 22:27:32 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-11 09:32:49 ----D---- C:\Program Files\Common Files\Java
2011-06-11 09:32:30 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-08-30 88752]
R0 hotcore3;hc3ServiceName; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2011-01-21 57112]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\DRIVERS\iaStor.sys [2005-10-12 874240]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-20 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-05 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2011-01-21 381032]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2011-01-21 40824]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys []
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-18 401664]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-18 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-18 1342570]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-18 148168]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-19 57096]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2003-11-09 12953]
R3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2006-03-29 59392]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S0 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys []
S0 fgdxbus;fgdxbus; C:\WINDOWS\system32\DRIVERS\fgdxbus.sys []
S0 FGXSCSI;FGXSCSI; C:\WINDOWS\system32\DRIVERS\fgxscsi.sys []
S0 FVXSCSI;FVXSCSI; C:\WINDOWS\system32\DRIVERS\fvxscsi.sys []
S3 atssop1v;atssop1v; C:\WINDOWS\system32\drivers\atssop1v.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 elSerial;elSerial Filter driver; C:\WINDOWS\system32\DRIVERS\elserial.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-05-18 25280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-11-07 25502]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
S3 MA-620;Mobile Action MA-620 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\MA-620.sys [2003-03-25 27136]
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ubi_bus.sys [2005-09-05 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter; C:\WINDOWS\system32\DRIVERS\ubi_mdfl.sys [2005-09-05 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers; C:\WINDOWS\system32\DRIVERS\ubi_mdm.sys [2005-09-05 93872]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-04-26 111280]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 VmbInfce;VmbInfce; C:\WINDOWS\system32\drivers\vmbinfce.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC0305;Look 316; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-08-02 1466624]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2;Apache2; C:\dev\prog\Apache2\bin\Apache.exe [2008-01-17 20541]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-18 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-03-15 135168]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
R2 MySQL;MySQL; C:\dev\prog\mysql50\bin\mysqld-nt --defaults-file=C:\dev\prog\mysql50\my.ini MySQL []
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 FileZilla Server;FileZilla Server FTP server; c:\xampp\filezillaftp\filezillaserver.exe []
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-18 183280]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE --ntservice []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Cache_c-_intersystems_cache;Caché Controller for CACHE; c:\intersystems\cache\bin\cservice.exe [2008-10-17 73728]
S3 CACHEhttpd;Web Server for CACHE; C:\InterSystems\Cache\httpd\bin\httpd.exe [2008-10-17 20541]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-24 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Podpora programu Windows Media Connect (WMC); C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 gupdate1c9f052b2e992ea;Služba Google Update (gupdate1c9f052b2e992ea); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-18 133104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: svchost vytěžuje CPU na 100%
Tak nevím zatím ten svchost jede pořád na 100%
Nevím jestli to pomůže, ale když ho shodim odbouchnu tim wifi a vykreslování vzhledu (lišta start, ..) na další věci jsem nepřišel
Nevím jestli to pomůže, ale když ho shodim odbouchnu tim wifi a vykreslování vzhledu (lišta start, ..) na další věci jsem nepřišel
Re: svchost vytěžuje CPU na 100%
Tohle fixni v HJT :
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\dev\prog\mysql50\bin\mysqld-nt (file missing)
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
HJT najdeš zde :
C:\Program Files\trend micro\mila.exe
jak na to jsem již psal.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\dev\prog\mysql50\bin\mysqld-nt (file missing)
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
HJT najdeš zde :
C:\Program Files\trend micro\mila.exe
jak na to jsem již psal.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Program Files\NOD32view
C:\Documents and Settings\mila.ZABOJ-NB\Data aplikací\IObit
C:\Program Files\IObit
C:\Documents and Settings\All Users\Data aplikací\IObit
C:\ComboFix\catchme.sys
:services
catchme
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Přispějete na provoz fóra?