Prosím o kontrolu logu. Děkuji
Logfile of random's system information tool 1.09 (written by random/random)
Run by Eliška Horáková at 2011-12-07 17:50:46
Microsoft Windows 7 Home Premium
System drive C: has 376 GB (82%) free of 459 GB
Total RAM: 3996 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:50:53, on 7.12.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Eliška Horáková.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100909145132.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe
O4 - HKLM\..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.siteadvisor.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.siteadvisor.com (HKLM)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - Unknown owner - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Printer Control - Unknown owner - C:\windows\system32\PrintCtrl.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12003 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" service
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\windows\system32\PrintCtrl.exe
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Motorola\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\servicing\TrustedInstaller.exe
WLIDSvcM.exe 368
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Windows\System32\PrintDisp.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Motorola\Bluetooth\audiosrv.exe"
"C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><ID>10508</ID><Title>HP Wireless Assistant</Title><Text>Zařízení WLAN : Zapnuto
Rozhraní Bluetooth(r): Zapnuto</Text><IconPath>C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\images\wireless_on.ico</IconPath><Path>C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</Path><Parameters>SHOWSTATUS</Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
C:\windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4356.7b1fb40.712486696 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 4356 plugin \\.\pipe\gecko-crash-server-pipe.4356
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-35ee0519-b553-4d38-8917-d63f51aa5545 -SystemEventPortName:HostProcess-43a1e58d-6d99-4efb-8986-2c747ebe34ce -IoCancelEventPortName:HostProcess-63708e9b-2499-469c-a3cb-710af4cdd224 -NonStateChangingEventPortName:HostProcess-9488bf9b-737e-4c12-8f96-5fb1894f1210 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:29871ce1-710a-4d4b-89f0-cd357e4a58ef
C:\windows\system32\wbem\wmiprvse.exe
"C:\windows\system32\wuauclt.exe"
wmiadap.exe /R /T
taskmgr.exe /3
"C:\Users\Eliška Horáková\Desktop\ELISKA_VIR\RSIT\RSITx64.exe"
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForluke.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Eliška Horáková\AppData\Roaming\Mozilla\Firefox\Profiles\24wpt35p.default
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100909145132.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100909145132.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-16 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-01-08 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-01-22 2028328]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-03-25 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-03-25 390680]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-03-25 410136]
"BTMTrayAgent"=C:\Program Files\Motorola\Bluetooth\btmshell.dll [2010-06-10 24783624]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-01-29 487424]
"PrintDisp"=C:\windows\system32\PrintDisp.exe [2011-01-03 976896]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []
"combofix"=C:\ComboFix\CF3597.3XE [2009-07-14 344576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-01-22 2363392]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2010-01-12 563736]
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-09-01 499768]
"McAfee Managed Services Tray"=C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe []
"NortonOnlineBackup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-05-03 1110360]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Aktualizovat ESET licenci.lnk - C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-01-25 268800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.inf - install - %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*
======List of files/folders created in the last 2 months======
2011-12-07 17:49:07 ----D---- C:\rsit
2011-12-07 17:49:07 ----D---- C:\Program Files\trend micro
2011-12-07 17:24:46 ----SHD---- C:\$RECYCLE.BIN
2011-12-07 17:02:43 ----D---- C:\windows\temp
2011-12-07 16:40:09 ----A---- C:\windows\zip.exe
2011-12-07 16:40:09 ----A---- C:\windows\SWSC.exe
2011-12-07 16:40:09 ----A---- C:\windows\SWREG.exe
2011-12-07 16:40:09 ----A---- C:\windows\sed.exe
2011-12-07 16:40:09 ----A---- C:\windows\PEV.exe
2011-12-07 16:40:09 ----A---- C:\windows\NIRCMD.exe
2011-12-07 16:40:09 ----A---- C:\windows\MBR.exe
2011-12-07 16:40:09 ----A---- C:\windows\grep.exe
2011-12-07 16:39:58 ----D---- C:\windows\ERDNT
2011-12-07 16:39:57 ----D---- C:\ComboFix
2011-12-07 16:39:52 ----D---- C:\Qoobox
2011-12-06 18:00:18 ----A---- C:\windows\system32\drivers\stflt.sys
2011-11-20 21:38:44 ----HD---- C:\windows\update.tray-3-0-lnk
2011-11-20 21:38:44 ----HD---- C:\windows\update.tray-3-0
2011-11-20 21:36:30 ----D---- C:\Config.Msi
2011-11-20 16:34:25 ----D---- C:\Program Files (x86)\ESET
2011-11-19 13:21:57 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-11-16 15:59:24 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2011-11-16 15:57:48 ----D---- C:\Users\Eliška Horáková\AppData\Roaming\OpenCandy
2011-11-16 15:57:29 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-11-01 12:45:41 ----D---- C:\windows\Sun
2011-10-31 20:57:36 ----D---- C:\windows\system32\Macromed
2011-10-31 20:39:23 ----SHD---- C:\windows\system32\%APPDATA%
2011-10-31 20:38:08 ----D---- C:\windows\ufa
2011-10-31 20:34:13 ----A---- C:\windows\unrar.exe
2011-10-31 20:30:22 ----HD---- C:\windows\update.tray-9-0-lnk
2011-10-31 20:30:22 ----HD---- C:\windows\update.tray-9-0
2011-10-29 09:35:47 ----D---- C:\Program Files (x86)\Adobe
2011-10-13 05:50:14 ----A---- C:\windows\system32\win32k.sys
2011-10-13 05:50:10 ----A---- C:\windows\system32\ieframe.dll
2011-10-13 05:50:06 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-10-13 05:50:04 ----A---- C:\windows\system32\urlmon.dll
2011-10-13 05:50:04 ----A---- C:\windows\system32\mshtml.dll
2011-10-13 05:50:01 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-10-13 05:50:01 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-10-13 05:50:01 ----A---- C:\windows\system32\wininet.dll
2011-10-13 05:50:00 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-10-13 05:49:59 ----A---- C:\windows\SYSWOW64\mstime.dll
2011-10-13 05:49:59 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-10-13 05:49:59 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2011-10-13 05:49:59 ----A---- C:\windows\system32\mstime.dll
2011-10-13 05:49:59 ----A---- C:\windows\system32\msfeeds.dll
2011-10-13 05:49:59 ----A---- C:\windows\system32\iedkcs32.dll
2011-10-13 05:49:58 ----A---- C:\windows\SYSWOW64\url.dll
2011-10-13 05:49:58 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-10-13 05:49:58 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2011-10-13 05:49:58 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2011-10-13 05:49:58 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2011-10-13 05:49:58 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2011-10-13 05:49:58 ----A---- C:\windows\SYSWOW64\ieui.dll
2011-10-13 05:49:58 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-10-13 05:49:58 ----A---- C:\windows\SYSWOW64\iepeers.dll
2011-10-13 05:49:58 ----A---- C:\windows\system32\url.dll
2011-10-13 05:49:58 ----A---- C:\windows\system32\mshtmled.dll
2011-10-13 05:49:58 ----A---- C:\windows\system32\msfeedssync.exe
2011-10-13 05:49:58 ----A---- C:\windows\system32\msfeedsbs.dll
2011-10-13 05:49:58 ----A---- C:\windows\system32\licmgr10.dll
2011-10-13 05:49:58 ----A---- C:\windows\system32\jsproxy.dll
2011-10-13 05:49:58 ----A---- C:\windows\system32\ieui.dll
2011-10-13 05:49:58 ----A---- C:\windows\system32\iertutil.dll
2011-10-13 05:49:58 ----A---- C:\windows\system32\iepeers.dll
2011-10-13 05:49:46 ----A---- C:\windows\SYSWOW64\psisdecd.dll
2011-10-13 05:49:46 ----A---- C:\windows\system32\psisdecd.dll
2011-10-13 05:49:45 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2011-10-13 05:49:45 ----A---- C:\windows\SYSWOW64\oleacc.dll
2011-10-13 05:49:45 ----A---- C:\windows\system32\oleaut32.dll
2011-10-13 05:49:45 ----A---- C:\windows\system32\oleacc.dll
======List of files/folders modified in the last 2 months======
2011-12-07 17:49:07 ----RD---- C:\Program Files
2011-12-07 17:45:19 ----D---- C:\windows\system32\config
2011-12-07 17:44:14 ----D---- C:\windows\system32\catroot
2011-12-07 17:43:37 ----D---- C:\windows\System32
2011-12-07 17:43:37 ----D---- C:\windows\inf
2011-12-07 17:43:37 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-12-07 17:42:09 ----D---- C:\windows\system32\Tasks
2011-12-07 17:41:41 ----SHD---- C:\windows\Installer
2011-12-07 17:41:41 ----D---- C:\Program Files (x86)\Samsung
2011-12-07 17:41:40 ----D---- C:\windows\system32\DriverStore
2011-12-07 17:41:24 ----SHD---- C:\System Volume Information
2011-12-07 17:40:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-12-07 17:36:36 ----RD---- C:\Program Files (x86)
2011-12-07 17:36:35 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2011-12-07 17:35:16 ----D---- C:\windows\SYSWOW64\drivers
2011-12-07 17:35:16 ----D---- C:\windows\SysWOW64
2011-12-07 17:32:55 ----D---- C:\Windows
2011-12-07 17:29:59 ----D---- C:\ProgramData\Skype
2011-12-07 17:29:58 ----D---- C:\Users\Eliška Horáková\AppData\Roaming\Skype
2011-12-07 17:26:18 ----D---- C:\Program Files (x86)\Microsoft
2011-12-07 17:26:00 ----SD---- C:\ProgramData\Microsoft
2011-12-07 17:23:30 ----D---- C:\ProgramData
2011-12-07 17:05:53 ----A---- C:\windows\system.ini
2011-12-07 17:05:16 ----D---- C:\windows\system32\drivers\etc
2011-12-07 16:47:56 ----D---- C:\windows\system32\drivers
2011-12-07 16:47:56 ----D---- C:\windows\AppPatch
2011-12-07 16:47:34 ----D---- C:\Program Files\Common Files
2011-12-07 16:47:34 ----D---- C:\Program Files (x86)\Common Files
2011-12-07 16:39:58 ----D---- C:\windows\Prefetch
2011-12-07 16:34:17 ----D---- C:\ProgramData\FLEXnet
2011-12-07 16:27:19 ----A---- C:\ProgramData\HPWALog.txt
2011-12-05 06:22:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-12-02 19:30:46 ----D---- C:\windows\system32\catroot2
2011-12-02 14:22:29 ----D---- C:\windows\system32\wdi
2011-12-01 17:12:36 ----D---- C:\windows\Tasks
2011-11-16 16:01:12 ----D---- C:\Users\Eliška Horáková\AppData\Roaming\DAEMON Tools Lite
2011-11-15 23:27:01 ----D---- C:\windows\system32\NDF
2011-11-13 13:06:37 ----RD---- C:\Users
2011-11-11 21:27:58 ----D---- C:\windows\system32\LogFiles
2011-10-29 09:35:48 ----D---- C:\ProgramData\Adobe
2011-10-26 22:20:33 ----D---- C:\windows\winsxs
2011-10-26 22:20:26 ----D---- C:\Program Files\Internet Explorer
2011-10-26 22:20:26 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-13 16:31:34 ----D---- C:\windows\Microsoft.NET
2011-10-13 16:31:33 ----RSD---- C:\windows\assembly
2011-10-13 15:07:04 ----D---- C:\windows\SYSWOW64\migration
2011-10-13 15:07:04 ----D---- C:\windows\system32\migration
2011-10-13 15:07:03 ----D---- C:\windows\ehome
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-08 409112]
R0 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2010-02-08 527592]
R0 mfewfpk;McAfee Inc. mfewfpk; C:\windows\system32\drivers\mfewfpk.sys [2010-02-08 280008]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-16 279616]
R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2008-10-24 53768]
R1 epfwtdi;epfwtdi; C:\windows\system32\DRIVERS\epfwtdi.sys [2008-10-24 68104]
R1 MPFP;MPFP; C:\windows\System32\Drivers\Mpfp.sys [2009-04-09 176144]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2008-10-24 81928]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-11-02 1209856]
R3 BTMUSB;Motorola Bluetooth Radio Service; C:\windows\System32\Drivers\btmusb.sys [2010-07-08 3232768]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2008-10-24 33288]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-01-25 7842272]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 145408]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\windows\system32\drivers\mfeavfk.sys [2010-02-08 190136]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2010-04-27 1803904]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-01-29 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-01-22 305200]
S0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-09-27 868848]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys [2010-04-10 52736]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 eamon;eamon; C:\windows\system32\DRIVERS\eamon.sys [2008-10-24 45064]
S3 mfeapfk;McAfee Inc. mfeapfk; C:\windows\system32\drivers\mfeapfk.sys [2010-02-08 121760]
S3 mferkdet;McAfee Inc. mferkdet; C:\windows\system32\drivers\mferkdet.sys [2010-02-08 94224]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2007-09-17 29184]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 TFsExDisk;TFsExDisk; \??\C:\windows\System32\Drivers\TFsExDisk.sys []
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-11-02 16896]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2011-02-23 125496]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-01-08 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-05-03 2782552]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
R2 Printer Control;Printer Control; C:\windows\system32\PrintCtrl.exe [2009-10-28 65536]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [2010-01-29 244736]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 Bluetooth Device Manager;Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-28 1028096]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2011-01-25 791608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe []
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe []
S2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe []
S2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe []
S2 MpfService;McAfee Personal Firewall Service; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe []
S2 myAgtSvc;McAfee Virus and Spyware Protection Service; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart []
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-28 647680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-10-16 74392]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nejspíše FB vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Nejspíše FB vir
ComboFix 11-12-06.01 - Eliška Horáková 07.12.2011 16:42:26.1.2 - x64
Spuštěný z: C:\Users\EliÜka Horßkovß\Desktop\ComboFix.exe
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files (x86)\ESET\MiNODLogin
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.jar
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLoginLib.dll
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe
C:\Program Files (x86)\ESET\MiNODLogin\servidores.xml
C:\Thumbs.db
C:\Users\Eliška Horáková\AppData\Local\ihh.exe
C:\windows\assembly\tmp\U
C:\windows\assembly\tmp\U\00000001.@
C:\windows\assembly\tmp\U\000000c0.@
C:\windows\assembly\tmp\U\000000cb.@
C:\windows\assembly\tmp\U\000000cf.@
C:\windows\assembly\tmp\U\80000000.@
C:\windows\assembly\tmp\U\800000c0.@
C:\windows\assembly\tmp\U\800000cb.@
C:\windows\assembly\tmp\U\800000cf.@
C:\windows\av_ico
C:\windows\av_ico\ico_mcafee_start.ico
C:\windows\av_ico\ico_NOD_SS_START.ico
C:\windows\av_ico\ico_NOD_SYSINSP.ico
C:\windows\av_ico\ico_NOD_SYSRESC.ico
C:\windows\av_ico\ico_NOD_TXT.ico
C:\windows\av_ico\ico_NOD_UNINSTALL.ico
C:\windows\btc_client_iplist.txt
C:\windows\front_ip_list.txt
C:\windows\geoiplist
C:\windows\geoiplist.rar
C:\windows\iecheck_iplist.txt
C:\windows\info1
C:\windows\iplist.txt
C:\windows\loader2.exe_ok
C:\windows\PFRO.log
C:\windows\phoenix
C:\windows\phoenix.rar
C:\windows\phoenix\kernels\phatk\__init__.py
C:\windows\phoenix\kernels\phatk\__init__.pyc
C:\windows\phoenix\kernels\phatk\BFIPatcher.py
C:\windows\phoenix\kernels\phatk\kernel.cl
C:\windows\phoenix\kernels\poclbm\__init__.py
C:\windows\phoenix\kernels\poclbm\__init__.pyc
C:\windows\phoenix\kernels\poclbm\BFIPatcher.py
C:\windows\phoenix\kernels\poclbm\kernel.cl
C:\windows\phoenix\phoenix.exe
C:\windows\proc_list1.log
C:\windows\rpcminer
C:\windows\rpcminer.rar
C:\windows\rpcminer\bitcoinminercuda_10.cubin
C:\windows\rpcminer\bitcoinminercuda_11.cubin
C:\windows\rpcminer\bitcoinminercuda_20.cubin
C:\windows\rpcminer\bitcoinmineropencl.cl
C:\windows\rpcminer\cudart32_32_16.dll
C:\windows\rpcminer\curllib.dll
C:\windows\rpcminer\libeay32.dll
C:\windows\rpcminer\libsasl.dll
C:\windows\rpcminer\openldap.dll
C:\windows\rpcminer\rpcminer-4way.exe
C:\windows\rpcminer\rpcminer-cpu.exe
C:\windows\rpcminer\rpcminer-cuda.exe
C:\windows\rpcminer\rpcminer-opencl.exe
C:\windows\rpcminer\ssleay32.dll
C:\windows\sysdriver32.exe
C:\windows\sysdriver32_.exe
C:\windows\system32\consrv.dll
C:\windows\system32\drivers\etc\HSTS~1
C:\windows\ufa.rar
C:\windows\update.1
C:\windows\update.1\svchost.exe
C:\windows\update.2
C:\windows\update.2\svchost.exe
C:\windows\update.5.0
C:\windows\update.5.0\svchost.exe
C:\windows\update.7.1
C:\windows\update.7.1\svchostdriver.exe
C:\windows\winlog-dirs.txt
C:\windows\winlog-ids.txt
C:\windows\winsetupapi.log
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ddservice
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-07 do 2011-12-07 )))))))))))))))))))))))))))))))
2011-12-07 16:02:43 . 2011-12-07 16:02:43 -------- d-----w- C:\Users\luke\AppData\Local\temp
2011-12-07 16:02:43 . 2011-12-07 16:02:43 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-12-06 17:07:05 . 2011-12-06 17:07:15 -------- d-----w- C:\Users\luke\AppData\Roaming\PCRx
2011-12-06 17:00:18 . 2011-12-07 12:25:50 -------- d-----w- C:\ProgramData\Spyware Terminator
2011-12-06 17:00:18 . 2011-12-06 17:00:18 51496 ----a-w- C:\windows\system32\drivers\stflt.sys
2011-12-06 17:00:18 . 2011-12-06 17:00:18 -------- d-----w- C:\Users\luke\AppData\Roaming\Spyware Terminator
2011-12-06 17:00:16 . 2011-12-06 17:00:24 -------- d-----w- C:\Program Files (x86)\Spyware Terminator
2011-12-06 16:45:35 . 2011-12-06 16:45:39 -------- d-----w- C:\Program Files (x86)\Crawler
2011-11-20 20:38:44 . 2011-11-20 20:38:44 -------- d--h--w- C:\windows\update.tray-3-0
2011-11-20 20:38:44 . 2011-11-20 20:38:44 -------- d--h--w- C:\windows\update.tray-3-0-lnk
2011-11-20 15:34:25 . 2011-12-07 15:57:35 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-16 14:59:24 . 2011-11-16 14:59:24 279616 ----a-w- C:\windows\system32\drivers\dtsoftbus01.sys
2011-11-16 14:57:49 . 2011-11-17 03:23:42 -------- d-----w- C:\Users\Eliška Horáková\AppData\Local\OpenCandy
2011-11-16 14:57:48 . 2011-11-16 14:59:11 -------- d-----w- C:\Users\Eliška Horáková\AppData\Roaming\OpenCandy
2011-11-16 14:57:29 . 2011-11-16 14:59:24 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-11-13 12:06:38 . 2011-11-13 12:06:38 -------- d-----w- C:\Users\Eliška Horáková\AppData\Local\ElevatedDiagnostics
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-10-31 19:57:39 . 2011-06-06 06:09:43 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-31 19:38:07 . 2011-10-31 19:34:13 246272 ----a-w- C:\windows\unrar.exe
2011-10-01 03:21:20 . 2011-10-13 04:49:57 1638912 ----a-w- C:\windows\system32\mshtml.tlb
2011-10-01 02:59:14 . 2011-10-13 04:49:57 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-09-27 21:27:49 . 2011-03-12 12:15:46 868848 ----a-w- C:\windows\system32\drivers\sptd.sys
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 18:08:40 2363392]
"AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-04-18 10:41:03 102400]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 09:17:04 3514176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 17:26:40 256056]
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 19:27:36 563736]
"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 17:41:28 499768]
"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 21:12:28 439568]
"NortonOnlineBackup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-05-03 21:48:52 1110360]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
R0 sptd;sptd;C:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
R3 BTMCOM;Bluetooth Serial Port;C:\windows\system32\Drivers\btmcom.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 10:42:58 89600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 20:28:14 677128]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 15:40:22 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 17:27:22 264248]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 19:27:38 635416]
S2 Printer Control;Printer Control;C:\windows\system32\PrintCtrl.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2011-11-22 03:35:10 1148632]
S3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 18:52:12 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 20:28:12 1096968]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\windows\system32\Drivers\btmusb.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-28 00:52:40 1028096]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06:42 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe
Obsah adresáře 'Naplánované úlohy'
2011-12-06 C:\windows\Tasks\HPCeeScheduleForluke.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53:14 . 2010-01-05 10:53:14]
--------- x86-64 -----------
Spuštěný z: C:\Users\EliÜka Horßkovß\Desktop\ComboFix.exe
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files (x86)\ESET\MiNODLogin
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.jar
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLoginLib.dll
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe
C:\Program Files (x86)\ESET\MiNODLogin\servidores.xml
C:\Thumbs.db
C:\Users\Eliška Horáková\AppData\Local\ihh.exe
C:\windows\assembly\tmp\U
C:\windows\assembly\tmp\U\00000001.@
C:\windows\assembly\tmp\U\000000c0.@
C:\windows\assembly\tmp\U\000000cb.@
C:\windows\assembly\tmp\U\000000cf.@
C:\windows\assembly\tmp\U\80000000.@
C:\windows\assembly\tmp\U\800000c0.@
C:\windows\assembly\tmp\U\800000cb.@
C:\windows\assembly\tmp\U\800000cf.@
C:\windows\av_ico
C:\windows\av_ico\ico_mcafee_start.ico
C:\windows\av_ico\ico_NOD_SS_START.ico
C:\windows\av_ico\ico_NOD_SYSINSP.ico
C:\windows\av_ico\ico_NOD_SYSRESC.ico
C:\windows\av_ico\ico_NOD_TXT.ico
C:\windows\av_ico\ico_NOD_UNINSTALL.ico
C:\windows\btc_client_iplist.txt
C:\windows\front_ip_list.txt
C:\windows\geoiplist
C:\windows\geoiplist.rar
C:\windows\iecheck_iplist.txt
C:\windows\info1
C:\windows\iplist.txt
C:\windows\loader2.exe_ok
C:\windows\PFRO.log
C:\windows\phoenix
C:\windows\phoenix.rar
C:\windows\phoenix\kernels\phatk\__init__.py
C:\windows\phoenix\kernels\phatk\__init__.pyc
C:\windows\phoenix\kernels\phatk\BFIPatcher.py
C:\windows\phoenix\kernels\phatk\kernel.cl
C:\windows\phoenix\kernels\poclbm\__init__.py
C:\windows\phoenix\kernels\poclbm\__init__.pyc
C:\windows\phoenix\kernels\poclbm\BFIPatcher.py
C:\windows\phoenix\kernels\poclbm\kernel.cl
C:\windows\phoenix\phoenix.exe
C:\windows\proc_list1.log
C:\windows\rpcminer
C:\windows\rpcminer.rar
C:\windows\rpcminer\bitcoinminercuda_10.cubin
C:\windows\rpcminer\bitcoinminercuda_11.cubin
C:\windows\rpcminer\bitcoinminercuda_20.cubin
C:\windows\rpcminer\bitcoinmineropencl.cl
C:\windows\rpcminer\cudart32_32_16.dll
C:\windows\rpcminer\curllib.dll
C:\windows\rpcminer\libeay32.dll
C:\windows\rpcminer\libsasl.dll
C:\windows\rpcminer\openldap.dll
C:\windows\rpcminer\rpcminer-4way.exe
C:\windows\rpcminer\rpcminer-cpu.exe
C:\windows\rpcminer\rpcminer-cuda.exe
C:\windows\rpcminer\rpcminer-opencl.exe
C:\windows\rpcminer\ssleay32.dll
C:\windows\sysdriver32.exe
C:\windows\sysdriver32_.exe
C:\windows\system32\consrv.dll
C:\windows\system32\drivers\etc\HSTS~1
C:\windows\ufa.rar
C:\windows\update.1
C:\windows\update.1\svchost.exe
C:\windows\update.2
C:\windows\update.2\svchost.exe
C:\windows\update.5.0
C:\windows\update.5.0\svchost.exe
C:\windows\update.7.1
C:\windows\update.7.1\svchostdriver.exe
C:\windows\winlog-dirs.txt
C:\windows\winlog-ids.txt
C:\windows\winsetupapi.log
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ddservice
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-07 do 2011-12-07 )))))))))))))))))))))))))))))))
2011-12-07 16:02:43 . 2011-12-07 16:02:43 -------- d-----w- C:\Users\luke\AppData\Local\temp
2011-12-07 16:02:43 . 2011-12-07 16:02:43 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-12-06 17:07:05 . 2011-12-06 17:07:15 -------- d-----w- C:\Users\luke\AppData\Roaming\PCRx
2011-12-06 17:00:18 . 2011-12-07 12:25:50 -------- d-----w- C:\ProgramData\Spyware Terminator
2011-12-06 17:00:18 . 2011-12-06 17:00:18 51496 ----a-w- C:\windows\system32\drivers\stflt.sys
2011-12-06 17:00:18 . 2011-12-06 17:00:18 -------- d-----w- C:\Users\luke\AppData\Roaming\Spyware Terminator
2011-12-06 17:00:16 . 2011-12-06 17:00:24 -------- d-----w- C:\Program Files (x86)\Spyware Terminator
2011-12-06 16:45:35 . 2011-12-06 16:45:39 -------- d-----w- C:\Program Files (x86)\Crawler
2011-11-20 20:38:44 . 2011-11-20 20:38:44 -------- d--h--w- C:\windows\update.tray-3-0
2011-11-20 20:38:44 . 2011-11-20 20:38:44 -------- d--h--w- C:\windows\update.tray-3-0-lnk
2011-11-20 15:34:25 . 2011-12-07 15:57:35 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-16 14:59:24 . 2011-11-16 14:59:24 279616 ----a-w- C:\windows\system32\drivers\dtsoftbus01.sys
2011-11-16 14:57:49 . 2011-11-17 03:23:42 -------- d-----w- C:\Users\Eliška Horáková\AppData\Local\OpenCandy
2011-11-16 14:57:48 . 2011-11-16 14:59:11 -------- d-----w- C:\Users\Eliška Horáková\AppData\Roaming\OpenCandy
2011-11-16 14:57:29 . 2011-11-16 14:59:24 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-11-13 12:06:38 . 2011-11-13 12:06:38 -------- d-----w- C:\Users\Eliška Horáková\AppData\Local\ElevatedDiagnostics
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-10-31 19:57:39 . 2011-06-06 06:09:43 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-31 19:38:07 . 2011-10-31 19:34:13 246272 ----a-w- C:\windows\unrar.exe
2011-10-01 03:21:20 . 2011-10-13 04:49:57 1638912 ----a-w- C:\windows\system32\mshtml.tlb
2011-10-01 02:59:14 . 2011-10-13 04:49:57 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-09-27 21:27:49 . 2011-03-12 12:15:46 868848 ----a-w- C:\windows\system32\drivers\sptd.sys
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 18:08:40 2363392]
"AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-04-18 10:41:03 102400]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 09:17:04 3514176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 17:26:40 256056]
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 19:27:36 563736]
"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 17:41:28 499768]
"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 21:12:28 439568]
"NortonOnlineBackup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-05-03 21:48:52 1110360]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
R0 sptd;sptd;C:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
R3 BTMCOM;Bluetooth Serial Port;C:\windows\system32\Drivers\btmcom.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 10:42:58 89600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 20:28:14 677128]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 15:40:22 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 17:27:22 264248]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 19:27:38 635416]
S2 Printer Control;Printer Control;C:\windows\system32\PrintCtrl.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2011-11-22 03:35:10 1148632]
S3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 18:52:12 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 20:28:12 1096968]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\windows\system32\Drivers\btmusb.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-28 00:52:40 1028096]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06:42 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe
Obsah adresáře 'Naplánované úlohy'
2011-12-06 C:\windows\Tasks\HPCeeScheduleForluke.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53:14 . 2010-01-05 10:53:14]
--------- x86-64 -----------
Přispějete na provoz fóra?