Ahoj,
v PC mi spybot a ms essentials nasly nejaky viry, porad ale svchost vytezuje cpu na 100%. Dik za pomoc!
Logfile of random's system information tool 1.09 (written by random/random)
Run by uzivatel at 2012-10-09 15:25:08
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 387 GB (81%) free of 477 GB
Total RAM: 4060 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:25:30, on 9.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\uzivatel\AppData\Roaming\WinDef.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\uzivatel\AppData\Local\Temp\RarSFX5\svchost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\uzivatel\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Program Files\trend micro\uzivatel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 149.5.18.173 www.google-analytics.com.
O1 - Hosts: 149.5.18.173 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.173 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
O4 - HKLM\..\Run: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_S9F4B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NkZBODU0RDhCQ0ZGMkI1Qz] C:\Users\uzivatel\api-ms-win-servras.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D465D1-4526-4E3F-AE0E-D3E85785C112}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 11 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.11.0) - ABBYY - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9576 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
/QuitInfo:000000000000025C;00000000000002DC; /AddRef;
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
/QuitInfo:0000000000000328;000000000000032C; /AddRef;
/QuitInfo:0000000000000148;0000000000000334;
/loadhooks /Parent:000000000000058C
"C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe" -service
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE"
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE"
"C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Users\uzivatel\api-ms-win-servras.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\uzivatel\AppData\Roaming\WinDef.exe"
cmd /c ""MINE 2 THREADS.bat""
\??\C:\Windows\system32\conhost.exe "791713595-1165901823-1762373715877963346-514840555-1869867724-10559616982110543763
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
svchost.exe --algo scrypt --s 6 --threads 2 --quiet --url http://litecoinpool.org:9332 --userpass alphadelta.1:test
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Users\uzivatel\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe" --noInstallation --dre
"C:\Users\uzivatel\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe" --action hooks --log C:\Users\uzivatel\AppData\Roaming\TeamViewer\TeamViewer7_Logfile.log
"C:\Users\uzivatel\AppData\Local\Temp\TeamViewer\Version7\tv_x64.exe" --action hooks --log C:\Users\uzivatel\AppData\Roaming\TeamViewer\TeamViewer7_Logfile.log
"c:\users\uzivatel\appdata\local\temp\teamviewer\version7\TeamViewer_Desktop.exe" --IPCport 6039
"C:\totalcmd\TOTALCMD.EXE"
"C:\Windows\system32\taskmgr.exe" /1
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2436 CREDAT:203009
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\uzivatel\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-09-22 253584]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-22 192144]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-28 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-09-22 253584]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-22 192144]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 1289704]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus SX400 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE [2007-12-17 221696]
"NkZBODU0RDhCQ0ZGMkI1Qz"=C:\Users\uzivatel\api-ms-win-servras.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11]
C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [2011-08-18 925960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NkZBODU0RDhCQ0ZGMkI1Qz]
C:\Users\uzivatel\api-ms-win-servras.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsDef]
C:\Users\uzivatel\AppData\Roaming\WinDef.exe [2012-10-05 3379712]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2010-10-05 2493552]
"SMART Board Service"=C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe [2011-01-25 5893488]
"SMART SNMP Agent"=C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [2011-01-25 1678704]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 272896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-10-09 15:20:16 ----D---- C:\rsit
2012-10-09 15:20:16 ----D---- C:\Program Files\trend micro
2012-10-05 17:22:45 ----A---- C:\Users\uzivatel\AppData\Roaming\WinDef.exe
2012-10-05 15:24:46 ----A---- C:\Users\uzivatel\AppData\Roaming\winlogon.exe
2012-10-05 15:24:16 ----D---- C:\Users\uzivatel\AppData\Roaming\dclogs
2012-10-04 06:33:30 ----D---- C:\Users\uzivatel\AppData\Roaming\get_iplayer
2012-10-03 08:53:44 ----H---- C:\Users\uzivatel\AppData\Roaming\uzivatel-wchelper.dll
2012-10-01 23:14:13 ----RASH---- C:\api-ms-win-servras.exe
2012-10-01 17:20:50 ----ASH---- C:\ProgramData\ms00037F1D.dat
2012-09-26 14:36:45 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-09-23 03:01:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-09-23 03:01:33 ----A---- C:\Windows\system32\mshtmled.dll
2012-09-23 03:01:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-09-23 03:01:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-09-23 03:01:31 ----A---- C:\Windows\SYSWOW64\url.dll
2012-09-23 03:01:31 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-09-23 03:01:31 ----A---- C:\Windows\system32\url.dll
2012-09-23 03:01:31 ----A---- C:\Windows\system32\ieUnatt.exe
2012-09-23 03:01:31 ----A---- C:\Windows\system32\ieui.dll
2012-09-23 03:01:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-09-23 03:01:30 ----A---- C:\Windows\system32\urlmon.dll
2012-09-23 03:01:29 ----A---- C:\Windows\system32\jscript9.dll
2012-09-23 03:01:28 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-09-23 03:01:28 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-09-23 03:01:28 ----A---- C:\Windows\system32\msfeeds.dll
2012-09-23 03:01:27 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-09-23 03:01:27 ----A---- C:\Windows\system32\wininet.dll
2012-09-23 03:01:27 ----A---- C:\Windows\system32\jsproxy.dll
2012-09-23 03:01:26 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-09-23 03:01:26 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-09-23 03:01:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-09-23 03:01:26 ----A---- C:\Windows\system32\vbscript.dll
2012-09-23 03:01:26 ----A---- C:\Windows\system32\jscript.dll
2012-09-23 03:01:26 ----A---- C:\Windows\system32\iertutil.dll
2012-09-23 03:01:24 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-09-23 03:01:23 ----A---- C:\Windows\system32\mshtml.dll
2012-09-23 03:01:22 ----A---- C:\Windows\system32\ieframe.dll
2012-09-23 03:01:21 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-09-12 14:57:21 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 14:57:21 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-09-12 14:57:20 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2012-09-12 14:57:20 ----A---- C:\Windows\system32\d3d10level9.dll
2012-09-12 14:57:19 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 14:57:19 ----A---- C:\Windows\system32\drivers\netio.sys
2012-09-12 14:57:19 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
======List of files/folders modified in the last 1 month======
2012-10-09 15:25:16 ----D---- C:\Windows\Prefetch
2012-10-09 15:21:28 ----D---- C:\Windows\Temp
2012-10-09 15:20:16 ----RD---- C:\Program Files
2012-10-09 10:31:32 ----D---- C:\Windows\system32\drivers\etc
2012-10-09 10:15:16 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-10-09 10:04:56 ----D---- C:\Users\uzivatel\AppData\Roaming\DAEMON Tools Pro
2012-10-09 10:04:56 ----D---- C:\Users\uzivatel\AppData\Roaming\Azureus
2012-10-09 10:04:52 ----D---- C:\Windows\system32\LogFiles
2012-10-09 10:04:41 ----D---- C:\Windows\System32
2012-10-09 10:04:41 ----D---- C:\Windows\Panther
2012-10-09 10:04:41 ----D---- C:\Windows\inf
2012-10-09 10:04:40 ----D---- C:\Windows\debug
2012-10-09 10:04:40 ----D---- C:\Windows
2012-10-09 10:03:23 ----D---- C:\Windows\system32\Tasks
2012-10-09 10:03:21 ----D---- C:\Program Files\CCleaner
2012-10-09 10:02:29 ----D---- C:\Windows\system32\config
2012-10-09 09:04:58 ----SHD---- C:\System Volume Information
2012-10-09 08:57:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-09 08:53:00 ----D---- C:\Windows\system32\drivers
2012-10-08 21:47:11 ----D---- C:\Users\uzivatel\AppData\Roaming\Skype
2012-10-07 20:10:41 ----D---- C:\Windows\Logs
2012-10-05 21:45:18 ----SD---- C:\Users\uzivatel\AppData\Roaming\Microsoft
2012-10-05 15:24:48 ----HD---- C:\Users\uzivatel\AppData\Roaming\88506DBD
2012-10-04 06:34:52 ----D---- C:\Windows\system32\wdi
2012-10-02 02:25:09 ----SHD---- C:\Windows\Installer
2012-10-02 02:25:08 ----D---- C:\Program Files\Microsoft Security Client
2012-10-02 02:24:58 ----D---- C:\Windows\system32\catroot
2012-10-02 02:24:56 ----D---- C:\Program Files (x86)\Microsoft Security Client
2012-10-01 17:20:50 ----HD---- C:\ProgramData
2012-10-01 17:19:08 ----SD---- C:\ProgramData\Microsoft
2012-09-27 18:36:49 ----D---- C:\Windows\rescache
2012-09-26 21:56:39 ----D---- C:\Windows\winsxs
2012-09-23 03:17:31 ----D---- C:\Windows\SYSWOW64\migration
2012-09-23 03:17:31 ----D---- C:\Windows\SysWOW64
2012-09-23 03:17:31 ----D---- C:\Windows\system32\migration
2012-09-23 03:17:31 ----D---- C:\Program Files\Internet Explorer
2012-09-23 03:17:31 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-23 03:01:53 ----D---- C:\Windows\system32\catroot2
2012-09-18 08:06:45 ----RD---- C:\Program Files (x86)
2012-09-13 03:19:49 ----D---- C:\Windows\system32\DriverStore
2012-09-13 03:04:26 ----D---- C:\ProgramData\Microsoft Help
2012-09-13 03:02:03 ----A---- C:\Windows\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 228768]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-10-10 526392]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
R1 MpKsl0c522d26;MpKsl0c522d26; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E786CA5E-78CC-4085-8794-724C27B68390}\MpKsl0c522d26.sys [2012-10-09 35664]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
R3 SMARTMouseFilterx64;HID-compliant mouse; C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2011-01-25 13168]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device; C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2011-01-25 16368]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC; C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2011-01-25 24944]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-04-26 31232]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
S2 Aspi32;Aspi32; C:\Windows\System32\drivers\aspi32.sys []
S3 a2fks5cu;a2fks5cu; C:\Windows\system32\drivers\a2fks5cu.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-18 819976]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-06-08 87368]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 22072]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-22 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-18 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Svchost vytezuje na 100%
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Svchost vytezuje na 100%
Zdravim 
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Search
- Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
- Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Svchost vytezuje na 100%
# AdwCleaner v2.004 - Logfile created 10/09/2012 at 19:14:37
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : uzivatel - NOVEPC
# Boot Mode : Normal
# Running from : C:\Users\uzivatel\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Vuze_Remote
Folder Found : C:\Program Files (x86)\Vuze_Remote
Folder Found : C:\Users\uzivatel\AppData\Local\Conduit
Folder Found : C:\Users\uzivatel\AppData\LocalLow\Conduit
Folder Found : C:\Users\uzivatel\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\uzivatel\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\uzivatel\AppData\LocalLow\Vuze_Remote
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1A6175AB-1594-4A17-A229-01EC3BA0555B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKLM\Software\Vuze_Remote
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1A6175AB-1594-4A17-A229-01EC3BA0555B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10A49B7C-F7AC-477F-B022-88F53EF923F9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17C3A441-5C0A-4701-8C4F-733C69F69338}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96D9CD92-8EEE-4C5B-844A-28712AAF8F9F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-3000674186-2036076626-232111718-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Opera v11.50.1074.0
File : C:\Users\uzivatel\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [5600 octets] - [09/10/2012 19:14:37]
########## EOF - C:\AdwCleaner[R1].txt - [5660 octets] ##########
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : uzivatel - NOVEPC
# Boot Mode : Normal
# Running from : C:\Users\uzivatel\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Vuze_Remote
Folder Found : C:\Program Files (x86)\Vuze_Remote
Folder Found : C:\Users\uzivatel\AppData\Local\Conduit
Folder Found : C:\Users\uzivatel\AppData\LocalLow\Conduit
Folder Found : C:\Users\uzivatel\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\uzivatel\AppData\LocalLow\Vuze_Remote
Folder Found : C:\Users\uzivatel\AppData\LocalLow\Vuze_Remote
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1A6175AB-1594-4A17-A229-01EC3BA0555B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKLM\Software\Vuze_Remote
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1A6175AB-1594-4A17-A229-01EC3BA0555B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10A49B7C-F7AC-477F-B022-88F53EF923F9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17C3A441-5C0A-4701-8C4F-733C69F69338}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96D9CD92-8EEE-4C5B-844A-28712AAF8F9F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-3000674186-2036076626-232111718-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Opera v11.50.1074.0
File : C:\Users\uzivatel\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [5600 octets] - [09/10/2012 19:14:37]
########## EOF - C:\AdwCleaner[R1].txt - [5660 octets] ##########
Re: Svchost vytezuje na 100%
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : uzivatel [Práva správce]
Mód : Kontrola -- Datum : 10/09/2012 19:16:54
¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[SUSP PATH] api-ms-win-servras.exe -- C:\Users\uzivatel\api-ms-win-servras.exe -> SMAZÁNO [TermProc]
[SUSP PATH] WinDef.exe -- C:\Users\uzivatel\AppData\Roaming\WinDef.exe -> SMAZÁNO [TermProc]
[SVCHOST] svchost.exe -- C:\Users\uzivatel\AppData\Local\Temp\RarSFX5\svchost.exe -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : NkZBODU0RDhCQ0ZGMkI1Qz (C:\Users\uzivatel\api-ms-win-servras.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3000674186-2036076626-232111718-1000[...]\Run : NkZBODU0RDhCQ0ZGMkI1Qz (C:\Users\uzivatel\api-ms-win-servras.exe) -> NALEZENO
[TASK][SUSP PATH] {B422426B-2A8D-4C69-AA5B-82C46B9EE2FB} : C:\Windows\system32\pcalua.exe -a C:\Users\uzivatel\Desktop\trillian-v3.1.14.0.exe -d C:\Users\uzivatel\Desktop -> NALEZENO
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112} : NameServer (10.0.0.138) -> NALEZENO
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112} : NameServer (10.0.0.138) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
149.5.18.173 www.google-analytics.com.
149.5.18.173 ad-emea.doubleclick.net.
149.5.18.173 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 53f9c580f117ce06d90382f93d4f26e0
[BSP] e0ce8c07b0b2c25358ba9bc3cecd2a6b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] 3e2f8b6664de1af9967448b7a3c50916
[BSP] 50618788b5102d5596e481aad1bc202f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : uzivatel [Práva správce]
Mód : Kontrola -- Datum : 10/09/2012 19:16:54
¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[SUSP PATH] api-ms-win-servras.exe -- C:\Users\uzivatel\api-ms-win-servras.exe -> SMAZÁNO [TermProc]
[SUSP PATH] WinDef.exe -- C:\Users\uzivatel\AppData\Roaming\WinDef.exe -> SMAZÁNO [TermProc]
[SVCHOST] svchost.exe -- C:\Users\uzivatel\AppData\Local\Temp\RarSFX5\svchost.exe -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : NkZBODU0RDhCQ0ZGMkI1Qz (C:\Users\uzivatel\api-ms-win-servras.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3000674186-2036076626-232111718-1000[...]\Run : NkZBODU0RDhCQ0ZGMkI1Qz (C:\Users\uzivatel\api-ms-win-servras.exe) -> NALEZENO
[TASK][SUSP PATH] {B422426B-2A8D-4C69-AA5B-82C46B9EE2FB} : C:\Windows\system32\pcalua.exe -a C:\Users\uzivatel\Desktop\trillian-v3.1.14.0.exe -d C:\Users\uzivatel\Desktop -> NALEZENO
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112} : NameServer (10.0.0.138) -> NALEZENO
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112} : NameServer (10.0.0.138) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
149.5.18.173 www.google-analytics.com.
149.5.18.173 ad-emea.doubleclick.net.
149.5.18.173 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 53f9c580f117ce06d90382f93d4f26e0
[BSP] e0ce8c07b0b2c25358ba9bc3cecd2a6b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] 3e2f8b6664de1af9967448b7a3c50916
[BSP] 50618788b5102d5596e481aad1bc202f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[1].txt >>
RKreport[1].txt
Re: Svchost vytezuje na 100%
Sorry nechci byt nedockavy ale kamarad uz ten pocitac bude potrebovat vratit vycisteny... 
dík
díkRe: Svchost vytezuje na 100%
Podivejte, my jsme tu zdarma a ve svem volnem case, pokud kamrad potrebuje urgentni pomoc, tak si mel zaplatit technika a pak se muze domahat okamziteho reseni Spustte znovu RogueKiller
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
- Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte
Spustte znovu AdwCleaner
- Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Delete
- PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Svchost vytezuje na 100%
Ja vim a vazim si toho! jeste jednou diky
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : uzivatel [Práva správce]
Mód : Odebrat -- Datum : 10/10/2012 11:40:41
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : NkZBODU0RDhCQ0ZGMkI1Qz (C:\Users\uzivatel\api-ms-win-servras.exe) -> VYMAZÁNO
[TASK][PREVRUN] {B422426B-2A8D-4C69-AA5B-82C46B9EE2FB} : C:\Windows\system32\pcalua.exe -a C:\Users\uzivatel\Desktop\trillian-v3.1.14.0.exe -d C:\Users\uzivatel\Desktop -> VYMAZÁNO
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112} : NameServer (10.0.0.138) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112} : NameServer (10.0.0.138) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
149.5.18.173 www.google-analytics.com.
149.5.18.173 ad-emea.doubleclick.net.
149.5.18.173 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 53f9c580f117ce06d90382f93d4f26e0
[BSP] e0ce8c07b0b2c25358ba9bc3cecd2a6b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] 3e2f8b6664de1af9967448b7a3c50916
[BSP] 50618788b5102d5596e481aad1bc202f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : uzivatel [Práva správce]
Mód : Odebrat -- Datum : 10/10/2012 11:40:41
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : NkZBODU0RDhCQ0ZGMkI1Qz (C:\Users\uzivatel\api-ms-win-servras.exe) -> VYMAZÁNO
[TASK][PREVRUN] {B422426B-2A8D-4C69-AA5B-82C46B9EE2FB} : C:\Windows\system32\pcalua.exe -a C:\Users\uzivatel\Desktop\trillian-v3.1.14.0.exe -d C:\Users\uzivatel\Desktop -> VYMAZÁNO
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112} : NameServer (10.0.0.138) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112} : NameServer (10.0.0.138) -> NEBYLO ODSTRANĚNO, POUŽIJTE DNSFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
149.5.18.173 www.google-analytics.com.
149.5.18.173 ad-emea.doubleclick.net.
149.5.18.173 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 53f9c580f117ce06d90382f93d4f26e0
[BSP] e0ce8c07b0b2c25358ba9bc3cecd2a6b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] 3e2f8b6664de1af9967448b7a3c50916
[BSP] 50618788b5102d5596e481aad1bc202f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Re: Svchost vytezuje na 100%
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : uzivatel [Práva správce]
Mód : Oprava HOSTS -- Datum : 10/10/2012 11:41:37
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
149.5.18.173 www.google-analytics.com.
149.5.18.173 ad-emea.doubleclick.net.
149.5.18.173 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
¤¤¤ Resetovaný HOSTS: ¤¤¤
Dokončeno : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : uzivatel [Práva správce]
Mód : Oprava HOSTS -- Datum : 10/10/2012 11:41:37
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
149.5.18.173 www.google-analytics.com.
149.5.18.173 ad-emea.doubleclick.net.
149.5.18.173 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
¤¤¤ Resetovaný HOSTS: ¤¤¤
Dokončeno : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
Re: Svchost vytezuje na 100%
Jeste poprosim o Delete v AdwCleaneru
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Svchost vytezuje na 100%
lLow\Conduit
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\Vuze_Remote
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1A6175AB-1594-4A17-A229-01EC3BA0555B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1A6175AB-1594-4A17-A229-01EC3BA0555B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10A49B7C-F7AC-477F-B022-88F53EF923F9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17C3A441-5C0A-4701-8C4F-733C69F69338}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96D9CD92-8EEE-4C5B-844A-28712AAF8F9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Opera v11.50.1074.0
File : C:\Users\uzivatel\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [5725 octets] - [09/10/2012 19:14:37]
AdwCleaner[S1].txt - [4710 octets] - [10/10/2012 11:48:11]
########## EOF - C:\AdwCleaner[S1].txt - [4770 octets] ##########
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\Vuze_Remote
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1A6175AB-1594-4A17-A229-01EC3BA0555B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1A6175AB-1594-4A17-A229-01EC3BA0555B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10A49B7C-F7AC-477F-B022-88F53EF923F9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17C3A441-5C0A-4701-8C4F-733C69F69338}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96D9CD92-8EEE-4C5B-844A-28712AAF8F9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Opera v11.50.1074.0
File : C:\Users\uzivatel\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [5725 octets] - [09/10/2012 19:14:37]
AdwCleaner[S1].txt - [4710 octets] - [10/10/2012 11:48:11]
########## EOF - C:\AdwCleaner[S1].txt - [4770 octets] ##########
Re: Svchost vytezuje na 100%
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Svchost vytezuje na 100%
ComboFix 12-10-10.02 - uzivatel 10.10.2012 17:45:05.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4060.2335 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ms00037F1D.dat
c:\users\uzivatel\AppData\Local\keylog.dat
c:\users\uzivatel\AppData\Roaming\uzivatel-wchelper.dll
c:\users\uzivatel\AppData\Roaming\WinDef.exe
c:\users\uzivatel\AppData\Roaming\winlogon.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
E:\Autorun.inf
E:\Setup.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-10 do 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 15:48 . 2012-10-10 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 09:46 . 2012-10-10 09:46 -------- d-----w- c:\users\LogMeInRemoteUser
2012-10-10 09:45 . 2012-10-10 09:45 -------- d-----w- c:\users\uzivatel\AppData\Local\LogMeIn
2012-10-10 09:45 . 2012-07-05 16:11 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-10-10 09:45 . 2012-07-05 16:10 59808 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-10-10 09:45 . 2012-07-05 16:10 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-10-10 09:45 . 2012-06-08 10:06 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-10-10 09:45 . 2012-07-05 16:10 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-10 09:45 . 2012-10-10 09:45 -------- d-----w- c:\programdata\LogMeIn
2012-10-10 09:44 . 2012-10-10 09:45 -------- d-----w- c:\program files (x86)\LogMeIn
2012-10-10 09:43 . 2012-10-10 09:43 -------- d-----w- c:\users\uzivatel\AppData\Local\Apps
2012-10-10 09:43 . 2012-10-10 09:43 -------- d-----w- c:\users\uzivatel\AppData\Local\Deployment
2012-10-10 07:04 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6611074-0237-407E-857E-699B88EDB32B}\mpengine.dll
2012-10-09 13:20 . 2012-10-09 13:25 -------- d-----w- c:\program files\trend micro
2012-10-09 13:20 . 2012-10-09 13:21 -------- d-----w- C:\rsit
2012-10-09 07:05 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-05 13:37 . 2012-10-02 09:08 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{930BA5C8-1A9B-4639-8CE3-9578D96E9621}\gapaengine.dll
2012-10-05 13:24 . 2012-10-05 23:35 -------- d-----w- c:\users\uzivatel\AppData\Roaming\dclogs
2012-10-04 04:33 . 2012-10-05 19:41 -------- d-----w- c:\users\uzivatel\AppData\Roaming\get_iplayer
2012-10-01 21:14 . 2012-10-01 21:14 639488 --sha-r- C:\api-ms-win-servras.exe
2012-09-26 12:36 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-12 12:57 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:57 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:57 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 12:57 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 12:57 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:57 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:57 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-02 09:08 . 2011-08-21 13:06 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-13 01:02 . 2011-07-18 17:05 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-18 18:15 . 2012-08-15 09:32 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-05 2493552]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2011-01-25 5893488]
"SMART SNMP Agent"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2011-01-25 1678704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-18 1255736]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-18 819976]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-06-08 87368]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-05 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2011-01-25 13168]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2011-01-25 16368]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2011-01-25 24944]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 20:39]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 20:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112}: NameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-10-10 17:50:53
ComboFix-quarantined-files.txt 2012-10-10 15:50
.
Před spuštěním: Volných bajtů: 406 968 070 144
Po spuštění: Volných bajtů: 406 650 138 624
.
- - End Of File - - 240F1057F1822324044F317A02879335
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4060.2335 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ms00037F1D.dat
c:\users\uzivatel\AppData\Local\keylog.dat
c:\users\uzivatel\AppData\Roaming\uzivatel-wchelper.dll
c:\users\uzivatel\AppData\Roaming\WinDef.exe
c:\users\uzivatel\AppData\Roaming\winlogon.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
E:\Autorun.inf
E:\Setup.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-10 do 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 15:48 . 2012-10-10 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 09:46 . 2012-10-10 09:46 -------- d-----w- c:\users\LogMeInRemoteUser
2012-10-10 09:45 . 2012-10-10 09:45 -------- d-----w- c:\users\uzivatel\AppData\Local\LogMeIn
2012-10-10 09:45 . 2012-07-05 16:11 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-10-10 09:45 . 2012-07-05 16:10 59808 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-10-10 09:45 . 2012-07-05 16:10 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-10-10 09:45 . 2012-06-08 10:06 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-10-10 09:45 . 2012-07-05 16:10 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-10 09:45 . 2012-10-10 09:45 -------- d-----w- c:\programdata\LogMeIn
2012-10-10 09:44 . 2012-10-10 09:45 -------- d-----w- c:\program files (x86)\LogMeIn
2012-10-10 09:43 . 2012-10-10 09:43 -------- d-----w- c:\users\uzivatel\AppData\Local\Apps
2012-10-10 09:43 . 2012-10-10 09:43 -------- d-----w- c:\users\uzivatel\AppData\Local\Deployment
2012-10-10 07:04 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6611074-0237-407E-857E-699B88EDB32B}\mpengine.dll
2012-10-09 13:20 . 2012-10-09 13:25 -------- d-----w- c:\program files\trend micro
2012-10-09 13:20 . 2012-10-09 13:21 -------- d-----w- C:\rsit
2012-10-09 07:05 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-05 13:37 . 2012-10-02 09:08 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{930BA5C8-1A9B-4639-8CE3-9578D96E9621}\gapaengine.dll
2012-10-05 13:24 . 2012-10-05 23:35 -------- d-----w- c:\users\uzivatel\AppData\Roaming\dclogs
2012-10-04 04:33 . 2012-10-05 19:41 -------- d-----w- c:\users\uzivatel\AppData\Roaming\get_iplayer
2012-10-01 21:14 . 2012-10-01 21:14 639488 --sha-r- C:\api-ms-win-servras.exe
2012-09-26 12:36 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-12 12:57 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:57 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:57 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 12:57 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 12:57 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:57 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:57 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-02 09:08 . 2011-08-21 13:06 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-13 01:02 . 2011-07-18 17:05 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 19:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-18 18:15 . 2012-08-15 09:32 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-05 2493552]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2011-01-25 5893488]
"SMART SNMP Agent"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2011-01-25 1678704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-18 1255736]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-18 819976]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-06-08 87368]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-05 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2011-01-25 13168]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2011-01-25 16368]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2011-01-25 24944]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 20:39]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 20:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C4D465D1-4526-4E3F-AE0E-D3E85785C112}: NameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-10-10 17:50:53
ComboFix-quarantined-files.txt 2012-10-10 15:50
.
Před spuštěním: Volných bajtů: 406 968 070 144
Po spuštění: Volných bajtů: 406 650 138 624
.
- - End Of File - - 240F1057F1822324044F317A02879335
Re: Svchost vytezuje na 100%
Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)
- Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
- Spustte a kliknete na Deletion
- Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Svchost vytezuje na 100%
############################## | UsbFix 7.059 | [Deletion]
User: uzivatel (Administrator) # NOVEPC [Gigabyte Technology Co., Ltd. G41MT-S2]
Updated 16/09/2011 by El Desaparecido
Started at 19:20:26 | 10/10/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com
CPU: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz
CPU 2: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz
Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 9.0.8112.16421
Windows Firewall: Enabled
RAM -> 4060 Mb
C:\ (%systemdrive%) -> Fixed drive # 466 Gb (379 Mb free - 81%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 932 Gb (114 Mb free - 12%) [FreeAgent Drive] # NTFS
F:\ -> CD-ROM
################## | Files # Infected Folders |
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-3000674186-2036076626-232111718-1000
Deleted ! E:\$RECYCLE.BIN\S-1-5-21-3000674186-2036076626-232111718-1000
Deleted ! E:\Recycler\S-1-5-21-1078081533-362288127-1801674531-1004
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
################## | Listing |
[10/10/2012 - 19:22:49 | SHD ] C:\$RECYCLE.BIN
[10/10/2012 - 11:45:07 | N | 1024] C:\.rnd
[23/07/2012 - 12:53:08 | D ] C:\Administrator's Guide
[09/10/2012 - 19:15:23 | N | 5725] C:\AdwCleaner[R1].txt
[10/10/2012 - 11:48:17 | N | 4835] C:\AdwCleaner[S1].txt
[01/10/2012 - 23:14:13 | | 639488] C:\api-ms-win-servras.exe
[10/10/2012 - 17:50:54 | N | 13495] C:\ComboFix.txt
[18/07/2011 - 18:22:24 | N | 180] C:\csb.log
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[10/10/2012 - 11:49:49 | ASH | 3193298944] C:\hiberfil.sys
[18/07/2011 - 18:20:42 | D ] C:\Intel
[18/07/2011 - 18:26:40 | RD ] C:\MSOCache
[10/10/2012 - 11:49:52 | ASH | 4257734656] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[31/07/2011 - 17:30:53 | D ] C:\Perl
[09/10/2012 - 15:20:16 | D ] C:\Program Files
[10/10/2012 - 11:48:13 | D ] C:\Program Files (x86)
[10/10/2012 - 17:48:16 | D ] C:\ProgramData
[10/10/2012 - 17:50:56 | D ] C:\Qoobox
[18/07/2011 - 18:09:08 | D ] C:\Recovery
[09/10/2012 - 15:21:07 | D ] C:\rsit
[10/10/2012 - 11:44:38 | SHD ] C:\System Volume Information
[23/07/2012 - 12:40:42 | D ] C:\Temp
[18/07/2011 - 18:27:48 | D ] C:\totalcmd
[10/10/2012 - 19:22:49 | D ] C:\UsbFix
[10/10/2012 - 19:20:27 | A | 2793] C:\UsbFix.txt
[10/10/2012 - 11:46:53 | D ] C:\Users
[10/10/2012 - 17:50:55 | D ] C:\Windows
[10/10/2012 - 19:22:49 | D ] E:\$RECYCLE.BIN
[21/07/2011 - 11:25:49 | D ] E:\.ZALOHA
[10/04/2012 - 17:49:28 | D ] E:\2011
[25/09/2012 - 00:09:26 | D ] E:\2012
[26/11/2010 - 17:40:41 | D ] E:\CHATA - smlouvy a vše kolem
[11/01/2011 - 19:59:35 | D ] E:\DISCOGRAPHIES (or most important recordings)
[26/11/2010 - 17:39:40 | D ] E:\DOMEK
[19/08/2012 - 19:45:39 | D ] E:\FILMY new ones
[09/10/2012 - 22:05:20 | D ] E:\FOTKY z PLOCHY
[25/09/2009 - 22:18:08 | N | 44902] E:\FreeAgentDesktopNext.ico
[26/11/2010 - 20:24:15 | D ] E:\From the Basement
[09/04/2011 - 21:42:35 | D ] E:\Hunter Amendola TJKirk
[25/11/2010 - 11:57:01 | D ] E:\MY HITS
[06/03/2012 - 00:33:40 | D ] E:\NEROZBALENE
[06/12/2010 - 20:04:12 | N | 26072956] E:\Original Jingle Bells Animation Clip.avi
[19/12/2010 - 21:49:01 | N | 53477564] E:\Partly Cloudy.avi
[19/09/2011 - 19:05:38 | D ] E:\PUVODNI zalozni disk NEMAZAT
[10/10/2012 - 17:46:47 | D ] E:\RECYCLER
[01/10/2009 - 12:17:08 | D ] E:\Seagate
[05/09/2010 - 14:01:02 | D ] E:\Seagate Backup
[31/12/2010 - 20:56:10 | D ] E:\SINGLES cerstve 2010
[03/07/2011 - 15:13:43 | D ] E:\sMART SOUBORY
[05/09/2010 - 13:52:02 | SHD ] E:\System Volume Information
[05/10/2012 - 00:21:40 | N | 0] E:\System Volume Information.lnk
[31/07/2011 - 20:25:00 | D ] E:\Temp
[09/10/2012 - 21:07:19 | D ] E:\tmp
[29/01/2011 - 19:36:32 | D ] E:\Zaloha M.Novak 30.1.011
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
E:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_NOVEPC.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.
User: uzivatel (Administrator) # NOVEPC [Gigabyte Technology Co., Ltd. G41MT-S2]
Updated 16/09/2011 by El Desaparecido
Started at 19:20:26 | 10/10/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com
CPU: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz
CPU 2: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz
Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 9.0.8112.16421
Windows Firewall: Enabled
RAM -> 4060 Mb
C:\ (%systemdrive%) -> Fixed drive # 466 Gb (379 Mb free - 81%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 932 Gb (114 Mb free - 12%) [FreeAgent Drive] # NTFS
F:\ -> CD-ROM
################## | Files # Infected Folders |
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-3000674186-2036076626-232111718-1000
Deleted ! E:\$RECYCLE.BIN\S-1-5-21-3000674186-2036076626-232111718-1000
Deleted ! E:\Recycler\S-1-5-21-1078081533-362288127-1801674531-1004
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
################## | Listing |
[10/10/2012 - 19:22:49 | SHD ] C:\$RECYCLE.BIN
[10/10/2012 - 11:45:07 | N | 1024] C:\.rnd
[23/07/2012 - 12:53:08 | D ] C:\Administrator's Guide
[09/10/2012 - 19:15:23 | N | 5725] C:\AdwCleaner[R1].txt
[10/10/2012 - 11:48:17 | N | 4835] C:\AdwCleaner[S1].txt
[01/10/2012 - 23:14:13 | | 639488] C:\api-ms-win-servras.exe
[10/10/2012 - 17:50:54 | N | 13495] C:\ComboFix.txt
[18/07/2011 - 18:22:24 | N | 180] C:\csb.log
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[10/10/2012 - 11:49:49 | ASH | 3193298944] C:\hiberfil.sys
[18/07/2011 - 18:20:42 | D ] C:\Intel
[18/07/2011 - 18:26:40 | RD ] C:\MSOCache
[10/10/2012 - 11:49:52 | ASH | 4257734656] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[31/07/2011 - 17:30:53 | D ] C:\Perl
[09/10/2012 - 15:20:16 | D ] C:\Program Files
[10/10/2012 - 11:48:13 | D ] C:\Program Files (x86)
[10/10/2012 - 17:48:16 | D ] C:\ProgramData
[10/10/2012 - 17:50:56 | D ] C:\Qoobox
[18/07/2011 - 18:09:08 | D ] C:\Recovery
[09/10/2012 - 15:21:07 | D ] C:\rsit
[10/10/2012 - 11:44:38 | SHD ] C:\System Volume Information
[23/07/2012 - 12:40:42 | D ] C:\Temp
[18/07/2011 - 18:27:48 | D ] C:\totalcmd
[10/10/2012 - 19:22:49 | D ] C:\UsbFix
[10/10/2012 - 19:20:27 | A | 2793] C:\UsbFix.txt
[10/10/2012 - 11:46:53 | D ] C:\Users
[10/10/2012 - 17:50:55 | D ] C:\Windows
[10/10/2012 - 19:22:49 | D ] E:\$RECYCLE.BIN
[21/07/2011 - 11:25:49 | D ] E:\.ZALOHA
[10/04/2012 - 17:49:28 | D ] E:\2011
[25/09/2012 - 00:09:26 | D ] E:\2012
[26/11/2010 - 17:40:41 | D ] E:\CHATA - smlouvy a vše kolem
[11/01/2011 - 19:59:35 | D ] E:\DISCOGRAPHIES (or most important recordings)
[26/11/2010 - 17:39:40 | D ] E:\DOMEK
[19/08/2012 - 19:45:39 | D ] E:\FILMY new ones
[09/10/2012 - 22:05:20 | D ] E:\FOTKY z PLOCHY
[25/09/2009 - 22:18:08 | N | 44902] E:\FreeAgentDesktopNext.ico
[26/11/2010 - 20:24:15 | D ] E:\From the Basement
[09/04/2011 - 21:42:35 | D ] E:\Hunter Amendola TJKirk
[25/11/2010 - 11:57:01 | D ] E:\MY HITS
[06/03/2012 - 00:33:40 | D ] E:\NEROZBALENE
[06/12/2010 - 20:04:12 | N | 26072956] E:\Original Jingle Bells Animation Clip.avi
[19/12/2010 - 21:49:01 | N | 53477564] E:\Partly Cloudy.avi
[19/09/2011 - 19:05:38 | D ] E:\PUVODNI zalozni disk NEMAZAT
[10/10/2012 - 17:46:47 | D ] E:\RECYCLER
[01/10/2009 - 12:17:08 | D ] E:\Seagate
[05/09/2010 - 14:01:02 | D ] E:\Seagate Backup
[31/12/2010 - 20:56:10 | D ] E:\SINGLES cerstve 2010
[03/07/2011 - 15:13:43 | D ] E:\sMART SOUBORY
[05/09/2010 - 13:52:02 | SHD ] E:\System Volume Information
[05/10/2012 - 00:21:40 | N | 0] E:\System Volume Information.lnk
[31/07/2011 - 20:25:00 | D ] E:\Temp
[09/10/2012 - 21:07:19 | D ] E:\tmp
[29/01/2011 - 19:36:32 | D ] E:\Zaloha M.Novak 30.1.011
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
E:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_NOVEPC.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.
Re: Svchost vytezuje na 100%
Btw, koukal sem na procesy a svchost uz tam nezlobi.
Přispějete na provoz fóra?